[SOLVED] Console not running without valid SSL

D

Deleted member 33567

Guest
Hi,

Is this behaviour normal?

Code: 
kvm: -vnc unix:/var/run/qemu-server/807170.vnc,x509,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

Code: 
TASK ERROR: start failed: command '/usr/bin/kvm -id 807170 -name Copy-of-NETops -chardev 'socket,id=qmp,path=/var/run/qemu-server/807170.qmp,server,nowait' -mon 'chardev=qmp,mode=control' -pidfile /var/run/qemu-server/807170.pid -daemonize -smbios 'type=1,uuid=xxxxx' -smp '1,sockets=1,cores=1,maxcpus=1' -nodefaults -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' -vga std -vnc unix:/var/run/qemu-server/807170.vnc,x509,password -cpu kvm64,+lahf_lm,+sep,+kvm_pv_unhalt,+kvm_pv_eoi,enforce -m 'size=1024,slots=255,maxmem=4194304M' -object 'memory-backend-ram,id=ram-node0,size=1024M' -numa 'node,nodeid=0,cpus=0,memdev=ram-node0' -object 'memory-backend-ram,id=mem-dimm0,size=512M' -device 'pc-dimm,id=dimm0,memdev=mem-dimm0,node=0' -object 'memory-backend-ram,id=mem-dimm1,size=512M' -device 'pc-dimm,id=dimm1,memdev=mem-dimm1,node=0' -object 'memory-backend-ram,id=mem-dimm2,size=512M' -device 'pc-dimm,id=dimm2,memdev=mem-dimm2,node=0' -object 'memory-backend-ram,id=mem-dimm3,size=512M' -device 'pc-dimm,id=dimm3,memdev=mem-dimm3,node=0' -object 'memory-backend-ram,id=mem-dimm4,size=512M' -device 'pc-dimm,id=dimm4,memdev=mem-dimm4,node=0' -object 'memory-backend-ram,id=mem-dimm5,size=512M' -device 'pc-dimm,id=dimm5,memdev=mem-dimm5,node=0' -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' -chardev 'socket,id=serial0,path=/var/run/qemu-server/807170.serial0,server,nowait' -device 'isa-serial,chardev=serial0' -chardev 'socket,path=/var/run/qemu-server/807170.qga,server,nowait,id=qga0' -device 'virtio-serial,id=qga0,bus=pci.0,addr=0x8' -device 'virtserialport,chardev=qga0,name=org.qemu.guest_agent.0' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' -drive 'if=none,id=drive-ide2,media=cdrom,aio=threads' -device 'ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=200' -device 'lsi,id=scsihw0,bus=pci.0,addr=0x5' -drive 'file=rbd:vm-pool/vm-807170-disk-1:mon_host=xxx:auth_supported=cephx:id=admin:keyring=/etc/pve/priv/ceph/vm-store.keyring,if=none,id=drive-scsi1,format=raw,cache=none,aio=native,detect-zeroes=on' -device 'scsi-hd,bus=scsihw0.0,scsi-id=1,drive=drive-scsi1,id=scsi1,bootindex=100' -netdev 'type=tap,id=net0,ifname=tap807170i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' -device 'virtio-net-pci,mac=AA:CC:EE:AC:C7:DC,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' -netdev 'type=tap,id=net1,ifname=tap807170i1,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' -device 'virtio-net-pci,mac=AA:CC:EE:C1:92:5A,netdev=net1,bus=pci.0,addr=0x13,id=net1,bootindex=301'' failed: exit code 1

I run HA cluster with Ceph, this was a server from node3, where it seems back in April i forgot to replace the /etc/pve/local/pve-ssl.pem and /etc/pve/local/pve-ssl.key .

After replacing the files it works all good.

If on cluster most people will use same domain... I would like to see a option to have the SSL .key and .pem files shared across the clusters for easier management.

If I need to replace SSL I do it once in a node, such is a normal behavior in a cluster environment.

Any plans to add such an option in future?
 
they are shared across the cluster, but each node has its own set of key/certs under /etc/pve/nodes/NODENAME/pve-ssl.[pem/key]
 
Anyhow this is confusing for many. While my missing ssl was reported from /etc/pve/local/ . I do not see the point of asking if they are shared. SSL's are queried from one location only in production. Or?
 
UHL-Services said:
Anyhow this is confusing for many. While my missing ssl was reported from /etc/pve/local/ . I do not see the point of asking if they are shared. SSL's are queried from one location only in production. Or?
Click to expand...
i do not really understand your question

each host has its own pve-ssl.key/pem in /etc/pve/nodes/NODENAME/

on each host the folder /etc/pve/local points to the folder of the current node in /etc/pve/nodes
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back