OLVM: OlvmKvmCerts - Script to Check or Renew Hypervisor Certificates
(Doc ID 3008653.1)
Last updated on SEPTEMBER 30, 2024
Applies to:
Linux OS - Version Oracle Linux 7.9 and laterLinux x86-64
Goal
Script: OlvmKvmCerts
- Always download the script's latest version attached to this Document.
- If the Engine also has expired certificates, please renew the Engine certificates first - Doc ID 3006292.1
- The script was tested with OLVM 4.3, 4.4 and 4.5
- In case of any errors, please open up a Service Request at My Oracle Support.
Note:
Enrolling certificates by putting the host into maintenance mode is the recommended way of renewing the certificates.
Renewal of certificates using the OlvmKvmCerts script was introduced as a "desperate measure" for cases where customers forgot to re-enroll the certificates before expiration.
Once the renewal process is complete, please schedule the host maintenance, and re-enroll again by using the Admin Portal "Enroll" option.
List of changes:
- 20240222 - add clientcert.pem to /etc/pki/libvirt
- 20240222 - add /etc/pki/libvirt/* to the backup file
- 20240222 - fail script immediately if any host is unreachable
- 20240222 - skip libvirt-migrate certificates if 4.3
- 20240222 - get subject from the first certificate issued to the Hypervisor
- 20240304 - fix qemu cert regex that retrieves the cert subject
- 20240307 - fix libvirt-vnc/server-key.pem in 4.4
- 20240321 - fix ca files in case the engine-ca has changed
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |