[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.
Yes as long as you rerun engine-setup it should renew the internal CA and it's certs, even if you don't actually upgrade the engine. -Patrick Hibbs On Fri, 2022-10-14 at 08:40 +0100, nico...@devels.es wrote: > Thanks Patrick. > > We're not planning to upgrade the engine yet, would this solution > still > be valid if I re-run the engine-setup process without upgrading to > 4.5? > > Thanks again. > > El 2022-10-13 19:17, Patrick Hibbs escribió: > > Hello, > > > > That means the engine certificate signed by the internal engine CA > > is > > about to expire. (It's used to communicate with VDSM and VNC > > connections.) > > > > The engine should auto renew it during the next upgrade. If you > > have > > downtime, you can renew it manually by rerunning engine-setup on > > the > > engine host. > > > > The custom cert you give to apache is not affected by this renewal, > > but > > the engine will start having issues if it's internal cert isn't > > renewed. > > > > Do keep in mind that some users have reported having issues when > > renewing this cert, (engine-setup not actually renewing it > > properly, > > hosts loosing connectivity, etc.) so I would plan on there being a > > complete service interruption, e.g. all VMs inaccessible / down, > > during > > the renewal process. (Maybe do it over a weekend.) > > > > -Patrick Hibbs > > > > On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote: > > > Hi, > > > > > > I'm running oVirt 4.4 and recently I got a message in the events > > > list > > > like this: > > > > > > Engine's certification is about to expire at 2022-10-30. > > > Please > > > renew > > > the engine's certification. > > > > > > What does that exactly mean? And how can it be renewed? > > > > > > I'm using a custom TLS certificate both for web access and > > > websocket > > > proxy. Does it need to be renewed anyways? > > > > > > Thanks. > > > ___ > > > Users mailing list -- users@ovirt.org > > > To unsubscribe send an email to users-le...@ovirt.org > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > > oVirt Code of Conduct: > > > https://www.ovirt.org/community/about/community-guidelines/ > > > List Archives: > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/ > > > > ___ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/QM3CTGTR566MBD5HBMZKW4GR7NHWXWCQ/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7GEQ5GUWJUUZSNAZFBS4XUWUBUM4VJME/
[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.
I think you can do that by running engine-setup --offline Greetings Klaas On 10/14/22 09:40, nico...@devels.es wrote: Thanks Patrick. We're not planning to upgrade the engine yet, would this solution still be valid if I re-run the engine-setup process without upgrading to 4.5? Thanks again. El 2022-10-13 19:17, Patrick Hibbs escribió: Hello, That means the engine certificate signed by the internal engine CA is about to expire. (It's used to communicate with VDSM and VNC connections.) The engine should auto renew it during the next upgrade. If you have downtime, you can renew it manually by rerunning engine-setup on the engine host. The custom cert you give to apache is not affected by this renewal, but the engine will start having issues if it's internal cert isn't renewed. Do keep in mind that some users have reported having issues when renewing this cert, (engine-setup not actually renewing it properly, hosts loosing connectivity, etc.) so I would plan on there being a complete service interruption, e.g. all VMs inaccessible / down, during the renewal process. (Maybe do it over a weekend.) -Patrick Hibbs On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote: Hi, I'm running oVirt 4.4 and recently I got a message in the events list like this: Engine's certification is about to expire at 2022-10-30. Please renew the engine's certification. What does that exactly mean? And how can it be renewed? I'm using a custom TLS certificate both for web access and websocket proxy. Does it need to be renewed anyways? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QM3CTGTR566MBD5HBMZKW4GR7NHWXWCQ/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KQ7U4M53MOJSUV5JCKHOYIHE64N7XAXC/
[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.
Thanks Patrick. We're not planning to upgrade the engine yet, would this solution still be valid if I re-run the engine-setup process without upgrading to 4.5? Thanks again. El 2022-10-13 19:17, Patrick Hibbs escribió: Hello, That means the engine certificate signed by the internal engine CA is about to expire. (It's used to communicate with VDSM and VNC connections.) The engine should auto renew it during the next upgrade. If you have downtime, you can renew it manually by rerunning engine-setup on the engine host. The custom cert you give to apache is not affected by this renewal, but the engine will start having issues if it's internal cert isn't renewed. Do keep in mind that some users have reported having issues when renewing this cert, (engine-setup not actually renewing it properly, hosts loosing connectivity, etc.) so I would plan on there being a complete service interruption, e.g. all VMs inaccessible / down, during the renewal process. (Maybe do it over a weekend.) -Patrick Hibbs On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote: Hi, I'm running oVirt 4.4 and recently I got a message in the events list like this: Engine's certification is about to expire at 2022-10-30. Please renew the engine's certification. What does that exactly mean? And how can it be renewed? I'm using a custom TLS certificate both for web access and websocket proxy. Does it need to be renewed anyways? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QM3CTGTR566MBD5HBMZKW4GR7NHWXWCQ/
[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.
Hello, That means the engine certificate signed by the internal engine CA is about to expire. (It's used to communicate with VDSM and VNC connections.) The engine should auto renew it during the next upgrade. If you have downtime, you can renew it manually by rerunning engine-setup on the engine host. The custom cert you give to apache is not affected by this renewal, but the engine will start having issues if it's internal cert isn't renewed. Do keep in mind that some users have reported having issues when renewing this cert, (engine-setup not actually renewing it properly, hosts loosing connectivity, etc.) so I would plan on there being a complete service interruption, e.g. all VMs inaccessible / down, during the renewal process. (Maybe do it over a weekend.) -Patrick Hibbs On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote: > Hi, > > I'm running oVirt 4.4 and recently I got a message in the events list > like this: > > Engine's certification is about to expire at 2022-10-30. Please > renew > the engine's certification. > > What does that exactly mean? And how can it be renewed? > > I'm using a custom TLS certificate both for web access and websocket > proxy. Does it need to be renewed anyways? > > Thanks. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/
