ganeti 3.1 gnt-backup import breaks with socat errors
33 views
Skip to first unread message
Daniel Howard
Apr 10, 2025, 4:20:08 PMApr 10
to Ganeti Users list
I am trying to migrate from an older cluster to a new one running ganeti-3.1.0~rc2-2. Importing a VM via:
gnt-backup import -n dr64-horse.<domain> -t plain --ignore-ipolicy testinstance.<domain>
I get errors:
socat: W OpenSSL: Warning: this implementation does not check CRLs
socat: E certificate is valid but its commonName does not match hostname "dr64-horse.<domain>"
socat: E certificate is valid but its commonName does not match hostname "dr64-horse.<domain>"
Ahhhhhh, freaking SSL! I copied the disk image to the host via SSH and now I want to load it locally so I really don't care about SSL. Does anyone have an idea of what's going on and an easy fix?
It looks like the only error is the certificate name ...
On the destination system, running Ubuntu 24.04, the socat package is version 1.8.0.0-4build3
I tried gnt-cluster renew-crypto --new-cluster-certificate to no avail.
Daniel Howard
Apr 10, 2025, 4:36:18 PMApr 10
to Ganeti Users list
It looks like I am hitting https://github.com/ganeti/ganeti/issues/1681 and rbott merged a fix in January per https://github.com/ganeti/ganeti/pull/1699 ... and then https://github.com/ganeti/ganeti/commit/a0a6164e7063254c6e63c90eb9e2c6cb8451b325 ...
root@dr64-horse:/var/lib/ganeti# certtool -i < client.pem | grep Subject:
Subject: CN=dr64-horse.<domain>
root@dr64-horse:/var/lib/ganeti# certtool -i < server.pem | grep Subject:
Subject: CN=ganeti.example.com
Subject: CN=dr64-horse.<domain>
root@dr64-horse:/var/lib/ganeti# certtool -i < server.pem | grep Subject:
Subject: CN=ganeti.example.com
Should these be matchy-matchy?
Daniel Howard
Apr 10, 2025, 7:35:50 PMApr 10
to Ganeti Users list
My fix for now:
# https://github.com/ganeti/ganeti/issues/1681
- name: Hotpatch socat invocation
when: ganeti_version == '3.1.0~rc2-2'
ansible.builtin.lineinfile:
path: /usr/share/ganeti/3.1/ganeti/impexpd/__init__.py
regexp: '^SOCAT_OPENSSL_OPTS = ["verify=.", "cipher=%s" % constants.OPENSSL_CIPHERS]$'
line: 'SOCAT_OPENSSL_OPTS = ["verify=0", "cipher=%s" % constants.OPENSSL_CIPHERS]'
- name: Hotpatch socat invocation
when: ganeti_version == '3.1.0~rc2-2'
ansible.builtin.lineinfile:
path: /usr/share/ganeti/3.1/ganeti/impexpd/__init__.py
regexp: '^SOCAT_OPENSSL_OPTS = ["verify=.", "cipher=%s" % constants.OPENSSL_CIPHERS]$'
line: 'SOCAT_OPENSSL_OPTS = ["verify=0", "cipher=%s" % constants.OPENSSL_CIPHERS]'
On Thu, Apr 10, 2025 at 1:19 PM Daniel Howard <dann...@toldme.com> wrote:
Sascha Lucas
Apr 11, 2025, 2:16:29 AMApr 11
to Ganeti Users list
Hi Daniel,
On Thu, 10 Apr 2025, Daniel Howard wrote:
> On Thu, Apr 10, 2025 at 1:19 PM Daniel Howard <dann...@toldme.com> wrote:
>
>> I am trying to migrate from an older cluster to a new one running
>> ganeti-3.1.0~rc2-2. Importing a VM via:
>>
>> *gnt-backup import -n dr64-horse.<domain> -t plain --ignore-ipolicy
>> testinstance.<domain>*
OTOH instead of sharing a backup-dir between 2 clusters and using
export/import you cloud use directly `move-instance`[2] to transfer
instances between clusters.
HTH, Sascha.
[1] https://github.com/ganeti/ganeti/pull/1840
[2] https://docs.ganeti.org/docs/ganeti/3.0/html/move-instance.html
On Thu, 10 Apr 2025, Daniel Howard wrote:
> On Thu, Apr 10, 2025 at 1:19 PM Daniel Howard <dann...@toldme.com> wrote:
>
>> I am trying to migrate from an older cluster to a new one running
>> ganeti-3.1.0~rc2-2. Importing a VM via:
>>
>> testinstance.<domain>*
>>
>> I get errors:
>>
>> socat: W OpenSSL: Warning: this implementation does not check CRLs
>> socat: E certificate is valid but its commonName does not match hostname
>> "dr64-horse.<domain>"
It seems you hit #1840[1]. This one is not in rc2...
>> I get errors:
>>
>> socat: W OpenSSL: Warning: this implementation does not check CRLs
>> socat: E certificate is valid but its commonName does not match hostname
>> "dr64-horse.<domain>"
OTOH instead of sharing a backup-dir between 2 clusters and using
export/import you cloud use directly `move-instance`[2] to transfer
instances between clusters.
HTH, Sascha.
[1] https://github.com/ganeti/ganeti/pull/1840
[2] https://docs.ganeti.org/docs/ganeti/3.0/html/move-instance.html
Reply all
Reply to author
Forward
0 new messages