Cause: In cases where the hardware clock on a host is incorrect or set to local time, and time synchronization is not configured in Anaconda but is configured after installation, it is possible for the system time to jump backwards.
Consequence: `vdsm-tool` is run on the first boot of Node, and generates a self-signed SSL certificate which is valid for one year from the time it was generated. If the time moves backwards, it is possible for this certificate to not be valid once the system time is corrected.
Fix: oVirt Node now includes "--utc" as part of the default interactive Anaconda configuration to resolve differences between local and UTC hardware clocks. Additionally, vdsm-tool now generates certificates which are valid 24 hours prior to the time "vdsm-tool" is run (the first boot, in the case of Node).
Result: System clock drift is mitigated, and Node now follows the same pattern for certificate validity as oVirt Engine, with a 24 hour window for validity.