<div dir="ltr">Thank you everyone.<div><br></div><div>I&#39;ve updated to ovirt-engine-3.5.6.2-1 and this has resolved the problem as it renewed my certs on engine-setup.</div><div><br></div><div>Much appreciated!</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 22, 2017 at 3:18 PM, Neil <span dir="ltr">&lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Sandro. <div><br></div><div>I&#39;ll get cracking and report back if it fixed it.<div><br></div><div>Thanks for all the help everyone.</div><div><br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 22, 2017 at 3:14 PM, Sandro Bonazzola <span dir="ltr">&lt;<a href="mailto:sbonazzo@redhat.com" target="_blank">sbonazzo@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>2017-09-22 15:07 GMT+02:00 Neil <span dir="ltr">&lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Thanks for the guidance everyone.</div><div><br></div><div>I&#39;ve upgraded my engine now to ovirt-engine-3.4.4-1 but I&#39;ve still got the same error unfortunately. Below is the output of the upgrade. Should this have fixed the issue or do I need to upgrade to 3.5 etc?</div></div></blockquote><div><br></div></span><div>I think you&#39;ll need 3.5.4 at least: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1214860" target="_blank">https://bugzilla.redhat<wbr>.com/show_bug.cgi?id=1214860</a> </div><div><div class="m_4388887520766938697h5"><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><div>[ INFO  ] Stage: Initializing</div><div>[ INFO  ] Stage: Environment setup</div><div>          Configuration files: [&#39;/etc/ovirt-engine-setup.conf<wbr>.d/10-packaging.conf&#39;, &#39;/etc/ovirt-engine-setup.conf.<wbr>d/20-setup-ovirt-post.conf&#39;]</div><div>          Log file: /var/log/ovirt-engine/setup/ov<wbr>irt-engine-setup-2017092212552<wbr>6-vw5khx.log</div><div>          Version: otopi-1.2.3 (otopi-1.2.3-1.el6)</div><div>[ INFO  ] Stage: Environment packages setup</div><div>[ INFO  ] Yum Downloading: repomdPLa0LXtmp.xml (0%)</div><div>[ INFO  ] Stage: Programs detection</div><div>[ INFO  ] Stage: Environment setup</div><div>[ INFO  ] Stage: Environment customization</div><div>         </div><div>          --== PRODUCT OPTIONS ==--</div><div>         </div><div>         </div><div>          --== PACKAGES ==--</div><div>         </div><div>[ INFO  ] Checking for product updates...</div><div>          Setup has found updates for some packages, do you wish to update them now? (Yes, No) [Yes]: </div><div>[ INFO  ] Checking for an update for Setup...</div><div>         </div><div>          --== NETWORK CONFIGURATION ==--</div><div>         </div><div>[WARNING] Failed to resolve <a href="http://engine01.mydomain.za" target="_blank">engine01.mydomain.za</a> using DNS, it can be resolved only locally</div><div>          Setup can automatically configure the firewall on this system.</div><div>          Note: automatic configuration of the firewall may overwrite current settings.</div><div>          Do you want Setup to configure the firewall? (Yes, No) [Yes]: no</div><div>         </div><div>          --== DATABASE CONFIGURATION ==--</div><div>         </div><div>         </div><div>          --== OVIRT ENGINE CONFIGURATION ==--</div><div>         </div><div>          Skipping storing options as database already prepared</div><div>         </div><div>          --== PKI CONFIGURATION ==--</div><div>         </div><div>          PKI is already configured</div><div>         </div><div>          --== APACHE CONFIGURATION ==--</div><div>         </div><div>         </div><div>          --== SYSTEM CONFIGURATION ==--</div><div>         </div><div>         </div><div>          --== MISC CONFIGURATION ==--</div><div>         </div><div>         </div><div>          --== END OF CONFIGURATION ==--</div><div>         </div><div>[ INFO  ] Stage: Setup validation</div><div>          During execution engine service will be stopped (OK, Cancel) [OK]: </div><div>[WARNING] Less than 16384MB of memory is available</div><div>[ INFO  ] Cleaning stale zombie tasks</div><div>         </div><div>          --== CONFIGURATION PREVIEW ==--</div><div>         </div><div>          Engine database name                    : engine</div><div>          Engine database secured connection      : False</div><div>          Engine database host                    : localhost</div><div>          Engine database user name               : engine</div><div>          Engine database host name validation    : False</div><div>          Engine database port                    : 5432</div><div>          Datacenter storage type                 : False</div><div>          Update Firewall                         : False</div><div>          Configure WebSocket Proxy               : True</div><div>          Host FQDN                               : <a href="http://engine01.mydomain.za" target="_blank">engine01.mydomain.za</a></div><div>          Upgrade packages                        : True</div><div>         </div><div>          Please confirm installation settings (OK, Cancel) [OK]: </div><div>[ INFO  ] Cleaning async tasks and compensations</div><div>[ INFO  ] Checking the Engine database consistency</div><div>[ INFO  ] Stage: Transaction setup</div><div>[ INFO  ] Stopping engine service</div><div>[ INFO  ] Stopping websocket-proxy service</div><div>[ INFO  ] Stage: Misc configuration</div><div>[ INFO  ] Stage: Package installation</div><div>[ INFO  ] Yum Status: Downloading Packages</div><div>[ INFO  ] Yum Download/Verify: ovirt-engine-3.4.4-1.el6.noarc<wbr>h</div><div>[ INFO  ] Yum Downloading: (2/13): ovirt-engine-backend-3.4.4-1.e<wbr>l6.noarch.rpm 2.0 M(19%)</div><div>[ INFO  ] Yum Downloading: (2/13): ovirt-engine-backend-3.4.4-1.e<wbr>l6.noarch.rpm 4.3 M(41%)</div><div>[ INFO  ] Yum Downloading: (2/13): ovirt-engine-backend-3.4.4-1.e<wbr>l6.noarch.rpm 6.3 M(60%)</div><div>[ INFO  ] Yum Downloading: (2/13): ovirt-engine-backend-3.4.4-1.e<wbr>l6.noarch.rpm 8.9 M(85%)</div><div>[ INFO  ] Yum Download/Verify: ovirt-engine-backend-3.4.4-1.e<wbr>l6.noarch</div><div>[ INFO  ] Yum Download/Verify: ovirt-engine-dbscripts-3.4.4-1<wbr>.el6.noarch</div><div>(I&#39;ve taken out all the downloading progress)</div><div><br></div><div>[ INFO  ] Yum Verify: 26/26: ovirt-engine-backend.noarch 0:3.4.0-1.el6 - ud</div><div>[ INFO  ] Stage: Misc configuration</div><div>[ INFO  ] Backing up database localhost:engine to &#39;/var/lib/ovirt-engine/backups<wbr>/engine-20170922143709.m_8fr_.<wbr>dump&#39;.</div><div>[ INFO  ] Updating Engine database schema</div><div>[ INFO  ] Generating post install configuration file &#39;/etc/ovirt-engine-setup.conf.<wbr>d/20-setup-ovirt-post.conf&#39;</div><div>[ INFO  ] Stage: Transaction commit</div><div>[ INFO  ] Stage: Closing up</div><div>         </div><div>          --== SUMMARY ==--</div><div>         </div><div>[WARNING] Less than 16384MB of memory is available</div><div>          SSH fingerprint: 86:C7:AA:35:45:E9:83:3E:16:C9:<wbr>2A:F5:68:52:68:84</div><div>          Internal CA EE:91:B3:E7:40:D7:DD:A7:DD:77:<wbr>9C:3B:D5:A1:E7:BE:E2:C9:8B:AA</div><div>          Web access is enabled at:</div><div>              <a href="http://engine01.mydomain.za:80/ovirt-engine" target="_blank">http://engine01.mydomain.za:80<wbr>/ovirt-engine</a></div><div>              <a href="https://engine01.mydomain.za:443/ovirt-engine" target="_blank">https://engine01.mydomain.za:4<wbr>43/ovirt-engine</a></div><div>          In order to configure firewalld, copy the files from</div><div>              /etc/ovirt-engine/firewalld to /etc/firewalld/services</div><div>              and execute the following commands:</div><div>              firewall-cmd -service ovirt-postgres</div><div>              firewall-cmd -service ovirt-https</div><div>              firewall-cmd -service ovirt-websocket-proxy</div><div>              firewall-cmd -service ovirt-http</div><div>          The following network ports should be opened:</div><div>              tcp:443</div><div>              tcp:5432</div><div>              tcp:6100</div><div>              tcp:80</div><div>          An example of the required configuration for iptables can be found at:</div><div>              /etc/ovirt-engine/iptables.exa<wbr>mple</div><div>         </div><div>          --== END OF SUMMARY ==--</div><div>         </div><div>[ INFO  ] Starting engine service</div><div>[ INFO  ] Restarting httpd</div><div>[ INFO  ] Stage: Clean up</div><div>          Log file is located at /var/log/ovirt-engine/setup/ov<wbr>irt-engine-setup-2017092212552<wbr>6-vw5khx.log</div><div>[ INFO  ] Generating answer file &#39;/var/lib/ovirt-engine/setup/a<wbr>nswers/<a href="http://20170922143806-setup.co" target="_blank">20170922143806-setup.co</a><wbr>nf&#39;</div><div>[ INFO  ] Stage: Pre-termination</div><div>[ INFO  ] Stage: Termination</div><div>[ INFO  ] Execution of setup completed successfully </div><div><br></div>I&#39;m still seeing the following below, in my engine.log and when I log in, all my VM&#39;s show as unknown.