Re: engine-back/restore and engine-setup issues wi...

SubuRama · ‎02-08-2024

The last section of RH318, Section 15.5 has a lab for engine backup, cleanup, restore followed by a setup.

However, the setup fails with messages about expired certificates.

Is the only way to recover from this, a delete and recreate of the lab environment?

In the classroom this might be OK. How do I resolve this issue when real, production VMs on real infrastructure is at play?

Subu

Fran_Garcia · ‎02-09-2024

The latest version of RHV (SP1, or 4.5.x) has a very easy way to recover an environment with expired certificates; it's just a matter of ensuring the manager has up-to-date ones (you can regenerate them with engine-setup --offline), and the hosts can be re-onboarded as described here: https://access.redhat.com/solutions/6865861

Environments that get their certificates re-issued with the process above get a 5 year certificate validity, so long enough not to cause troubles. However, certificate validity monitoring is one of the core tasks of a competent IT practise (and this is for RHV , or any other product using SSL certs).

SubuRama · ‎02-09-2024

Thank you. However, I am asking specifically about the lab env issues where the "certificates" seem to have "already expired". (Section 15.5 of RH318 course)

As per the article you reference:

"If RHV host certificates expire, the manual renewal process is tedious and prone to errors. Do not let host certificates expire."

I am wondering if something needs to change in the lab setup procedure on Red Hat's end.

Thank you
Subu

engine-back/restore and engine-setup issues with expired certificates