Your message dated Fri, 2 Sep 2011 21:47:02 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-libvirt-maintainers] Bug#640135: libvirt-bin:
configuration file broken: paths for key_file and cert_file swapped
has caused the Debian Bug report #640135,
regarding libvirt-bin: configuration file broken: paths for key_file and
cert_file swapped
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
640135: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640135
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvirt-bin
Version: 0.9.3-5
Severity: important
When starting /etc/init.d/libvirt-bin after upgrading to libvirt-bin 0.9.3-5
we experience the following issue: (from debug = 1)
20:25:20.034: 10262: debug : virNetTLSContextNew:190 :
cacert=/etc/pki/CA/cacert.pem cacrl=(null)
cert=/etc/pki/libvirt/private/miro_serverkey.pem
key=/etc/pki/libvirt/miro_servercert.pem requireValid=1 isServer=1
20:25:20.035: 10262: debug : virNetTLSContextLoadCredentials:112 : loading
CA cert from /etc/pki/CA/cacert.pem
20:25:20.036: 10262: debug : virNetTLSContextLoadCredentials:154 : loading
cert and key from /etc/pki/libvirt/private/miro_serverkey.pem and
/etc/pki/libvirt/miro_servercert.pem
20:25:20.036: 10262: error : virNetTLSContextLoadCredentials:162 : Unable to
set x509 key and certificate: /etc/pki/libvirt/miro_servercert.pem,
etc/pki/libvirt/private/miro_serverkey.pem: Base64 unexpected header error.
And libvirtd won't start.
However, when we swap the strings for key_file and cert_file libvirtd
starts.
Differences for /etc/libvirt/libvirtd.conf attched show the working version
of the configuration file. Especially:
key_file = "/etc/pki/libvirt/miro_servercert.pem"
cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
Here the key_file entry needs to point to the servercert.pem
while cert_file needs to point to the serverkey.pem
to get the init script /etc/init.d/libvirt-bin working.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libvirt-bin depends on:
ii adduser 3.113 add and remove users and groups
ii gettext 0.18.1.1-4 GNU Internationalization utilities
ii libavah 0.6.30-5 Avahi client library
ii libavah 0.6.30-5 Avahi common library
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libcap- 0.6.6-1 An alternate POSIX capabilities li
ii libdevm 2:1.02.63-3.1 The Linux Kernel Device Mapper use
ii libgcry 1.4.6-9 LGPL Crypto library - runtime libr
ii libgnut 2.12.7-8 GNU TLS library - runtime library
ii libnl1 1.1-7 library for dealing with netlink s
ii libpart 2.3-8 disk partition manipulator - share
ii libpcia 0.12.1-1 Generic PCI access library for X
ii libread 6.2-2 GNU readline and history libraries
ii libsasl 2.1.24~rc1.dfsg1+cvs2011-05-23-4 Cyrus SASL - authentication abstra
ii libudev 172-1 libudev shared library
ii libuuid 2.19.1-5 Universally Unique ID library
ii libvirt 0.9.3-5 library for interfacing with diffe
ii libxens 4.1.1-2 Xenstore communications library fo
ii libxml2 2.7.8.dfsg-4 GNOME XML library
ii logrota 3.7.8-6 Log rotation utility
Versions of packages libvirt-bin recommends:
ii bridge-utils 1.5-2 Utilities for configuring the Linu
ii dmidecode 2.9-1.2 Dump Desktop Management Interface
ii dnsmasq-base 2.57-1 A small caching DNS proxy and DHCP
ii ebtables 2.0.9.2-2 Ethernet bridge frame table admini
ii gawk 1:3.1.8+dfsg-0.1 GNU awk, a pattern scanning and pr
ii iproute 20110629-1 networking and traffic control too
ii iptables 1.4.12-1 administration tools for packet fi
ii libxml2-utils 2.7.8.dfsg-4 XML utilities
ii netcat-openbsd 1.89-4 TCP/IP swiss army knife
ii qemu 0.14.1+dfsg-3 fast processor emulator
ii qemu-kvm 0.14.1+dfsg-4 Full virtualization on x86 hardwar
Versions of packages libvirt-bin suggests:
ii policykit-1 0.102-1 framework for managing administrat
pn radvd <none> (no description available)
-- Configuration Files:
/etc/default/libvirt-bin changed:
start_libvirtd="yes"
libvirtd_opts="--listen"
/etc/libvirt/libvirtd.conf changed:
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
key_file = "/etc/pki/libvirt/miro_servercert.pem"
cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
ca_file = "/etc/pki/CA/cacert.pem"
log_level = 1
/etc/libvirt/qemu.conf changed:
vnc_listen = "0.0.0.0"
vnc_tls = 1
user = "libvirt-qemu"
group = "kvm"
dynamic_ownership = 0
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi Wolfgang,
On Fri, Sep 02, 2011 at 08:32:27PM +0200, Wolfgang Walkowiak wrote:
>
> Package: libvirt-bin
> Version: 0.9.3-5
> Severity: important
>
>
> When starting /etc/init.d/libvirt-bin after upgrading to libvirt-bin 0.9.3-5
> we experience the following issue: (from debug = 1)
>
> 20:25:20.034: 10262: debug : virNetTLSContextNew:190 :
> cacert=/etc/pki/CA/cacert.pem cacrl=(null)
> cert=/etc/pki/libvirt/private/miro_serverkey.pem
> key=/etc/pki/libvirt/miro_servercert.pem requireValid=1 isServer=1
> 20:25:20.035: 10262: debug : virNetTLSContextLoadCredentials:112 : loading
> CA cert from /etc/pki/CA/cacert.pem
> 20:25:20.036: 10262: debug : virNetTLSContextLoadCredentials:154 : loading
> cert and key from /etc/pki/libvirt/private/miro_serverkey.pem and
> /etc/pki/libvirt/miro_servercert.pem
> 20:25:20.036: 10262: error : virNetTLSContextLoadCredentials:162 : Unable to
> set x509 key and certificate: /etc/pki/libvirt/miro_servercert.pem,
> etc/pki/libvirt/private/miro_serverkey.pem: Base64 unexpected header error.
