Replies: 2 comments
-
|
I was able to recover the KVM host successfully using following steps.
|
Beta Was this translation helpful? Give feedback.
-
|
Great writeup, this will save people a ton of time! One thing worth adding for anyone else hitting this: expired libvirt/agent certs are usually a symptom of the cert validity period being left at the CloudStack default (90 days in older setups), so bumping ca.framework.cert.validity.period like you did is the right long term fix, but it's also worth setting a calendar reminder or monitoring check on cert expiry dates going forward since KVM hosts going dark from expired certs with no warning is a rough way to find out. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Guys
I'm running CS 4.20.2.0 in a single node where management and agent is running on the same machine. Libvirt certificates have been expired and I am not sure how to properly regenerate them manually as I cannot provision host keys neither using UK nor using CMK. Following certs have expiresd:
/etc/pki/libvirt/servercert.pem
/etc/pki/libvirt/clientcert.pem
/etc/cloudstack/agent/cloud.crt
As libvirt and agent are both failed, management is unable to provision host keys.
I have also tried following cmk command:
cmk provision certificate hostid=97cd673c-a651-4580-8a2c-f302265906b6 reconnect=true forced=true
Also note that no explicit ca plugin is specified in management or agent properties
Please guide me through proper way of host keys and agent cert recovery so that trust chain won't break.
Beta Was this translation helpful? Give feedback.
All reactions