move vm to another host

pischta

New Member
Nov 9, 2022
12
2
3
Hi,

I try to move a vm from a proxmox host to another proxmox host. I tried the qm remote-migrate command, but without success:
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:8006 (Connection reset by peer)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:443 (hostname verification failed)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
 
Hi,
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
it should report the fingerprint it got from the server. Did you use the SHA256 fingerprint? You can check with openssl x509 -fingerprint -sha256 --noout < /path/to/your/certificate.pem. If that doesn't match, what if you check the fingerprint from /etc/pve/nodes/<insert your node name>/pve-ssl.pem?
 
Hi,

I try to move a vm from a proxmox host to another proxmox host. I tried the qm remote-migrate command, but without success:
qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:8006 (Connection reset by peer)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
500 Can't connect to target-host-name:443 (hostname verification failed)

qm remote-migrate 104 101 'apitoken=PVEAPIToken=root@pam!migration=<api token>,host=target-host-name,fingerprint=<fingerprint>,port=443' --target-bridge vmbr0 --target-storage xyz-zfs
fingerprint '<another-fingerprint-from-where?>' not verified, abort!
In the last command, I copied the fingerprint from the target Proxmox host. I selected the custom certificate I created. I don't understand that the fingerprint in the error message is come from where?
Have you checked that the destination host is reachable from the src host over the network? Maybe a firewall issue?
I also did remote migration already and retrieved the fingerprint from the destination host with

Code:
pvenode cert info --output-format json | jq -r '.[1]["fingerprint"]'
 
Did you use the SHA256 fingerprint? You can check with openssl x509 -fingerprint -sha256 --noout < /path/to/your/certificate.pem. If that doesn't match, what if you check the fingerprint from /etc/pve/nodes/<insert your node name>/pve-ssl.pem?
Sorry for the late answer. The certificates are in the
/etc/pve/nodes/<my node name>/
folder. I used the output of your command for the migration, but the error message is the same. I tested with the fingerprint of the pveproxy-ssl.pem certificate too.
 
Have you checked that the destination host is reachable from the src host over the network? Maybe a firewall issue?
I also did remote migration already and retrieved the fingerprint from the destination host with

Code:
pvenode cert info --output-format json | jq -r '.[1]["fingerprint"]'
Its output is the same as the output of the
openssl x509 -fingerprint -sha256 --noout < /etc/pve/nodes/<my node name>/pve-ssl.pem
command, and unfortunately I got the 'not verified, abort!' error message with that fingerprint.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!