I would re-enroll the hosts from the web UI to verify that some cert was not
missed.
Best Regards,Strahil Nikolov
On Thu, Sep 1, 2022 at 19:42, Kilian Ries<m...@kilian-ries.de> wrote:
<!--#yiv6336353077 P {margin-top:0;margin-bottom:0;}-->
Hi,
im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL
certificates expired. After that, i changed all the certificates on the engine
via "engine-upgrade" command and issued new vdsm client certificates. Then i
copied the new certificates to my ovirt nodes and restarted vdsmd (systemctl
restart vdsmd).
Now i'm still not able to connect to my ovirt nodes. In the engine log i can
see the following error:
###
2022-09-01 18:25:51,822+02 INFO
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) []
Connecting to /192.168.xx.xx
2022-09-01 18:25:51,827+02 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable
to process messages The server selected protocol version TLS10 is not accepted
by client preferences [TLS12]
2022-09-01 18:25:51,829+02 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to
RefreshCapabilities: VDSNetworkException: VDSGenericException:
VDSNetworkException: The server selected protocol version TLS10 is not accepted
by client preferences [TLS12]
###
I searched my vdsm client config but i cannot see any specific TLS version set
(every option with TLS is commented - seems to be the default):
###
$grep -R -i TLS /etc/vdsm/
/etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1
/etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g.
OP_NO_TLSv1,
/etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are
enabled.
###
On the engine i didn't find any setting to set a specific TLS version - there
seems to have been a setting (VdsmSSLProtocol) but that got deprecated years
ago.
Does anybody know why my engine is still not able to connect to the client
vdsmd?
I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't work
...
Thanks
Regards,
Kilian
PS:
Name : vdsm
Architektur : x86_64
Version : 4.19.37
Ausgabe : 1.el7.centos
Name : ovirt-engine
Architektur : noarch
Version : 4.2.8.2
Ausgabe : 1.el7
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QCSD37GWDX5WX7K4AWM7EE3NVZBMJN5I/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U3BZ6KTTLUEV7MVTBEXQOEEOO5EKVHV5/
