[ovirt-users] Re: Ovirt-engine , certificate issue

2022-08-01 Thread Daniel Parraz
Hi Angel,

I was wondering if you were able to resolve the issue with the non-responsive 
hypervisor hosts in the HostedEngine web GUI after running the "engine-setup 
--offline"? I currently have an expired certificate causing a similar issue and 
wanted to know if/how you were able to get your Ovirt node to recognize the new 
cert created?

Thank you,

Daniel Parraz
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NIOTSR5F6K5XOFLONJ5PUHZNU4G4Z5ZF/


[ovirt-users] Re: Ovirt-engine , certificate issue

2022-05-18 Thread Angel R. Gonzalez

Hi,

thank you very much for your support.

I've restarted httpd and the issue is resolved. But now, I've seen that 
one of the nodes is NonResponsive mode, other is in Connecting mode and 
the system log say:


    "Engine's certification has expired at 2022-05-16. Please renew the 
engine's certification."


Should I run the command engine-setup --offline for renew the engine's 
certification?

Do I have to do some more actions before executing that command?
After the engine-setup --offline, the nodes will be up?


Thanks in advance.
Ángel.


El 17/5/22 a las 22:23, Gianluca Cecchi escribió:

On Tue, May 17, 2022 at 7:36 PM Sharon Gratch  wrote:

Hi,

On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez
 wrote:

Hello,

I've a issue when I try log in ovirt-engine manager with a
browser. The
error message is:

 PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check
failed

The ovirt version is 4.4.5.11-1.

I follow the next commands for try resolve it.


> # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date
"+%Y%m%d")"
> # SUBJECT="$(openssl x509 -subject -noout -in
> /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')"
> # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
--name=apache
> --password="PASSWORD" --subject="${SUBJECT}"
> # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in
> /etc/pki/ovirt-engine/keys/apache.p12 >
> /etc/pki/ovirt-engine/certs/apache.cer
> # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in
> /etc/pki/ovirt-engine/keys/apache.p12 >
> /etc/pki/ovirt-engine/keys/apache.key.nopass
> # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
> # systemctl restart ovirt-engine.service
But after restarting the issue is the same.

Any idea?


Maybe try to restart the apache HTTP Server as well:
/systemctl restart httpd/

If it still doesn't work then please share the errors within the
engine log /var/log/ovirt-engine/engine.log

Thanks,
Sharon



Otherwise you can run
engine-setup --offline
(it will not change anything on current config and will not try to 
update any package)
between the answers to give it will notice that your certificate is 
expired and you have to answer yes to the question to renew it

After that you should be able to access the engine again

HIH,
Gianluca



--
Ángel Ramón González Martín
Responsable de Laboratorios Docentes
Edificio Alan Turing   Planta 3ª, Despacho A-313
Teléfono: 91497 2311 angel.gonza...@uam.es
Escuela Politécnica Superior


Universidad Autónoma de Madrid
C/ Francisco Tomás y Valiente 11, 28049 Madrid

Antes de imprimir este correo piense si es necesario. Cuidemos el 
medioambiente.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XNNPWDSUIGL47VYR2ZH7RWI7LY7WN5OM/


[ovirt-users] Re: Ovirt-engine , certificate issue

2022-05-17 Thread Gianluca Cecchi
On Tue, May 17, 2022 at 7:36 PM Sharon Gratch  wrote:

> Hi,
>
> On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez 
> wrote:
>
>> Hello,
>>
>> I've a issue when I try log in ovirt-engine manager with a browser. The
>> error message is:
>>
>>  PKIX path validation failed:
>> java.security.cert.CertPathValidatorException: validity check failed
>>
>> The ovirt version is 4.4.5.11-1.
>>
>> I follow the next commands for try resolve it.
>>
>>
>> > # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date "+%Y%m%d")"
>> > # SUBJECT="$(openssl x509 -subject -noout -in
>> > /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')"
>> > # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache
>> > --password="PASSWORD" --subject="${SUBJECT}"
>> > # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in
>> > /etc/pki/ovirt-engine/keys/apache.p12 >
>> > /etc/pki/ovirt-engine/certs/apache.cer
>> > # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in
>> > /etc/pki/ovirt-engine/keys/apache.p12 >
>> > /etc/pki/ovirt-engine/keys/apache.key.nopass
>> > # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
>> > # systemctl restart ovirt-engine.service
>> But after restarting the issue is the same.
>>
>> Any idea?
>>
>
> Maybe try to restart the apache HTTP Server as well:
> *systemctl restart httpd*
>
> If it still doesn't work then please share the errors within the engine
> log /var/log/ovirt-engine/engine.log
>
> Thanks,
> Sharon
>
>
>
Otherwise you can run
engine-setup --offline
(it will not change anything on current config and will not try to update
any package)
between the answers to give it will notice that your certificate is expired
and you have to answer yes to the question to renew it
After that you should be able to access the engine again

HIH,
Gianluca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MHQNQRN4B7KRNTJ6XGRT4P5RVATV6UJ2/


[ovirt-users] Re: Ovirt-engine , certificate issue

2022-05-17 Thread Sharon Gratch
Hi,

On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez 
wrote:

> Hello,
>
> I've a issue when I try log in ovirt-engine manager with a browser. The
> error message is:
>
>  PKIX path validation failed:
> java.security.cert.CertPathValidatorException: validity check failed
>
> The ovirt version is 4.4.5.11-1.
>
> I follow the next commands for try resolve it.
>
>
> > # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date "+%Y%m%d")"
> > # SUBJECT="$(openssl x509 -subject -noout -in
> > /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')"
> > # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache
> > --password="PASSWORD" --subject="${SUBJECT}"
> > # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in
> > /etc/pki/ovirt-engine/keys/apache.p12 >
> > /etc/pki/ovirt-engine/certs/apache.cer
> > # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in
> > /etc/pki/ovirt-engine/keys/apache.p12 >
> > /etc/pki/ovirt-engine/keys/apache.key.nopass
> > # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
> > # systemctl restart ovirt-engine.service
> But after restarting the issue is the same.
>
> Any idea?
>

Maybe try to restart the apache HTTP Server as well:
*systemctl restart httpd*

If it still doesn't work then please share the errors within the engine log
/var/log/ovirt-engine/engine.log

Thanks,
Sharon


> Thanks in advance
>
> Ángel.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MPFXIEDZBFVC7JAOV77DCLDR3IVOSOMU/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SF4RZT5YKTSOT3IIS4U5LEYMIVVNB57Q/