<div><br></div><div>2017-09-22 15:06:06,060 ERROR [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand] (DefaultQuartzScheduler_Worker<wbr>-57) Command GetCapabilitiesVDSCommand(Host<wbr>Name = <a href="http://node02.mydomain.za" target="_blank">node02.mydomain.za</a>, HostId = d2debdfe-76e7-40cf-a7fd-78a0f5<wbr>0f14d4, vds=Host[<a href="http://node02.mydomain.za" target="_blank">node02.mydomain.za</a>,d2<wbr>debdfe-76e7-40cf-a7fd-78a0f50f<wbr>14d4]) execution failed. Exception: VDSNetworkException: javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal alert: certificate_expired</div><div><br></div><div>Any ideas?</div><div><br></div><div>Thanks!<div><div class="m_4388887520766938697m_4897289288977547643gmail-h5"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 22, 2017 at 11:10 AM, Martin Perina <span dir="ltr">&lt;<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-">On Fri, Sep 22, 2017 at 10:58 AM, Neil <span dir="ltr">&lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks Martin and Piotr,<div><br></div><div>Correct, this was a very old installation from the old drey repo that was upgraded gradually over the years.</div><div><br></div><div>I have tried engine-setup yesterday, prior to this looking under /var/log/ovirt-engine/setup it looks like 2014</div><div><br></div><div>I&#39;ve attached a log of the output of running it now, looks like a repo issue with trying to upgrade to the latest 3.4.x release, but not sure what else to look for?</div></div></blockquote></span><div><br><div>​Hmm, it&#39;s so ancient version that oVirt 3.4 mirrors are probably not working anymore. You can either:<br><br></div><div>1. Execute engine-setup --offline to skip updates check or<br></div><div>2. Edit /etc/yum.repos.d/ovirt*.conf files and switch from mirrors to main site <a href="http://resources.ovirt.org" target="_blank">resources.ovirt.org</a><br><br></div></div><div><div class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Thanks for the assistance.</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson</div><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 22, 2017 at 10:38 AM, Piotr Kliczewski <span dir="ltr">&lt;<a href="mailto:piotr.kliczewski@gmail.com" target="_blank">piotr.kliczewski@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-m_-8574381526468994553m_-7948330153316553372gmail-HOEnZb"><div class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-m_-8574381526468994553m_-7948330153316553372gmail-h5">On Fri, Sep 22, 2017 at 10:35 AM, Martin Perina &lt;<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>&gt; wrote:<br>
&gt;<br>
&gt;<br>
&gt; On Fri, Sep 22, 2017 at 10:18 AM, Neil &lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Hi Piotr,<br>
&gt;&gt;<br>
&gt;&gt; Thank you for the information.<br>
&gt;&gt;<br>
&gt;&gt; It looks like something has expired looking in the server.log now that<br>
&gt;&gt; debug is enabled.<br>
&gt;&gt;<br>
&gt;&gt; 2017-09-22 09:35:26,462 INFO  [stdout] (MSC service thread 1-4)   Version:<br>
&gt;&gt; V3<br>
&gt;&gt; 2017-09-22 09:35:26,464 INFO  [stdout] (MSC service thread 1-4)   Subject:<br>
&gt;&gt; CN=<a href="http://engine01.mydomain.za" rel="noreferrer" target="_blank">engine01.mydomain.za</a>, O=mydomain, C=US<br>
&gt;&gt; 2017-09-22 09:35:26,467 INFO  [stdout] (MSC service thread 1-4)<br>
&gt;&gt; Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5<br>
&gt;&gt; 2017-09-22 09:35:26,471 INFO  [stdout] (MSC service thread 1-4)<br>
&gt;&gt; 2017-09-22 09:35:26,472 INFO  [stdout] (MSC service thread 1-4)   Key:<br>
