On Fri, May 6, 2022 at 10:44 AM Gianluca Cecchi <gianluca.cec...@gmail.com> wrote:
> On Mon, May 2, 2022 at 6:02 PM <csab...@freemail.hu> wrote: > >> Hi, >> >> LAst month a renewed our hosts certificates by the "Enroll certificates" >> method. >> The "/etc/pki/vdsm/libvirt-vnc/server-cert.pem" certificate wasn't >> renewed on my nodes (other certificates were). >> >> How can i renew this certificate too? >> >> thanks >> csabany >> >> > Actually I think this could be a bug in enrolling certificate job on hosts > from web admin gui. > I'm having the same problem updating from downstream RHV 4.4.10-6 to > 4.4.10-7 with RHV-H hosts and the enrolling of certificates takes in > consideration these directories > > /etc/pki/libvirt > /etc/pki/vdsm/certs > /etc/pki/vdsm/libvirt-migrate > /etc/pki/vdsm/libvirt-spice > > But not: > /etc/pki/vdsm/libvirt-vnc > > I think it could impact oVirt too. > > In case Red Hat guys want to see logs of my RHV environment, I've opened > the case 03212406 for this problem. > > Gianluca > I forgot to say that the impact in my case is that due to this problem I can't live migrate VMs between the updated hosts, because the libvirt-vnc certificate of destination host is now expired... and in logs of source host I get: libvirt.libvirtError: internal error: process exited while connecting to monitor: 2022-05-05T07:31:25.922766Z qemu-kvm: The server certificate /etc/pki/vdsm/libvirt-vnc/server-cert.pem has expired Perhaps is due to having graphics protocol: Spice+VNC in VM console configuration, so both certificates (spice and vnc) are checked before migration. Not sure Gianluca
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LPNL26PR632UXMWBC7ARXXR255B44WM3/