[Users] ovirt-engine certs

Thomas Scofield tscofield at gmail.com
Tue Mar 11 05:13:27 UTC 2014 

How can I regenerate the ovirt engine CA certs and corresponding vdsm
certs?  I have an ovirt setup that I'm upgrading from 3.2.0 (from the dre
repos) to 3.2.3 and I am getting the certificate errors listed below after
the upgrade.  I have done this same upgrade on an number of other
ovirt-engines with no issue.  The setup had originally been installed with
ovirt 3.1 so it possible that some of the certificate configurations from
3.1 are still present on this ovirt-engine and it is contributing to the
problem.  For example, I noticed that the /etc/pki/ovirt-engine/cacert.conf
file on this troublesome upgrade has "default_bits = rsa:1024", but the
systems that upgraded successfully have "default_bits = rsa:2048".  The
same is true for the cert.conf file.



Engine.log

2014-03-10 17:10:28,954 ERROR
[org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
(DefaultQuartzScheduler_Worker-2) vds::refreshVdsStats Failed getVdsStats,
vds = a7459d21-b5a6-4330-9897-f2018c9a1776 : vm1, error =
VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal
alert: bad_certificate



Vdsm.log

BindingXMLRPC::ERROR::2014-03-10
20:58:00,871::SecureXMLRPCServer::97::root::(verify) invalid client
certificate with subject "/C=US/O=example.com/CN=CA-ovirt1.example.com.30758
"

BindingXMLRPC::ERROR::2014-03-10
20:58:00,872::BindingXMLRPC::72::vds::(threaded_start) xml-rpc handler
exception

Traceback (most recent call last):

  File "/usr/share/vdsm/BindingXMLRPC.py", line 68, in threaded_start

    self.server.handle_request()

  File "/usr/lib64/python2.6/SocketServer.py", line 268, in handle_request

    self._handle_request_noblock()

  File "/usr/lib64/python2.6/SocketServer.py", line 278, in
_handle_request_noblock

    request, client_address = self.get_request()

  File "/usr/lib64/python2.6/SocketServer.py", line 446, in get_request

    return self.socket.accept()

  File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py",
line 116, in accept

    client, address = self.connection.accept()

  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py",
line 167, in accept

    ssl.accept_ssl()

  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py",
line 156, in accept_ssl

    return m2.ssl_accept(self.ssl, self._timeout)

SSLError: no certificate returned
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140311/689bc213/attachment-0001.html>

More information about the Users mailing list