[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
Hi, this issue should be fixed by: https://gerrit.ovirt.org/#/q/topic:remove-non-socket-activation-libvirt-support+(status:open+OR+status:merged) if you could provide any feedback whether it works for you, that would be great. Thanks, Marcin On 3/24/20 2:34 PM, Milan Zamazal wrote: Marcin Sobczyk writes: Hi, On 3/24/20 10:28 AM, Milan Zamazal wrote: Hi, I've experienced a problem with host deploy and oVirt master last week in an environment with TLS disabled. When I install/reinstall a 4.4 host, it removes the following options from /etc/libvirt/libvirtd.conf: ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" As a result, libvirt refuses to start, complaining about missing certificates and keys in their default locations. And this is where things start to get blurry... Since you're trying out a non-TLS environment I guess that vdsm-tool added to 'libvirtd.conf': auth_tcp: "none" listen_tcp: 1 listen_tls: 0 right? Yes. But supervdsmd's service definition still requires libvirtd-tls.socket and that might cause libvirtd to complain. Could you please try manually removing the libvirtd-tls.socket dependency, disabling this unit and see if libvirtd still complains? If I disable the dependency, libvirt/Vdsm starts happily. Does anybody who uses a non-TLS environment experience the same problem? Can it be related to the fact that we require libvirtd-tls service from the split libvirtd services now? (Yes, I know TLS should always be used, but that is a shared development environment where TLS is disabled for whatever reason.) Thanks, Milan ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/DJKFCUAY3YQA2RG6PUFSQDF7UYUF7GYE/
[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
> On 24 Mar 2020, at 13:47, Nir Soffer wrote: > > On Tue, Mar 24, 2020 at 11:29 AM Milan Zamazal wrote: >> >> Hi, I've experienced a problem with host deploy and oVirt master last >> week in an environment with TLS disabled. When I install/reinstall a >> 4.4 host, it removes the following options from >> /etc/libvirt/libvirtd.conf: >> >> ca_file="/etc/pki/vdsm/certs/cacert.pem" >> cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" >> key_file="/etc/pki/vdsm/keys/vdsmkey.pem" >> >> As a result, libvirt refuses to start, complaining about missing >> certificates and keys in their default locations. >> >> Does anybody who uses a non-TLS environment experience the same problem? >> Can it be related to the fact that we require libvirtd-tls service from >> the split libvirtd services now? >> >> (Yes, I know TLS should always be used, but that is a shared development >> environment where TLS is disabled for whatever reason.) > > TLS-less setup is not supported and likely to break. I would not spend too > much > time on trying to fix it. It’s a debugging-friendly environment. If you ever tried to “deploy” all teh certificates to the right places manually…. of course it’s not supported > ___ > Devel mailing list -- devel@ovirt.org > To unsubscribe send an email to devel-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/devel@ovirt.org/message/QK6Y6TNSIKJSMJGAGJNTEYMNGYMW6OF5/ ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/6XMJIKZ4H56ELY4XFSXJXJ4TVRTOZNWI/
[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
Marcin Sobczyk writes: > Hi, > > On 3/24/20 10:28 AM, Milan Zamazal wrote: >> Hi, I've experienced a problem with host deploy and oVirt master last >> week in an environment with TLS disabled. When I install/reinstall a >> 4.4 host, it removes the following options from >> /etc/libvirt/libvirtd.conf: >> >>ca_file="/etc/pki/vdsm/certs/cacert.pem" >>cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" >>key_file="/etc/pki/vdsm/keys/vdsmkey.pem" >> >> As a result, libvirt refuses to start, complaining about missing >> certificates and keys in their default locations. > And this is where things start to get blurry... > Since you're trying out a non-TLS environment I guess that vdsm-tool > added to 'libvirtd.conf': > > auth_tcp: "none" > listen_tcp: 1 > listen_tls: 0 > > right? Yes. > But supervdsmd's service definition still requires libvirtd-tls.socket > and that might cause libvirtd to complain. > Could you please try manually removing the libvirtd-tls.socket > dependency, disabling this unit and see if libvirtd still complains? If I disable the dependency, libvirt/Vdsm starts happily. >> Does anybody who uses a non-TLS environment experience the same problem? >> Can it be related to the fact that we require libvirtd-tls service from >> the split libvirtd services now? >> >> (Yes, I know TLS should always be used, but that is a shared development >> environment where TLS is disabled for whatever reason.) >> >> Thanks, >> Milan >> ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/AG3IEPRIEWTYDWYUST3XK6G6DGB2D4FY/
[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
On Tue, Mar 24, 2020 at 11:29 AM Milan Zamazal wrote: > > Hi, I've experienced a problem with host deploy and oVirt master last > week in an environment with TLS disabled. When I install/reinstall a > 4.4 host, it removes the following options from > /etc/libvirt/libvirtd.conf: > > ca_file="/etc/pki/vdsm/certs/cacert.pem" > cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" > key_file="/etc/pki/vdsm/keys/vdsmkey.pem" > > As a result, libvirt refuses to start, complaining about missing > certificates and keys in their default locations. > > Does anybody who uses a non-TLS environment experience the same problem? > Can it be related to the fact that we require libvirtd-tls service from > the split libvirtd services now? > > (Yes, I know TLS should always be used, but that is a shared development > environment where TLS is disabled for whatever reason.) TLS-less setup is not supported and likely to break. I would not spend too much time on trying to fix it. ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/QK6Y6TNSIKJSMJGAGJNTEYMNGYMW6OF5/
[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
Hi, On 3/24/20 10:28 AM, Milan Zamazal wrote: Hi, I've experienced a problem with host deploy and oVirt master last week in an environment with TLS disabled. When I install/reinstall a 4.4 host, it removes the following options from /etc/libvirt/libvirtd.conf: ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" As a result, libvirt refuses to start, complaining about missing certificates and keys in their default locations. And this is where things start to get blurry... Since you're trying out a non-TLS environment I guess that vdsm-tool added to 'libvirtd.conf': auth_tcp: "none" listen_tcp: 1 listen_tls: 0 right? But supervdsmd's service definition still requires libvirtd-tls.socket and that might cause libvirtd to complain. Could you please try manually removing the libvirtd-tls.socket dependency, disabling this unit and see if libvirtd still complains? Does anybody who uses a non-TLS environment experience the same problem? Can it be related to the fact that we require libvirtd-tls service from the split libvirtd services now? (Yes, I know TLS should always be used, but that is a shared development environment where TLS is disabled for whatever reason.) Thanks, Milan ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/PH4B7575KETQMXFW523TAEORPNNZ3F62/