/usr/libexec/vdsm/vdsm-gencerts.sh /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/certs/vdsmcert.pem
Yields nothing. No error messages, and no updated certificates in /etc/pki/vdsm/certs/ > On 9 Aug 2022, at 10:28, Andrei Verovski <andre...@starlett.lv> wrote: > > Hi, > > Looks like this is a suitable article. > https://microdevsys.com/wp/get-host-capabilities-failed-general-sslengine-problem/ > > Please note I have problem with > VDSM node14 command Get Host Capabilities failed: PKIX path validation > failed: java.security.cert.CertPathValidatorException: validity check failed > > only on 1 node, everything else works just fine. > > > Is this correct or outdated/obsolete ? > > [root@mdskvm-p01 vdsm]# /usr/libexec/vdsm/vdsm-gencerts.sh > /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem > /etc/pki/vdsm/certs/vdsmcert.pem > [root@mdskvm-p01 vdsm]# > [root@mdskvm-p01 vdsm]# ls -altri /usr/libexec/vdsm/vdsm-gencerts.sh > /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem > /etc/pki/vdsm/certs/vdsmcert.pem > 67445862 -rwxr-xr-x. 1 root root 2362 Jul 9 05:36 > /usr/libexec/vdsm/vdsm-gencerts.sh > 45255 -rw——-. 1 vdsm kvm 5816 Sep 28 17:48 /etc/pki/vdsm/keys/vdsmkey.pem > 203185926 -rw——-. 1 vdsm kvm 1127 Sep 28 17:48 /etc/pki/vdsm/certs/cacert.pem > 203185790 -rw——-. 1 vdsm kvm 1241 Sep 28 17:48 > /etc/pki/vdsm/certs/vdsmcert.pem > [root@mdskvm-p01 vdsm]# > > > > >> On 9 Aug 2022, at 03:43, adam...@adagene.com.cn wrote: >> >> Solution: >> https://access.redhat.com/solutions/3532921 >> >> -----邮件原件----- >> 发件人: Andrei Verovski <andre...@starlett.lv> >> 发送时间: 2022年8月9日 3:14 >> 收件人: users@ovirt.org >> 主题: [ovirt-users] Certificates Expiration Problem - Urgent Help Needed >> >> Hi ! >> >> Today my hosts (engine + all nodes) certificates expired and I re-run >> engine-setup to renew certificates. >> >> Then I did for each node host: >> Edit host -> Advanced parameters -> Fetch SSH public key (PEM) in order to >> update certificates on nodes, everything was finished just fine. >> >> Unfortunately, one of the most crucial nodes (node14) still shows this >> error: >> >> VDSM node14 command Get Host Capabilities failed: PKIX path validation >> failed: java.security.cert.CertPathValidatorException: validity check failed >> >> Restarted vdsms and vdsm-network, still same, node is marked as >> non-responsive, and all VM with "?" sign (unknown status). >> >> However, node14 pings without any problem, its storage domain shown in green >> (OK), and all VMs are running fine. >> >> Service vdsm-network status is OK, vdsmd is NOT: >> Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket >> error, address: ::ffff:192.168.0.4 >> >> This node is running our accounting and stock control system, its storage >> domain holds VM disk of that software. If its nonoperational after restart, >> its a BIG trouble, I will not be able to migrate VM disk anywhere. Restoring >> accounting DB from daily backup is a lengthy process for 2 - 3 hours. >> >> Please advice what to do next. >> >> Thanks in advance. >> _______________________________________________ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: >> https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ERPAMDT2KO4W6VYYMNTYIMDHH7WTZGB/ >> _______________________________________________ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SLO6UKLSHM4IGYOAUVW25ZVV4B2FPCKY/ > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/FOC2BYMJVGB7BJDA4X2NT6LHAHMLLMYX/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C6WGV63BHPW5UXE7S53MI3Q6CWUQVFQ3/