DennisKonrad commented on issue #2930: HA for Management Server - roundrobin: Certificate ownership URL: https://github.com/apache/cloudstack/issues/2930#issuecomment-438988751 Hi @rhtyd, I have three question left before I can try this on our cluster. To get the hosts to try to connect (your last question) it works to delete/move the cloud.jks. It's not even needed to restart the agent as far as I could tell. After that it worked to reprovision the kvm-host with the "provisionCertificate" api call. When creating new CA/private/public I can now reprovision the hosts. I would also like to leave the systemvm's in place. _So I need to reprovision certs for agents in console proxy, storage vm and all virtual routers in the same manner? (1.) Is this even possible with the "provisionCertificate" api call? (2.) I was not able to list ALL virtual routers via listRouters. Even with listall and/or isrecursive flag. Is there an easy way to list all virtual routers? (3.)_ I'm aiming for a process that leaves everything except the management-server running without any interruption. My process looks as following: _**Prerequisites:**_ get all relevant IDs (Hosts, SystemVMs) (api: listHosts, ) set auth strictness = false _**Downtime:**_ stop all managament servers backup and NULL the following db keys: ca.plugin.root.private.key ca.plugin.root.public.key ca.plugin.root.ca.certificate backup and delete per Host & SystemVM: /etc/cloudstack/agent/cloud.jks start first mgmt-server and wait for completion start second mgmt-server reissue certificates for all hosts turn auth strictness on again
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
