[ovirt-users] PKIX path validation failed
Hello experts. Environment: oVirt: Software Version:4.4.10.7-1.el8 OS: CentOS Linux release 8.5.2111 Symptoms: 1. At login prompt I see this: "PKIX path validation failed: java.security.certCertPathValidatorException: validity check failed" which successfully resolved by "engine-setup --offline" 2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. At vdsm.log I found message: ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: socket error, address: :::. (sslutils:272) At engine.log I found messages: ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed ... 2024-06-10 17:54:13,576+05 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed Cause: Certificate expired. Questions: 1. How to bring host 'Online'? 2. How to properly update SSL? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERNPMYZDMRJAEWQI5VZJMX4YOK3TJWS5/
[ovirt-users] Re: Bcp vm
Hello. Found your solution very useful. Thank you. Have some questions. 1. Is there a way to pass virtual machine name as an argument to yml script? 2. Also there is a situation, when script unable to delete older backups of VM, if that VM excluded from vmlist for the next backup (syntax err: "find: paths must precede expression: +7"). ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WVWHM6FXG2VRA6WZ7FKX2EVXMEW6QTOZ/
[ovirt-users] Re: Bcp vm
Resolved. Just copied the PK for ovirt-engine from 'Edit Host-General-Authentication' to the authorized_keys file. Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NG3BUY2KRRAHN4XPBELPUM6VW4B2RU6/
[ovirt-users] Re: Bcp vm
Is it possible to correct issue through Management->SSH Management ? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKG3YYHEXAIJFBDSAMI7HB7TSBKN2URX/
[ovirt-users] Re: Bcp vm
Hello Jayme. I accidentally recreated ~/.ssh/authorized_keys. Now at logs I see -- fatal: [MY_SERVER]: UNREACHABLE! => { "changed": false, "unreachable": true } Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). -- Please advice how to resolve. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RDMPYDXV3VPURWPQBIYMDABZGKTNLS2L/
[ovirt-users] Bcp vm
Hello experts. Environment: 2 identical servers running CentOS Linux release 7.7.1908 oVirt Version:4.3.7.2-1.el7 No clusters configured. NFS share for backups on third server. Have some questions. 1. Need to create backups of virtual machines to NFS without downtime. Can an 'OVA export' be a complete policy for backups? 2. Is there a way to export vm to OVA via command line? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VARQGZIIZZGSMJFRMJIPWSPH3QIRM6Z7/
[ovirt-users] Re: command line vm start/stop
According to https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/rest_api_guide/index#services-vm trying to use curl --insecure -v -u admin@internal:password -H Content-type: application/xml -X POST https://FQDN/ovirt-engine/api/vms/VM_NAME/ACTION where ACTION start or stop Got following: * About to connect() to FQDN port 443 (#0) * Trying SERVER_IP... * Connected to FQDN (SERVER_IP) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/ovirt-engine/ca.pem CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: CN=FQDN * start date: Jan 22 06:12:15 2020 GMT * expire date: Dec 27 06:12:15 2024 GMT * common name: FQDN * issuer: CN=FQDN. * Server auth using Basic with user 'admin@internal' > POST /ovirt-engine/api/vms/VM_NAME/ACTION HTTP/1.1 > Authorization: Basic YWRtaW5AaW50ZXJuYWw6U3lzVGVhbTEzYw== > User-Agent: curl/7.29.0 > Host: FQDN > Accept: application/xml > < HTTP/1.1 404 Not Found < Date: Sun, 19 Apr 2020 00:20:04 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips < Content-Length: 0 < Correlation-Id: 15e7a226-8982-47ff-9f68-7a2519705856 < * Connection #0 to host FQDN left intact -- tail -1000f /var/log/ovirt-engine/server.log: 2020-04-18 20:20:04,354-04 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-385) RESTEASY002010: Failed to execute: javax.ws.rs.WebApplicationException: HTTP 404 Not Found at org.ovirt.engine.api.restapi.resource.AbstractBackendResource.asGuidOr404(AbstractBackendResource.java:355) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.(AbstractBackendSubResource.java:26) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.AbstractBackendActionableResource.(AbstractBackendActionableResource.java:39) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendVmResource.(BackendVmResource.java:114) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendVmsResource.getVmResource(BackendVmsResource.java:164) [restapi-jaxrs.jar:] at sun.reflect.GeneratedMethodAccessor1357.invoke(Unknown Source) [:1.8.0_232] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_232] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_232] at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:69) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:105) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.7.0.Final.jar:3.7.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:791) [jboss-servlet-api_4.0_spec-1.0.0.Final.jar:1.0.0.Final] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) [undertow-servlet-2.0.21.Final.jar:2.0.21.Final] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) [undertow-servlet-2.0.21.Final.jar:2.0.21.Final] at