On Tue, Dec 27, 2022 at 8:39 AM Yedidyah Bar David <d...@redhat.com> wrote: > > On Sun, Dec 25, 2022 at 5:15 PM Gilboa Davara <gilb...@gmail.com> wrote: > > > > > > > > On Sun, Dec 25, 2022 at 12:37 PM Gilboa Davara <gilb...@gmail.com> wrote: > >> > >> On Sun, Dec 25, 2022 at 12:36 PM Gilboa Davara <gilb...@gmail.com> wrote: > >>> > >>> Hello all, > >>> > >>> Even though I do my best to keep track of the certificate issue date > >>> across my different clusters, I somehow missed the vdsm certificate > >>> expiration in one of my clusters. > >>> Now I have an active cluster with multiple nodes (self-hosted / gluster > >>> storage), vdsm service is down on all nodes (due to certificate > >>> expiration) - hence, I cannot get the cluster into global maintenance > >>> mode (vdsms are down), and I cannot access my engine (to renew the engine > >>> certificates / re-enroll hosts). > >>> How can manual renew the host certificate? > >>> > >>> Thanks, > >>> Gilboa > >> > >> > >> P.S. CentOS 8 Streams engine and host, ovirt v4.5.3 (I think). > >> > >> - Gilboa > > > > > > Managed to find an old email in this group (that I saved...) > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/56QU2AD7YUX2VZUP4NZMRFXK32MJM7QE/ > > > > This got the nodes working... but the engine (GRRR) still cannot connect to > > the nodes (I assume it has expired certs as well), hence, it cannot detect > > the cluster is in global maintenance mode, and cannot run engine-setup. > > > > Add issue https://github.com/oVirt/ovirt-engine/issues/784 > > Sorry, I do not follow. Is your immediate obstacle being that > engine-setup refuses to continue, saying "Hosted Engine HA is in > Global Maintenance mode."? > > You can cause it to ignore this test by passing > 'OVESETUP_CONFIG/continueSetupOnHEVM=bool:True' (in the answer file or > --otopi-environment). > > We recently added an option 'engine-setup > --show-environment-documentation', exactly for this env key, see also: > > https://bugzilla.redhat.com/show_bug.cgi?id=1700460
(BTW, I now see that I warned there against trying to parse the output, as it might change in the future - and that I indeed actually already "broke" it, https://github.com/oVirt/otopi/pull/22 . If anyone volunteers to enhance this - either add some override to otopi calling textwrap.wrap or perhaps some '--json' option or whatever, great!). -- Didi _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/F6YJ5C23EAEFQSZ76DFCYOCFYLIWRMZT/