I solved the problem, The problem seemed to be with the certs on the engine in /etc/pki/ovirt-engine/certs. I ended up signing the .cer files using pki-enroll-pkcs12.sh. I followed the directions in this link https://ovirt.massopen.cloud/ovirt-engine/docs/Upgrade_Guide/Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-0_remote_db.html. My certs were already in sha256 format, but now at least I can get all green on my hosts and do what I need to do from the engine.
Don On Tue, Jul 26, 2022 at 6:50 PM Don Dupuis <donds...@gmail.com> wrote: > Hello > I have an environment with quite a lot of hosts using local storage > domains. The engine and hosts cert expired. I ran engine-setup on the > ovirt-engine so that the engine cert would get updated and then followed > this https://access.redhat.com/solutions/3532921 to manually update the > hosts certs so that hopefully the engine can talk to vdsm and then carry > out the cert enrollment process, but no luck. I am getting is error in > vdsm.log: > 2022-07-26 18:32:12,743-0500 INFO (Reactor thread) > [ProtocolDetector.AcceptorImpl] Accepted connection from ::ffff: > 192.168.50.26:58194 (protocoldetector:61) > 2022-07-26 18:32:12,760-0500 ERROR (Reactor thread) > [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address: > ::ffff:192.168.50.26 (sslutils:263) > > and the engine.log: > 2022-07-26 03:30:13,242-05 INFO > [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) > [] Connecting to host01/192.168.50.72 > 2022-07-26 03:30:13,257-05 ERROR > [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] > Unable to process messages General SSLEngine problem > 2022-07-26 03:30:13,260-05 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (EE-ManagedThreadFactory-engineScheduled-Thread-12) [] EVENT_ID: > VDS_BROKER_COMMAND_FAILURE(10,802), VDSM host01 command Get Host > Capabilities failed: General SSLEngine problem > I substituted host01 for the real FQDN for this post. > I can't get the hosts in a mode so that I can put it in maintenance mode > and I also want to be carefull about reinstalling because the vms are > stored on local storage domain on host. Fingerprints match on the certs and > when I sign the vdsmcert on the engine and then copy back to the proper > localtions, libvirtd and vdsmd restart fine, just the SSL ERROR. > > Anyone have any ideas on how to solve this cert issue? > > Thanks > Don >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XCC6NIIT5UABOCNDHBUJSGNBTOR3BPKE/