Using the default options uncommented in 0.9.4-2 I see:
21:44:11.353: 21441: debug : virNetTLSContextNew:666 :
cacert=/etc/pki/CA/cacert.pem cacrl=(null) cert=/etc/pki/libvirt/servercert.pem
key=/etc/pki/libvirt/private/serverkey.pem sanityCheckCert=1 requireValid=1
isServer=1
so this looks fixed in 0.9.4-2. Please reopen if this is not the case
and you're having problems
Cheers,
-- Guido
>
> And libvirtd won't start.
>
> However, when we swap the strings for key_file and cert_file libvirtd
> starts.
>
> Differences for /etc/libvirt/libvirtd.conf attched show the working version
> of the configuration file. Especially:
> key_file = "/etc/pki/libvirt/miro_servercert.pem"
> cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
> Here the key_file entry needs to point to the servercert.pem
> while cert_file needs to point to the serverkey.pem
> to get the init script /etc/init.d/libvirt-bin working.
>
> -- System Information:
> Debian Release: wheezy/sid
> APT prefers testing
> APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
> 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages libvirt-bin depends on:
> ii adduser 3.113 add and remove users and groups
> ii gettext 0.18.1.1-4 GNU Internationalization
> utilities
> ii libavah 0.6.30-5 Avahi client library
> ii libavah 0.6.30-5 Avahi common library
> ii libc6 2.13-16 Embedded GNU C Library: Shared
> lib
> ii libcap- 0.6.6-1 An alternate POSIX capabilities
> li
> ii libdevm 2:1.02.63-3.1 The Linux Kernel Device Mapper
> use
> ii libgcry 1.4.6-9 LGPL Crypto library - runtime
> libr
> ii libgnut 2.12.7-8 GNU TLS library - runtime library
> ii libnl1 1.1-7 library for dealing with netlink
> s
> ii libpart 2.3-8 disk partition manipulator -
> share
> ii libpcia 0.12.1-1 Generic PCI access library for X
> ii libread 6.2-2 GNU readline and history
> libraries
> ii libsasl 2.1.24~rc1.dfsg1+cvs2011-05-23-4 Cyrus SASL - authentication
> abstra
> ii libudev 172-1 libudev shared library
> ii libuuid 2.19.1-5 Universally Unique ID library
> ii libvirt 0.9.3-5 library for interfacing with
> diffe
> ii libxens 4.1.1-2 Xenstore communications library
> fo
> ii libxml2 2.7.8.dfsg-4 GNOME XML library
> ii logrota 3.7.8-6 Log rotation utility
>
> Versions of packages libvirt-bin recommends:
> ii bridge-utils 1.5-2 Utilities for configuring the
> Linu
> ii dmidecode 2.9-1.2 Dump Desktop Management
> Interface
> ii dnsmasq-base 2.57-1 A small caching DNS proxy and
> DHCP
> ii ebtables 2.0.9.2-2 Ethernet bridge frame table
> admini
> ii gawk 1:3.1.8+dfsg-0.1 GNU awk, a pattern scanning and
> pr
> ii iproute 20110629-1 networking and traffic control
> too
> ii iptables 1.4.12-1 administration tools for packet
> fi
> ii libxml2-utils 2.7.8.dfsg-4 XML utilities
> ii netcat-openbsd 1.89-4 TCP/IP swiss army knife
> ii qemu 0.14.1+dfsg-3 fast processor emulator
> ii qemu-kvm 0.14.1+dfsg-4 Full virtualization on x86
> hardwar
>
> Versions of packages libvirt-bin suggests:
> ii policykit-1 0.102-1 framework for managing
> administrat
> pn radvd <none> (no description available)
>
> -- Configuration Files:
> /etc/default/libvirt-bin changed:
> start_libvirtd="yes"
> libvirtd_opts="--listen"
>
> /etc/libvirt/libvirtd.conf changed:
> unix_sock_group = "libvirt"
> unix_sock_rw_perms = "0770"
> auth_unix_ro = "none"
> auth_unix_rw = "none"
> key_file = "/etc/pki/libvirt/miro_servercert.pem"
> cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
> ca_file = "/etc/pki/CA/cacert.pem"
> log_level = 1
>
> /etc/libvirt/qemu.conf changed:
> vnc_listen = "0.0.0.0"
> vnc_tls = 1
> user = "libvirt-qemu"
> group = "kvm"
> dynamic_ownership = 0
>
>
> -- no debconf information
>
>
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> [email protected]
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
--- End Message ---
