On Thu, Sep 27, 2018 at 12:31 AM Edward Haas <eh...@redhat.com> wrote: > > > On 26 Sep 2018, at 19:42, Dan Kenigsberg <dan...@redhat.com> wrote: > > > > On Wed, Sep 26, 2018 at 6:35 PM Edward Haas <eh...@redhat.com> wrote: >> >> I should have known better. >> Deleting /etc/pki/vdsm and re-installing VDSM solved it. >> >> There is probably a smarter/simpler way to do this (delete the folder and >> run 'vdsm-tool configure --force'?). > > > yes, more specifically: `vdsm-tool configure --module certificates` > > > I would expect running it or the other general version to replace the > existing expired certificate.
It would be wrong to replace an expired production certificate with a stupid self-signed one (which is what `configure`) does, and only for devel/testing/bootstrapping purposes. > At the minimum it should check and tell me what should I do. lib/vdsm/tool/configurators/certificates.py https://xenoterracide.com/post/dont-say-patches-welcome/ > > >> >> Thanks, >> Edy. >> >> On Wed, Sep 26, 2018 at 6:16 PM Edward Haas <eh...@redhat.com> wrote: >>> >>> Hi, >>> >>> I have a VM which acts as an oVirt host with VDSM installed. I use it for >>> testing without connecting it to Engine. >>> >>> Recently VDSM fails to come up and I see this error: >>> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176: >>> error : virNetTLSContextCheckCertTimes:154 : The server certificate >>> /etc/pki/vdsm/certs/vdsmcert.pem has expired > > > Congratulations, you've been using the same deployment for a year! > > > I’m pretty sure I never had to delete that folder until now. Vdsm is built, > installed and removed in an endless loop on a regular basis (including the > configured part). > > >>> >>> Any hint on how to generate or fetch a new certificate without the help of >>> Engine? >>> >>> Thanks, >>> Edy. >> >> _______________________________________________ >> Devel mailing list -- devel@ovirt.org >> To unsubscribe send an email to devel-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYMHS7XML7IW2E7XVOUIB4TS/ _______________________________________________ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/H7TFEMG6SRGDYM3GILDIW5KYL7DI2CWQ/