<div dir="ltr">Further to the logs sent, on the nodes I'm also seeing the following error under /var/log/messages...<div><br></div><div><div>Sep 20 03:43:12 node01 vdsm root ERROR invalid client certificate with subject "/C=US/O=UKDM/CN=<a href="http://engine01.mydomain.za">engine01.mydomain.za</a>"^C</div><div>Sep 20 03:43:12 node01 vdsm vds ERROR xml-rpc handler exception#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start#012 self.server.handle_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request#012 self._handle_request_noblock()#012 File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock#012 request, client_address = self.get_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request#012 return self.socket.accept()#012 File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 136, in accept#012 raise SSL.SSLError("%s, client %s" % (e, address[0]))#012SSLError: no certificate returned, client 10.251.193.5</div></div><div><br></div><div>Not sure if this is any further help in diagnosing the issue?</div><div><br></div><div>Thanks, any assistance is appreciated.</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 21, 2017 at 4:31 PM, Neil <span dir="ltr"><<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Piotr,<div><br></div><div>Thank you for the reply. After sending the email I did go and check the engine one too....</div><div><br></div><div><div>[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -enddate -noout</div><div>notAfter=Oct 13 16:26:46 2022 GMT</div><div><br></div><div>I'm not sure if this one below is meant to verify or if this output is expected?</div><div><br></div><div><div>[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/private/<wbr>ca.pem -enddate -noout</div><div>unable to load certificate</div><div>140642165552968:error:<wbr>0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE</div></div><div><br></div><div>My date is correct too Thu Sep 21 16:30:15 SAST 2017</div></div><div><br></div><div>Any ideas?</div><div><br></div><div>Googling surprisingly doesn't come up with much.</div><div><br></div><div>Thank you.</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski <span dir="ltr"><<a href="mailto:piotr.kliczewski@gmail.com" target="_blank">piotr.kliczewski@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Neil,<br>
<br>
You checked both nodes what about the engine? Can you check engine certs?<br>
You can find more info where they are located here [1].<br>
<br>
Thanks,<br>
Piotr<br>
<br>
[1] <a href="https://www.ovirt.org/develop/release-management/features/infra/pki/#ovirt-engine" rel="noreferrer" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/in<wbr>fra/pki/#ovirt-engine</a><br>
<div><div class="m_-3567740440710242170h5"><br>
On Thu, Sep 21, 2017 at 3:26 PM, Neil <<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>> wrote:<br>
> Hi guys,<br>
><br>
> Please could someone assist, my cluster is down and I can't access my vm's<br>
> to switch some of them back on.<br>
><br>
> I'm seeing the following error in the engine.log however I've checked my<br>
> certs on my hosts (as some of the goolge results said to check), but the<br>
> certs haven't expired...<br>
><br>
><br>
> 2017-09-21 15:09:45,077 ERROR<br>
> [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
> (DefaultQuartzScheduler_Worker<wbr>-4) Command GetCapabilitiesVDSCommand(Host<wbr>Name<br>
> = <a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>, HostId = d2debdfe-76e7-40cf-a7fd-78a0f5<wbr>0f14d4,<br>
> vds=Host[<a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>]) execution failed. Exception:<br>
> VDSNetworkException: javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal<br>
> alert: certificate_expired<br>
> 2017-09-21 15:09:45,086 ERROR<br>
> [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
> (DefaultQuartzScheduler_Worker<wbr>-10) Command<br>
> GetCapabilitiesVDSCommand(Host<wbr>Name = <a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>, HostId =<br>
> b108549c-1700-11e2-b936-9f5243<wbr>b8ce13, vds=Host[<a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>])<br>
> execution failed. Exception: VDSNetworkException:<br>
> javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal alert:<br>
> certificate_expired<br>
> 2017-09-21 15:09:48,173 ERROR<br>
><br>
> My engine and host info is below...<br>
><br>
> [root@engine01 ovirt-engine]# rpm -qa | grep -i ovirt<br>
> ovirt-engine-lib-3.4.0-1.el6.n<wbr>oarch<br>
> ovirt-engine-restapi-3.4.0-1.e<wbr>l6.noarch<br>
> ovirt-engine-setup-plugin-ovir<wbr>t-engine-3.4.0-1.el6.noarch<br>
> ovirt-engine-3.4.0-1.el6.noarc<wbr>h<br>
> ovirt-engine-setup-plugin-webs<wbr>ocket-proxy-3.4.0-1.el6.noarch<br>
> ovirt-host-deploy-java-1.2.0-1<wbr>.el6.noarch<br>
> ovirt-engine-setup-3.4.0-1.el6<wbr>.noarch<br>
> ovirt-host-deploy-1.2.0-1.el6.<wbr>noarch<br>
> ovirt-engine-backend-3.4.0-1.e<wbr>l6.noarch<br>
> ovirt-image-uploader-3.4.0-1.e<wbr>l6.noarch<br>
> ovirt-engine-tools-3.4.0-1.el6<wbr>.noarch<br>
> ovirt-engine-sdk-python-3.4.0.<wbr>7-1.el6.noarch<br>
> ovirt-engine-webadmin-portal-3<wbr>.4.0-1.el6.noarch<br>
> ovirt-engine-cli-3.4.0.5-1.el6<wbr>.noarch<br>
> ovirt-engine-setup-base-3.4.0-<wbr>1.el6.noarch<br>
> ovirt-iso-uploader-3.4.0-1.el6<wbr>.noarch<br>
> ovirt-engine-userportal-3.4.0-<wbr>1.el6.noarch<br>
> ovirt-log-collector-3.4.1-1.el<wbr>6.noarch<br>
> ovirt-engine-websocket-proxy-3<wbr>.4.0-1.el6.noarch<br>
> ovirt-engine-setup-plugin-ovir<wbr>t-engine-common-3.4.0-1.el6.<wbr>noarch<br>
> ovirt-engine-dbscripts-3.4.0-1<wbr>.el6.noarch<br>
> [root@engine01 ovirt-engine]# cat /etc/redhat-release<br>
> CentOS release 6.5 (Final)<br>
><br>
><br>
> [root@node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em -enddate<br>
> -noout ; date<br>
> notAfter=May 27 08:36:17 2019 GMT<br>
> Thu Sep 21 15:18:22 SAST 2017<br>
> CentOS release 6.5 (Final)<br>
> [root@node02 ~]# rpm -qa | grep vdsm<br>
> vdsm-4.14.6-0.el6.x86_64<br>
> vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
> vdsm-cli-4.14.6-0.el6.noarch<br>
> vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
> vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
><br>
><br>
> [root@node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em -enddate<br>
> -noout ; date<br>
> notAfter=Jun 13 16:09:41 2018 GMT<br>
> Thu Sep 21 15:18:52 SAST 2017<br>
> CentOS release 6.5 (Final)<br>
> [root@node01 ~]# rpm -qa | grep -i vdsm<br>
> vdsm-4.14.6-0.el6.x86_64<br>
> vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
> vdsm-cli-4.14.6-0.el6.noarch<br>
> vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
> vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
><br>
> Please could I have some assistance, I'm rater desperate.<br>
><br>
> Thank you.<br>
><br>
> Regards.<br>
><br>
> Neil Wilson<br>
><br>
><br>
><br>
</div></div>> ______________________________<wbr>_________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
><br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>