I’ve a problem adding a new node to our running cluster (Version 3.4-11/6502936f).
I assume it coheres with our geoTrust wildcard ssl cert.
Due to some probs in the past we decided to supply our cluster with the official Geotrust SSL Cert. We managed this by following this howto: https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
Every thing went fine til today when we tried to add the new node.
Afterwards the new node is visible in the web interface. But ssh connects without password from this node to the others an vice versa are not working. Even so migration of VMs are not possible. The error is ‘problem with mirgration tunnel’
How can we solve this behaviour?
Any help is appreciated.
I assume it coheres with our geoTrust wildcard ssl cert.
Due to some probs in the past we decided to supply our cluster with the official Geotrust SSL Cert. We managed this by following this howto: https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
Every thing went fine til today when we tried to add the new node.
Code:
pvecm add 172.17.0.38
The authenticity of host '172.17.0.38 (172.17.0.38)' can't be established.
ECDSA key fingerprint is f9:1a:08:d3:fb:a0:f1:84:c9:75:35:78:03:78:11:44.
Are you sure you want to continue connecting (yes/no)? yes
root@172.17.0.38's password:
copy corosync auth key
stopping pve-cluster service
Stopping pve cluster filesystem: pve-cluster.
backup old database
Starting pve cluster filesystem : pve-cluster.
Starting cluster:
Checking if cluster has been disabled at boot... [ OK ]
Checking Network Manager... [ OK ]
Global setup... [ OK ]
Loading kernel modules... [ OK ]
Mounting configfs... [ OK ]
Starting cman... [ OK ]
Waiting for quorum... [ OK ]
Starting fenced... [ OK ]
Starting dlm_controld... [ OK ]
Tuning DLM kernel config... [ OK ]
Unfencing self... [ OK ]
waiting for quorum...OK
generating node certificates
Signature ok
subject=/OU=PVE Cluster Node/O=Proxmox Virtual Environment/CN=lx-vmhost-hh3.datamart.de
Getting CA Private Key
CA certificate and CA private key do not match
140356343514792:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:330:
unable to generate pve ssl certificate:
command 'openssl x509 -req -in /tmp/pvecertreq-5041.tmp -days 3650 -out /etc/pve/nodes/lx-vmhost-hh3/pve-ssl.pem -CAkey /etc/pve/priv/pve-root-ca.key -CA /etc/pve/pve-root-ca.pem -CAserial /etc/pve/priv/pve-root-ca.srl -extfile /tmp/pvesslconf-5041.tmp' failed: exit code 1
root@lx-vmhost-hh3:~#
Afterwards the new node is visible in the web interface. But ssh connects without password from this node to the others an vice versa are not working. Even so migration of VMs are not possible. The error is ‘problem with mirgration tunnel’
How can we solve this behaviour?
Any help is appreciated.