[Users] ovirt-engine certs
Alon Bar-Lev
alonbl at redhat.com
Tue Mar 11 07:27:00 UTC 2014
3.1 upgrade was never actually supported if I remember correctly, so you may experience other issues as well.
But you can try the following sequence:
1. Move all hosts into maintenance via webadmin.
2. Stop ovirt-engine.
3. Backup your computer and database.
4. Remove /etc/pki/ovirt-engine/ca.pem
5. Run engine-setup.
6. Set new administrator password:
# engine-config -s AdminPassword=interactive
7. Restart ovirt-engine
8. Re-install all hosts via webadmin.
----- Original Message -----
> From: "Thomas Scofield" <tscofield at gmail.com>
> To: "users" <users at ovirt.org>
> Sent: Tuesday, March 11, 2014 7:13:27 AM
> Subject: [Users] ovirt-engine certs
>
>
>
> How can I regenerate the ovirt engine CA certs and corresponding vdsm certs?
> I have an ovirt setup that I’m upgrading from 3.2.0 (from the dre repos) to
> 3.2.3 and I am getting the certificate errors listed below after the
> upgrade. I have done this same upgrade on an number of other ovirt-engines
> with no issue. The setup had originally been installed with ovirt 3.1 so it
> possible that some of the certificate configurations from 3.1 are still
> present on this ovirt-engine and it is contributing to the problem. For
> example, I noticed that the /etc/pki/ovirt-engine/cacert.conf file on this
> troublesome upgrade has “default_bits = rsa:1024”, but the systems that
> upgraded successfully have “default_bits = rsa:2048”. The same is true for
> the cert.conf file.
>
>
>
> Engine.log
>
> 2014-03-10 17:10:28,954 ERROR
> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
> (DefaultQuartzScheduler_Worker-2) vds::refreshVdsStats Failed getVdsStats,
> vds = a7459d21-b5a6-4330-9897-f2018c9a1776 : vm1, error =
> VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal
> alert: bad_certificate
>
>
>
> Vdsm.log
>
> BindingXMLRPC::ERROR::2014-03-10
> 20:58:00,871::SecureXMLRPCServer::97::root::(verify) invalid client
> certificate with subject "/C=US/O=
> example.com/CN=CA-ovirt1.example.com.30758 "
>
> BindingXMLRPC::ERROR::2014-03-10
> 20:58:00,872::BindingXMLRPC::72::vds::(threaded_start) xml-rpc handler
> exception
>
> Traceback (most recent call last):
>
> File "/usr/share/vdsm/BindingXMLRPC.py", line 68, in threaded_start
>
> self.server.handle_request()
>
> File "/usr/lib64/python2.6/SocketServer.py", line 268, in handle_request
>
> self._handle_request_noblock()
>
> File "/usr/lib64/python2.6/SocketServer.py", line 278, in
> _handle_request_noblock
>
> request, client_address = self.get_request()
>
> File "/usr/lib64/python2.6/SocketServer.py", line 446, in get_request
>
> return self.socket.accept()
>
> File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line
> 116, in accept
>
> client, address = self.connection.accept()
>
> File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
> 167, in accept
>
> ssl.accept_ssl()
>
> File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
> 156, in accept_ssl
>
> return m2.ssl_accept(self.ssl, self._timeout)
>
> SSLError: no certificate returned
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list