VDSM myhost.example.local command Get Host Capabilities failed: Received fatal alert: certificate_expired
Hi, When starting my ovirt installation again ovirt was not working and after some troubleshooting it seemed that some certs where expired. So I basically did this redhat solution: https://access.redhat.com/solutions/6964632 And afterwards I had this in the UI: sun.security.validator.validatorexception: pkix path validation failed So tried this: https://lists.ovirt.org/archives/list/users@ovirt.org/thread/ZI5WNU6OB6FZMQN... Now I do get to the ovirt UI however the datacenter and storage is not coming up. I see in the events: VDSM myhost.example.local command Get Host Capabilities failed: Received fatal alert: certificate_expired On the vdsmd side on the host I see: ERROR ssl handshake: SSLError, address: ::ffff:192.168.1.109 I don't know to which service it tries to connect and so what certificate is expired or how to replace it. I just want to get the ovirt back up and running properly so I can start my VMs. Thanks in advance.
Ok got it solved with all the responses here /s ;p Just hope it will help someone else so sending an update. If you have RH access you can follow this: https://access.redhat.com/solutions/6974830 Run cert_date.sh script on your hosted_engine. It will show the expiry of certificates on your hosted_engine and the hypervisor host itself. Based on that you can see what the appropriate way forward. Run /root/singlehost.sh hypervisor-hostname (had to run it with the -f option IIRC) This fixed the VDSM certs (Host certificates) and some of the RHV-M certificates (it didn't for the certs in /etc/pki/ovirt-engine/certs/) To fix those certificates I used: https://access.redhat.com/solutions/6865861 hosted-engine --set-maintenance --mode=global ## on the host engine-setup --offline ## on the hosted_engine VM Make sure to say Yes to the question to regenerate certs. I still got an error during the engine-setup script about it not being set to Global Maintenance mode (which I certainly did). The issue is described here: https://access.redhat.com/solutions/2689961 /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "UPDATE vds_statistics SET ha_global_maintenance ='t'" After this rerun the engine-setup --offline script. Now disable the global maintenance mode again. hosted-engine --set-maintenance --mode=none Another one that might help: https://access.redhat.com/solutions/3532921 On Wed, 4 Jan 2023 at 00:06, PenguinWhispererThe < th3penguinwhisperer@gmail.com> wrote:
Hi,
When starting my ovirt installation again ovirt was not working and after some troubleshooting it seemed that some certs where expired.
So I basically did this redhat solution: https://access.redhat.com/solutions/6964632
And afterwards I had this in the UI:
sun.security.validator.validatorexception: pkix path validation failed
So tried this:
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/ZI5WNU6OB6FZMQN...
Now I do get to the ovirt UI however the datacenter and storage is not coming up. I see in the events: VDSM myhost.example.local command Get Host Capabilities failed: Received fatal alert: certificate_expired
On the vdsmd side on the host I see: ERROR ssl handshake: SSLError, address: ::ffff:192.168.1.109
I don't know to which service it tries to connect and so what certificate is expired or how to replace it.
I just want to get the ovirt back up and running properly so I can start my VMs.
Thanks in advance.
participants (1)
-
PenguinWhispererThe