&gt;&gt; Sun RSA public key, 1024 bits<br>
&gt;&gt; 2017-09-22 09:35:26,474 INFO  [stdout] (MSC service thread 1-4)   modulus:<br>
&gt;&gt; 966706131850237857720016566132<wbr>274169225143716493132034132811<wbr>213711757321195965137528821713<wbr>060454503460188878350322233731<wbr>259812207539722762942035931744<wbr>044702655933680916835641105243<wbr>164032601213316092139626126181<wbr>817086803318505413903188689260<wbr>544380782233716558008907254867<wbr>838600598733979833180338521720<wbr>60923531<br>
&gt;&gt; 2017-09-22 09:35:26,476 INFO  [stdout] (MSC service thread 1-4)   public<br>
&gt;&gt; exponent: 65537<br>
&gt;&gt; 2017-09-22 09:35:26,477 INFO  [stdout] (MSC service thread 1-4)<br>
&gt;&gt; Validity: [From: Sun Oct 14 22:26:46 SAST 2012,<br>
&gt;&gt; 2017-09-22 09:35:26,478 INFO  [stdout] (MSC service thread 1-4)<br>
&gt;&gt; To: Tue Sep 19 18:26:49 SAST 2017]<br>
&gt;&gt; 2017-09-22 09:35:26,479 INFO  [stdout] (MSC service thread 1-4)   Issuer:<br>
&gt;&gt; CN=<a href="http://CA-engine01.mydomain.za" target="_blank">CA-engine01.mydomain.za</a>.474<wbr>72, O=mydomain, C=US<br>
&gt;&gt;<br>
&gt;&gt; Any idea how I can generate a new one and what cert it is that&#39;s expired?<br>
&gt;<br>
&gt;<br>
&gt; It seems that your engine certificate has expired, but AFAIK this<br>
&gt; certificate should be automatically renewed during engine-setup. So when did<br>
&gt; you execute engine-setup for last time? Any info/warning about this shown<br>
&gt; during invocation?<br>
<br>
</div></div>Correct, Martin was a bit faster then me :)<br>
<div class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-m_-8574381526468994553m_-7948330153316553372gmail-HOEnZb"><div class="m_4388887520766938697m_4897289288977547643gmail-m_6405483071645332388gmail-m_-8574381526468994553m_-7948330153316553372gmail-h5"><br>
&gt;<br>
&gt; Also looking at server.log I found JBoss 7.1.1, so you are using really<br>
&gt; ancient oVirt, version, right?<br>
&gt;<br>
&gt;&gt;<br>
&gt;&gt; Please see the attached log for more info.<br>
&gt;&gt;<br>
&gt;&gt; Thank you so much for your assistance.<br>
&gt;&gt;<br>
&gt;&gt; Regards.<br>
&gt;&gt;<br>
&gt;&gt; Neil Wilson.<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On Thu, Sep 21, 2017 at 8:41 PM, Piotr Kliczewski<br>
&gt;&gt; &lt;<a href="mailto:piotr.kliczewski@gmail.com" target="_blank">piotr.kliczewski@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Neil,<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; It seems that your engine certificate(s) is/are not ok. I would<br>
&gt;&gt;&gt; suggest to enable ssl debug in the engine by:<br>
&gt;&gt;&gt; - add &#39;-Djavax.net.debug=all&#39; to ovirt-engine.py file here [1].<br>
&gt;&gt;&gt; - restart your engine<br>
&gt;&gt;&gt; - check your server.log and check what is the issue.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Hopefully we will be able to understand what happened in your setup.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Thanks,<br>
&gt;&gt;&gt; Piotr<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; [1]<br>
&gt;&gt;&gt; <a href="https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-engine/ovirt-engine.py#L341" rel="noreferrer" target="_blank">https://github.com/oVirt/ovirt<wbr>-engine/blob/master/packaging/<wbr>services/ovirt-engine/ovirt-en<wbr>gine.py#L341</a><br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; On Thu, Sep 21, 2017 at 4:42 PM, Neil &lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt; &gt; Further to the logs sent, on the nodes I&#39;m also seeing the following<br>
&gt;&gt;&gt; &gt; error<br>
&gt;&gt;&gt; &gt; under /var/log/messages...<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; Sep 20 03:43:12 node01 vdsm root ERROR invalid client certificate with<br>
&gt;&gt;&gt; &gt; subject &quot;/C=US/O=UKDM/CN=<a href="http://engine01.mydomain.za" rel="noreferrer" target="_blank">engine01.mydo<wbr>main.za</a>&quot;^C<br>
&gt;&gt;&gt; &gt; Sep 20 03:43:12 node01 vdsm vds ERROR xml-rpc handler<br>
&gt;&gt;&gt; &gt; exception#012Traceback<br>
&gt;&gt;&gt; &gt; (most recent call last):#012  File &quot;/usr/share/vdsm/BindingXMLRPC<wbr>.py&quot;,<br>
&gt;&gt;&gt; &gt; line<br>
