Further to the logs sent, on the nodes I'm also seeing the following error under /var/log/messages...
Sep 20 03:43:12 node01 vdsm root ERROR invalid client certificate with subject "/C=US/O=UKDM/CN=engine01.mydomain.za"^C Sep 20 03:43:12 node01 vdsm vds ERROR xml-rpc handler exception#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start#012 self.server.handle_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request#012 self._handle_request_noblock()#012 File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock#012 request, client_address = self.get_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request#012 return self.socket.accept()#012 File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 136, in accept#012 raise SSL.SSLError("%s, client %s" % (e, address[0]))#012SSLError: no certificate returned, client 10.251.193.5 Not sure if this is any further help in diagnosing the issue? Thanks, any assistance is appreciated. Regards. Neil Wilson. On Thu, Sep 21, 2017 at 4:31 PM, Neil <nwilson...@gmail.com> wrote: > Hi Piotr, > > Thank you for the reply. After sending the email I did go and check the > engine one too.... > > [root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -enddate > -noout > notAfter=Oct 13 16:26:46 2022 GMT > > I'm not sure if this one below is meant to verify or if this output is > expected? > > [root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/private/ca.pem > -enddate -noout > unable to load certificate > 140642165552968:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE > > My date is correct too Thu Sep 21 16:30:15 SAST 2017 > > Any ideas? > > Googling surprisingly doesn't come up with much. > > Thank you. > > Regards. > > Neil Wilson. > > On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski < > piotr.kliczew...@gmail.com> wrote: > >> Neil, >> >> You checked both nodes what about the engine? Can you check engine certs? >> You can find more info where they are located here [1]. >> >> Thanks, >> Piotr >> >> [1] https://www.ovirt.org/develop/release-management/features/in >> fra/pki/#ovirt-engine >> >> On Thu, Sep 21, 2017 at 3:26 PM, Neil <nwilson...@gmail.com> wrote: >> > Hi guys, >> > >> > Please could someone assist, my cluster is down and I can't access my >> vm's >> > to switch some of them back on. >> > >> > I'm seeing the following error in the engine.log however I've checked my >> > certs on my hosts (as some of the goolge results said to check), but the >> > certs haven't expired... >> > >> > >> > 2017-09-21 15:09:45,077 ERROR >> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand] >> > (DefaultQuartzScheduler_Worker-4) Command >> GetCapabilitiesVDSCommand(HostName >> > = node02.mydomain.za, HostId = d2debdfe-76e7-40cf-a7fd-78a0f50f14d4, >> > vds=Host[node02.mydomain.za]) execution failed. Exception: >> > VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received >> fatal >> > alert: certificate_expired >> > 2017-09-21 15:09:45,086 ERROR >> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand] >> > (DefaultQuartzScheduler_Worker-10) Command >> > GetCapabilitiesVDSCommand(HostName = node01.mydomain.za, HostId = >> > b108549c-1700-11e2-b936-9f5243b8ce13, vds=Host[node01.mydomain.za]) >> > execution failed. Exception: VDSNetworkException: >> > javax.net.ssl.SSLHandshakeException: Received fatal alert: >> > certificate_expired >> > 2017-09-21 15:09:48,173 ERROR >> > >> > My engine and host info is below... >> > >> > [root@engine01 ovirt-engine]# rpm -qa | grep -i ovirt >> > ovirt-engine-lib-3.4.0-1.el6.noarch >> > ovirt-engine-restapi-3.4.0-1.el6.noarch >> > ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch >> > ovirt-engine-3.4.0-1.el6.noarch >> > ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch >> > ovirt-host-deploy-java-1.2.0-1.el6.noarch >> > ovirt-engine-setup-3.4.0-1.el6.noarch >> > ovirt-host-deploy-1.2.0-1.el6.noarch >> > ovirt-engine-backend-3.4.0-1.el6.noarch >> > ovirt-image-uploader-3.4.0-1.el6.noarch >> > ovirt-engine-tools-3.4.0-1.el6.noarch >> > ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch >> > ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch >> > ovirt-engine-cli-3.4.0.5-1.el6.noarch >> > ovirt-engine-setup-base-3.4.0-1.el6.noarch >> > ovirt-iso-uploader-3.4.0-1.el6.noarch >> > ovirt-engine-userportal-3.4.0-1.el6.noarch >> > ovirt-log-collector-3.4.1-1.el6.noarch >> > ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch >> > ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch >> > ovirt-engine-dbscripts-3.4.0-1.el6.noarch >> > [root@engine01 ovirt-engine]# cat /etc/redhat-release >> > CentOS release 6.5 (Final) >> > >> > >> > [root@node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem >> -enddate >> > -noout ; date >> > notAfter=May 27 08:36:17 2019 GMT >> > Thu Sep 21 15:18:22 SAST 2017 >> > CentOS release 6.5 (Final) >> > [root@node02 ~]# rpm -qa | grep vdsm >> > vdsm-4.14.6-0.el6.x86_64 >> > vdsm-python-4.14.6-0.el6.x86_64 >> > vdsm-cli-4.14.6-0.el6.noarch >> > vdsm-xmlrpc-4.14.6-0.el6.noarch >> > vdsm-python-zombiereaper-4.14.6-0.el6.noarch >> > >> > >> > [root@node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem >> -enddate >> > -noout ; date >> > notAfter=Jun 13 16:09:41 2018 GMT >> > Thu Sep 21 15:18:52 SAST 2017 >> > CentOS release 6.5 (Final) >> > [root@node01 ~]# rpm -qa | grep -i vdsm >> > vdsm-4.14.6-0.el6.x86_64 >> > vdsm-xmlrpc-4.14.6-0.el6.noarch >> > vdsm-cli-4.14.6-0.el6.noarch >> > vdsm-python-zombiereaper-4.14.6-0.el6.noarch >> > vdsm-python-4.14.6-0.el6.x86_64 >> > >> > Please could I have some assistance, I'm rater desperate. >> > >> > Thank you. >> > >> > Regards. >> > >> > Neil Wilson >> > >> > >> > >> > _______________________________________________ >> > Users mailing list >> > Users@ovirt.org >> > http://lists.ovirt.org/mailman/listinfo/users >> > >> > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users