[ovirt-users] PKIX path validation failed

2024-06-10 Thread Ali Gusainov 
Hello experts.

Environment:
oVirt: Software Version:4.4.10.7-1.el8
OS: CentOS Linux release 8.5.2111

Symptoms:
1. At login prompt I see this:
"PKIX path validation failed: java.security.certCertPathValidatorException: 
validity check failed"
which successfully resolved by "engine-setup --offline"
2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. 
At vdsm.log I found message:
 ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl 
handshake: socket error, address: :::. (sslutils:272)
At engine.log I found messages:
ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] 
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] 
Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: 
VDSNetworkException: PKIX path validation failed: 
java.security.cert.CertPathValidatorException: validity check failed
...
2024-06-10 17:54:13,576+05 ERROR 
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] 
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] 
Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: 
VDSNetworkException: PKIX path validation failed: 
java.security.cert.CertPathValidatorException: validity check failed

Cause:
Certificate expired.

Questions:
1. How to bring host 'Online'?
2. How to properly update SSL?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERNPMYZDMRJAEWQI5VZJMX4YOK3TJWS5/

[ovirt-users] Re: Bcp vm

2023-06-27 Thread Ali Gusainov 
Hello. 
Found your solution very useful. Thank you.
 
Have some questions.
1. Is there a way to pass virtual machine name as an argument to yml script?
2. Also there is a situation, when script unable to delete older backups of VM, 
if that VM excluded from vmlist for the next backup (syntax err: "find: paths 
must precede expression: +7"). 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WVWHM6FXG2VRA6WZ7FKX2EVXMEW6QTOZ/

[ovirt-users] Re: Bcp vm

2023-03-16 Thread Ali Gusainov 
Resolved. Just copied the PK for ovirt-engine from 'Edit 
Host-General-Authentication' to the authorized_keys file.

Thanks.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NG3BUY2KRRAHN4XPBELPUM6VW4B2RU6/

[ovirt-users] Re: Bcp vm

2023-03-09 Thread Ali Gusainov 
Is it possible to correct issue through Management->SSH Management ?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKG3YYHEXAIJFBDSAMI7HB7TSBKN2URX/

[ovirt-users] Re: Bcp vm

2023-03-09 Thread Ali Gusainov 
Hello Jayme.

I accidentally recreated ~/.ssh/authorized_keys. Now at logs I see
--
fatal: [MY_SERVER]: UNREACHABLE! => {
"changed": false, 
"unreachable": true
}

Failed to connect to the host via ssh: Permission denied 
(publickey,gssapi-keyex,gssapi-with-mic,password).
--

Please advice how to resolve. 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RDMPYDXV3VPURWPQBIYMDABZGKTNLS2L/

[ovirt-users] Bcp vm

2023-03-09 Thread Ali Gusainov 
Hello experts.

Environment:
2 identical servers running 
   CentOS Linux release 7.7.1908
   oVirt Version:4.3.7.2-1.el7
   No clusters configured.
NFS share for backups on third server.

Have some questions.
1. Need to create backups of virtual machines to NFS without downtime. Can an 
'OVA export' be a complete policy for backups?
2. Is there a way to export vm to OVA via command line?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VARQGZIIZZGSMJFRMJIPWSPH3QIRM6Z7/

[ovirt-users] Re: command line vm start/stop

2020-04-19 Thread Ali Gusainov 
According to 
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/rest_api_guide/index#services-vm

trying to use
curl --insecure -v -u admin@internal:password -H Content-type: application/xml 
-X POST https://FQDN/ovirt-engine/api/vms/VM_NAME/ACTION

where ACTION start or stop

Got following:


* About to connect() to FQDN port 443 (#0)
*   Trying SERVER_IP...
* Connected to FQDN (SERVER_IP) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/ovirt-engine/ca.pem
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*   subject: CN=FQDN
*   start date: Jan 22 06:12:15 2020 GMT
*   expire date: Dec 27 06:12:15 2024 GMT
*   common name: FQDN
*   issuer: CN=FQDN.
* Server auth using Basic with user 'admin@internal'
> POST /ovirt-engine/api/vms/VM_NAME/ACTION HTTP/1.1
> Authorization: Basic YWRtaW5AaW50ZXJuYWw6U3lzVGVhbTEzYw==
> User-Agent: curl/7.29.0
> Host: FQDN
> Accept: application/xml
> 
< HTTP/1.1 404 Not Found
< Date: Sun, 19 Apr 2020 00:20:04 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
< Content-Length: 0
< Correlation-Id: 15e7a226-8982-47ff-9f68-7a2519705856
< 
* Connection #0 to host FQDN left intact


--


tail -1000f /var/log/ovirt-engine/server.log:

2020-04-18 20:20:04,354-04 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] 
(default task-385) RESTEASY002010: Failed to execute: 
javax.ws.rs.WebApplicationException: HTTP 404 Not Found
at 
org.ovirt.engine.api.restapi.resource.AbstractBackendResource.asGuidOr404(AbstractBackendResource.java:355)
 [restapi-jaxrs.jar:]
at 
org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.(AbstractBackendSubResource.java:26)
 [restapi-jaxrs.jar:]
at 
org.ovirt.engine.api.restapi.resource.AbstractBackendActionableResource.(AbstractBackendActionableResource.java:39)
 [restapi-jaxrs.jar:]
at 
org.ovirt.engine.api.restapi.resource.BackendVmResource.(BackendVmResource.java:114)
 [restapi-jaxrs.jar:]
at 
org.ovirt.engine.api.restapi.resource.BackendVmsResource.getVmResource(BackendVmsResource.java:164)
 [restapi-jaxrs.jar:]
at sun.reflect.GeneratedMethodAccessor1357.invoke(Unknown Source) 
[:1.8.0_232]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 [rt.jar:1.8.0_232]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_232]
at 
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:69)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:105)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at 
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
 [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:791) 
[jboss-servlet-api_4.0_spec-1.0.0.Final.jar:1.0.0.Final]
at 
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
 [undertow-servlet-2.0.21.Final.jar:2.0.21.Final]
at 
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) 
[undertow-servlet-2.0.21.Final.jar:2.0.21.Final]
at