D
Deleted member 33567
Guest
Hi,
Is this behaviour normal?
I run HA cluster with Ceph, this was a server from node3, where it seems back in April i forgot to replace the /etc/pve/local/pve-ssl.pem and /etc/pve/local/pve-ssl.key .
After replacing the files it works all good.
If on cluster most people will use same domain... I would like to see a option to have the SSL .key and .pem files shared across the clusters for easier management.
If I need to replace SSL I do it once in a node, such is a normal behavior in a cluster environment.
Any plans to add such an option in future?
Is this behaviour normal?
Code:
kvm: -vnc unix:/var/run/qemu-server/807170.vnc,x509,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired
Code:
TASK ERROR: start failed: command '/usr/bin/kvm -id 807170 -name Copy-of-NETops -chardev 'socket,id=qmp,path=/var/run/qemu-server/807170.qmp,server,nowait' -mon 'chardev=qmp,mode=control' -pidfile /var/run/qemu-server/807170.pid -daemonize -smbios 'type=1,uuid=xxxxx' -smp '1,sockets=1,cores=1,maxcpus=1' -nodefaults -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' -vga std -vnc unix:/var/run/qemu-server/807170.vnc,x509,password -cpu kvm64,+lahf_lm,+sep,+kvm_pv_unhalt,+kvm_pv_eoi,enforce -m 'size=1024,slots=255,maxmem=4194304M' -object 'memory-backend-ram,id=ram-node0,size=1024M' -numa 'node,nodeid=0,cpus=0,memdev=ram-node0' -object 'memory-backend-ram,id=mem-dimm0,size=512M' -device 'pc-dimm,id=dimm0,memdev=mem-dimm0,node=0' -object 'memory-backend-ram,id=mem-dimm1,size=512M' -device 'pc-dimm,id=dimm1,memdev=mem-dimm1,node=0' -object 'memory-backend-ram,id=mem-dimm2,size=512M' -device 'pc-dimm,id=dimm2,memdev=mem-dimm2,node=0' -object 'memory-backend-ram,id=mem-dimm3,size=512M' -device 'pc-dimm,id=dimm3,memdev=mem-dimm3,node=0' -object 'memory-backend-ram,id=mem-dimm4,size=512M' -device 'pc-dimm,id=dimm4,memdev=mem-dimm4,node=0' -object 'memory-backend-ram,id=mem-dimm5,size=512M' -device 'pc-dimm,id=dimm5,memdev=mem-dimm5,node=0' -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' -chardev 'socket,id=serial0,path=/var/run/qemu-server/807170.serial0,server,nowait' -device 'isa-serial,chardev=serial0' -chardev 'socket,path=/var/run/qemu-server/807170.qga,server,nowait,id=qga0' -device 'virtio-serial,id=qga0,bus=pci.0,addr=0x8' -device 'virtserialport,chardev=qga0,name=org.qemu.guest_agent.0' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' -drive 'if=none,id=drive-ide2,media=cdrom,aio=threads' -device 'ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=200' -device 'lsi,id=scsihw0,bus=pci.0,addr=0x5' -drive 'file=rbd:vm-pool/vm-807170-disk-1:mon_host=xxx:auth_supported=cephx:id=admin:keyring=/etc/pve/priv/ceph/vm-store.keyring,if=none,id=drive-scsi1,format=raw,cache=none,aio=native,detect-zeroes=on' -device 'scsi-hd,bus=scsihw0.0,scsi-id=1,drive=drive-scsi1,id=scsi1,bootindex=100' -netdev 'type=tap,id=net0,ifname=tap807170i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' -device 'virtio-net-pci,mac=AA:CC:EE:AC:C7:DC,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' -netdev 'type=tap,id=net1,ifname=tap807170i1,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' -device 'virtio-net-pci,mac=AA:CC:EE:C1:92:5A,netdev=net1,bus=pci.0,addr=0x13,id=net1,bootindex=301'' failed: exit code 1
I run HA cluster with Ceph, this was a server from node3, where it seems back in April i forgot to replace the /etc/pve/local/pve-ssl.pem and /etc/pve/local/pve-ssl.key .
After replacing the files it works all good.
If on cluster most people will use same domain... I would like to see a option to have the SSL .key and .pem files shared across the clusters for easier management.
If I need to replace SSL I do it once in a node, such is a normal behavior in a cluster environment.
Any plans to add such an option in future?