&gt;&gt;&gt; &gt; 80, in threaded_start#012    self.server.handle_request()#0<wbr>12  File<br>
&gt;&gt;&gt; &gt; &quot;/usr/lib64/python2.6/SocketSe<wbr>rver.py&quot;, line 278, in handle_request#012<br>
&gt;&gt;&gt; &gt; self._handle_request_noblock()<wbr>#012  File<br>
&gt;&gt;&gt; &gt; &quot;/usr/lib64/python2.6/SocketSe<wbr>rver.py&quot;, line 288, in<br>
&gt;&gt;&gt; &gt; _handle_request_noblock#012    request, client_address =<br>
&gt;&gt;&gt; &gt; self.get_request()#012  File &quot;/usr/lib64/python2.6/SocketSe<wbr>rver.py&quot;,<br>
&gt;&gt;&gt; &gt; line<br>
&gt;&gt;&gt; &gt; 456, in get_request#012    return self.socket.accept()#012  File<br>
&gt;&gt;&gt; &gt; &quot;/usr/lib64/python2.6/site-pac<wbr>kages/vdsm/SecureXMLRPCServer.<wbr>py&quot;, line<br>
&gt;&gt;&gt; &gt; 136,<br>
&gt;&gt;&gt; &gt; in accept#012    raise SSL.SSLError(&quot;%s, client %s&quot; % (e,<br>
&gt;&gt;&gt; &gt; address[0]))#012SSLError: no certificate returned, client 10.251.193.5<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; Not sure if this is any further help in diagnosing the issue?<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; Thanks, any assistance is appreciated.<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; Regards.<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; Neil Wilson.<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt; On Thu, Sep 21, 2017 at 4:31 PM, Neil &lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Hi Piotr,<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Thank you for the reply. After sending the email I did go and check<br>
&gt;&gt;&gt; &gt;&gt; the<br>
&gt;&gt;&gt; &gt;&gt; engine one too....<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; [root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem<br>
&gt;&gt;&gt; &gt;&gt; -enddate<br>
&gt;&gt;&gt; &gt;&gt; -noout<br>
&gt;&gt;&gt; &gt;&gt; notAfter=Oct 13 16:26:46 2022 GMT<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; I&#39;m not sure if this one below is meant to verify or if this output is<br>
&gt;&gt;&gt; &gt;&gt; expected?<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; [root@engine01 /]# openssl x509 -in<br>
&gt;&gt;&gt; &gt;&gt; /etc/pki/ovirt-engine/private/<wbr>ca.pem<br>
&gt;&gt;&gt; &gt;&gt; -enddate -noout<br>
&gt;&gt;&gt; &gt;&gt; unable to load certificate<br>
&gt;&gt;&gt; &gt;&gt; 140642165552968:error:0906D06C<wbr>:PEM routines:PEM_read_bio:no start<br>
&gt;&gt;&gt; &gt;&gt; line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; My date is correct too Thu Sep 21 16:30:15 SAST 2017<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Any ideas?<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Googling surprisingly doesn&#39;t come up with much.<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Thank you.<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Regards.<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; Neil Wilson.<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt; On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski<br>
&gt;&gt;&gt; &gt;&gt; &lt;<a href="mailto:piotr.kliczewski@gmail.com" target="_blank">piotr.kliczewski@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; Neil,<br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; You checked both nodes what about the engine? Can you check engine<br>
&gt;&gt;&gt; &gt;&gt;&gt; certs?<br>
&gt;&gt;&gt; &gt;&gt;&gt; You can find more info where they are located here [1].<br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; Thanks,<br>
&gt;&gt;&gt; &gt;&gt;&gt; Piotr<br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; [1]<br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; <a href="https://www.ovirt.org/develop/release-management/features/infra/pki/#ovirt-engine" rel="noreferrer" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/in<wbr>fra/pki/#ovirt-engine</a><br>
