You can refer to this code block
https://github.com/apache/cloudstack/blob/main/scripts/util/keystore-setup#L54-L61
if [ -f "$LIBVIRTD_FILE" ]; then
echo "Reverting libvirtd to not listen on TLS"
sed -i "s,^listen_tls=1,listen_tls=0,g" $LIBVIRTD_FILE
systemctl restart libvirtd
fi
echo "Removing cloud.* files in /etc/cloudstack/agent"
rm -f /etc/cloudstack/agent/cloud.*
-Wei
On Monday, 20 February 2023, Antoine Boucher <antoi...@haltondc.com> wrote:
> Thank you Wei,
>
> My ca.plugin.root.auth.strictness was already set to false
>
> The cloud-stack agent refused to run because Libvirt is not running
> because of the expired Libvirt certs.
>
> Is there a way to turn off the secure connection requirement on libbvirt.
> Or at least to allow to connect and renew vie the WebUI and the turn it
> back on?
>
> Regards,
> Antoine
>
>
>
> *Antoine Boucher*
> antoi...@haltondc.com
> [o] +1-226-505-9734
> www.haltondc.com
>
> “Data security made simple”
>
>
> [image: HDClogo7-small.png]
>
>
> Confidentiality Warning: This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy,
> copying, circulation or other use of this message and any attachments is
> strictly prohibited. If you are not the intended recipient, please notify
> the sender immediately by return e-mail, and delete this message and any
> attachments from your system.
>
>
> On Feb 20, 2023, at 2:24 PM, Wei ZHOU <ustcweiz...@gmail.com> wrote:
>
> Agree.
>
> For the cloudstack agent which can not be started, update global setting
> `ca.plugin.root.auth.strictness` to `false` and retry.
>
> -Wei
>
> On Mon, 20 Feb 2023 at 20:21, Aditya Sharma
> <aditya.sha...@indiqus.com.invalid> wrote:
>
>
> Hello,
>
> Yes it can be done simply by forcing “provision host security keys“ from
> the Web UI.
>
> Regards,
> Aditya Sharma
>
> On 21-Feb-2023, at 00:01, Antoine Boucher <antoi...@haltondc.com> wrote:
>
> Hello,
>
> I have just upgraded from 4.16.2 to 4.17.2 all went well.
>
> However, probably unrelated to the upgrade, I needed to do maintenance
>
> on on of my Centos 7 kvm host. When I rebooted the host CloudStack agent
> can not start, complaining about expired libvirt certificated.
>
>
> I read that the certificate for libvirt of centos 7 is valid for one
>
> year. There is a fairly convoluted way to update them. Is there a simpler
> way to renew the cert?
>
>
> I have not rebooted my other centos 7 kvm hosts, that are likely over
>
> the one year mark. Can these hosts libvirt certs be upgraded simply by
> forcing “provision host security keys“ from the webui console in the
> infrastructure/host section since I still have cloud-agent connection?
>
>
> Regards,
> Antoine Boucher
>
>
>
>
>
>
> Confidentiality Warning: This message and any attachments are intended
>
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of this message and any attachments is strictly
> prohibited. If you are not the intended recipient, please notify the sender
> immediately by return e-mail, and delete this message and any attachments
> from your system.
>
> --
> This message is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> information. If you are not the intended recipient, please delete the
> original message and any copy of it from your computer system. You are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited unless proper authorization has been
> obtained for such action. If you have received this communication in
> error,
> please notify the sender immediately. Although IndiQus attempts to sweep
> e-mail and attachments for viruses, it does not guarantee that both are
> virus-free and accepts no liability for any damage sustained as a result
> of
> viruses.
>
>
>
