This section describes how to update the libvirt certificates
managed by salt-minion.
To update the libvirt certificates managed by salt-minion:
Log in to the Salt Master node.
Create certificate backups for all compute nodes:
salt -C 'I@nova:compute' cmd.run 'cp -pr /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-cert.pem_$(date +"%Y_%m_%d").bak'
Remove your current certificates from each compute node:
salt -C 'I@nova:compute' cmd.run 'rm -rf /etc/pki/libvirt-vnc/server-cert.pem'
Apply the salt.minion.grains state for all compute nodes to
retrieve the CA certificate from Salt Master:
salt -C 'I@nova:compute' state.sls salt.minion.grains test=true -b 1
salt -C 'I@nova:compute' state.sls salt.minion.grains -b 1
Apply the salt.minion.cert state for all compute nodes:
salt -C 'I@nova:compute' state.sls salt.minion.cert test=true -b 2
salt -C 'I@nova:compute' state.sls salt.minion.cert -b 2
Restart the libvrit service on one of the compute nodes:
salt '*cmp*' cmd.run 'service libvirtd restart'
Verify that the service has restarted successfully:
salt '*cmp*' cmd.run 'service libvirtd status'
Restart the libvirt service and apply the nova state on the remaining
nova compute nodes:
salt -C 'I@nova:compute' cmd.run 'service libvirtd restart' -b 1
salt -C 'I@nova:compute' state.sls nova test=true -b 2
salt -C 'I@nova:compute' state.sls nova -b 2