&gt;&gt;&gt; &gt;&gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; On Thu, Sep 21, 2017 at 3:26 PM, Neil &lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Hi guys,<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Please could someone assist, my cluster is down and I can&#39;t access<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; my<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vm&#39;s<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; to switch some of them back on.<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; I&#39;m seeing the following error in the engine.log however I&#39;ve<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; checked<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; my<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; certs on my hosts (as some of the goolge results said to check),<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; but<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; the<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; certs haven&#39;t expired...<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; 2017-09-21 15:09:45,077 ERROR<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; (DefaultQuartzScheduler_Worker<wbr>-4) Command<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; GetCapabilitiesVDSCommand(Host<wbr>Name<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; = <a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>, HostId =<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; d2debdfe-76e7-40cf-a7fd-78a0f5<wbr>0f14d4,<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vds=Host[<a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>]) execution failed. Exception:<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; VDSNetworkException: javax.net.ssl.SSLHandshakeExce<wbr>ption: Received<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; fatal<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; alert: certificate_expired<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; 2017-09-21 15:09:45,086 ERROR<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; (DefaultQuartzScheduler_Worker<wbr>-10) Command<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; GetCapabilitiesVDSCommand(Host<wbr>Name = <a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>, HostId =<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; b108549c-1700-11e2-b936-9f5243<wbr>b8ce13, vds=Host[<a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>])<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; execution failed. Exception: VDSNetworkException:<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal alert:<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; certificate_expired<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; 2017-09-21 15:09:48,173 ERROR<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; My engine and host info is below...<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@engine01 ovirt-engine]# rpm -qa | grep -i ovirt<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-lib-3.4.0-1.el6.n<wbr>oarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-restapi-3.4.0-1.e<wbr>l6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-setup-plugin-ovir<wbr>t-engine-3.4.0-1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-3.4.0-1.el6.noarc<wbr>h<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-setup-plugin-webs<wbr>ocket-proxy-3.4.0-1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-host-deploy-java-1.2.0-1<wbr>.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-setup-3.4.0-1.el6<wbr>.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-host-deploy-1.2.0-1.el6.<wbr>noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-backend-3.4.0-1.e<wbr>l6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-image-uploader-3.4.0-1.e<wbr>l6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-tools-3.4.0-1.el6<wbr>.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-sdk-python-3.4.0.<wbr>7-1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-webadmin-portal-3<wbr>.4.0-1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-cli-3.4.0.5-1.el6<wbr>.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-setup-base-3.4.0-<wbr>1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-iso-uploader-3.4.0-1.el6<wbr>.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-userportal-3.4.0-<wbr>1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-log-collector-3.4.1-1.el<wbr>6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-websocket-proxy-3<wbr>.4.0-1.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-setup-plugin-ovir<a href="http://t-engine-common-3.4.0-1.el6.no" target="_blank"><wbr>t-engine-common-3.4.0-1.el6.no</a><wbr>arch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ovirt-engine-dbscripts-3.4.0-1<wbr>.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@engine01 ovirt-engine]# cat /etc/redhat-release<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; CentOS release 6.5 (Final)<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; -enddate<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; -noout ; date<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; notAfter=May 27 08:36:17 2019 GMT<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Thu Sep 21 15:18:22 SAST 2017<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; CentOS release 6.5 (Final)<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@node02 ~]# rpm -qa | grep vdsm<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-4.14.6-0.el6.x86_64<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-cli-4.14.6-0.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; -enddate<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; -noout ; date<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; notAfter=Jun 13 16:09:41 2018 GMT<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Thu Sep 21 15:18:52 SAST 2017<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; CentOS release 6.5 (Final)<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; [root@node01 ~]# rpm -qa | grep -i vdsm<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-4.14.6-0.el6.x86_64<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-cli-4.14.6-0.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Please could I have some assistance, I&#39;m rater desperate.<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Thank you.<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Regards.<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Neil Wilson<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; ______________________________<wbr>_________________<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; Users mailing list<br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
&gt;&gt;&gt; &gt;&gt;&gt; &gt;<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;&gt;<br>
&gt;&gt;&gt; &gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; ______________________________<wbr>_________________<br>
&gt;&gt; Users mailing list<br>
&gt;&gt; <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
&gt;&gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
&gt;&gt;<br>
&gt;<br>
</div></div></blockquote></div><br></div></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div></div></div></div>
</blockquote></div></div></div><br><br clear="all"><span><div><br></div>-- <br><div class="m_4388887520766938697m_4897289288977547643gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span>SANDRO</span> <span>BONAZZOLA</span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&amp;D</span></p><p style="font-family:overpass,sans-serif;margin:0px;font-size:10px;color:rgb(153,153,153)"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat <span>EMEA</span></a></p><table border="0" style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:medium"><tbody><tr><td width="100px"><a href="https://red.ht/sig" target="_blank"><img src="https://www.redhat.com/profiles/rh/themes/redhatdotcom/img/logo-red-hat-black.png" width="90" height="auto"></a></td><td style="font-size:10px"><div><a href="https://redhat.com/trusted" style="color:rgb(204,0,0);font-weight:bold" target="_blank">TRIED. TESTED. TRUSTED.</a></div></td></tr></tbody></table><a href="http://www.teraplan.it/redhat-osd-2017/" target="_blank"><img src="http://images.engage.redhat.com/EloquaImages/clients/RedHat/%7Bce8ba915-16e1-4b66-8a16-dfaac06bd5c0%7D_RH_OSD_Generic_Banner_655x100.png" width="420" height="60"></a><span></span><a href="http:///" target="_blank"></a><span></span><br></div></div></div></div></div></div></div></div></div></div></div>
</span></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>