3.1 upgrade was never actually supported if I remember correctly, so you may experience other issues as well.
But you can try the following sequence: 1. Move all hosts into maintenance via webadmin. 2. Stop ovirt-engine. 3. Backup your computer and database. 4. Remove /etc/pki/ovirt-engine/ca.pem 5. Run engine-setup. 6. Set new administrator password: # engine-config -s AdminPassword=interactive 7. Restart ovirt-engine 8. Re-install all hosts via webadmin. ----- Original Message ----- > From: "Thomas Scofield" <tscofi...@gmail.com> > To: "users" <users@ovirt.org> > Sent: Tuesday, March 11, 2014 7:13:27 AM > Subject: [Users] ovirt-engine certs > > > > How can I regenerate the ovirt engine CA certs and corresponding vdsm certs? > I have an ovirt setup that I’m upgrading from 3.2.0 (from the dre repos) to > 3.2.3 and I am getting the certificate errors listed below after the > upgrade. I have done this same upgrade on an number of other ovirt-engines > with no issue. The setup had originally been installed with ovirt 3.1 so it > possible that some of the certificate configurations from 3.1 are still > present on this ovirt-engine and it is contributing to the problem. For > example, I noticed that the /etc/pki/ovirt-engine/cacert.conf file on this > troublesome upgrade has “default_bits = rsa:1024”, but the systems that > upgraded successfully have “default_bits = rsa:2048”. The same is true for > the cert.conf file. > > > > Engine.log > > 2014-03-10 17:10:28,954 ERROR > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-2) vds::refreshVdsStats Failed getVdsStats, > vds = a7459d21-b5a6-4330-9897-f2018c9a1776 : vm1, error = > VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal > alert: bad_certificate > > > > Vdsm.log > > BindingXMLRPC::ERROR::2014-03-10 > 20:58:00,871::SecureXMLRPCServer::97::root::(verify) invalid client > certificate with subject "/C=US/O= > example.com/CN=CA-ovirt1.example.com.30758 " > > BindingXMLRPC::ERROR::2014-03-10 > 20:58:00,872::BindingXMLRPC::72::vds::(threaded_start) xml-rpc handler > exception > > Traceback (most recent call last): > > File "/usr/share/vdsm/BindingXMLRPC.py", line 68, in threaded_start > > self.server.handle_request() > > File "/usr/lib64/python2.6/SocketServer.py", line 268, in handle_request > > self._handle_request_noblock() > > File "/usr/lib64/python2.6/SocketServer.py", line 278, in > _handle_request_noblock > > request, client_address = self.get_request() > > File "/usr/lib64/python2.6/SocketServer.py", line 446, in get_request > > return self.socket.accept() > > File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line > 116, in accept > > client, address = self.connection.accept() > > File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line > 167, in accept > > ssl.accept_ssl() > > File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line > 156, in accept_ssl > > return m2.ssl_accept(self.ssl, self._timeout) > > SSLError: no certificate returned > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
