move vm to another host

P

pischta

New Member
Nov 9, 2022
12
2
3
Hi,

I try to move a vm from a proxmox host to another proxmox host. I tried the qm remote-migrate command, but without success:
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:8006 (Connection reset by peer)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:443 (hostname verification failed)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
 
Hi,
pischta said:
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
Click to expand...
it should report the fingerprint it got from the server. Did you use the SHA256 fingerprint? You can check with openssl x509 -fingerprint -sha256 --noout < /path/to/your/certificate.pem. If that doesn't match, what if you check the fingerprint from /etc/pve/nodes/<insert your node name>/pve-ssl.pem?
 
pischta said:
Hi,

I try to move a vm from a proxmox host to another proxmox host. I tried the qm remote-migrate command, but without success:
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:8006 (Connection reset by peer)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:443 (hostname verification failed)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
Click to expand...
Have you checked that the destination host is reachable from the src host over the network? Maybe a firewall issue?
I also did remote migration already and retrieved the fingerprint from the destination host with

Code: 
pvenode cert info --output-format json | jq -r '.[1]["fingerprint"]'
 
For my education does the same happen if you use the UI for migration?
 
fiona said:
Did you use the SHA256 fingerprint? You can check with openssl x509 -fingerprint -sha256 --noout < /path/to/your/certificate.pem. If that doesn't match, what if you check the fingerprint from /etc/pve/nodes/<insert your node name>/pve-ssl.pem?
Click to expand...
Sorry for the late answer. The certificates are in the
/etc/pve/nodes/<my node name>/
folder. I used the output of your command for the migration, but the error message is the same. I tested with the fingerprint of the pveproxy-ssl.pem certificate too.
 
G0ldmember said:
Have you checked that the destination host is reachable from the src host over the network? Maybe a firewall issue?
I also did remote migration already and retrieved the fingerprint from the destination host with

Code: 
pvenode cert info --output-format json | jq -r '.[1]["fingerprint"]'
Click to expand...
Its output is the same as the output of the
openssl x509 -fingerprint -sha256 --noout < /etc/pve/nodes/<my node name>/pve-ssl.pem
command, and unfortunately I got the 'not verified, abort!' error message with that fingerprint.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back