On 29/03/12 17:23, David Elliott wrote: > Hi > > I'm ovirt node using the latest ovirt-node-iso-2.3.0-1.0.fc16.iso, and > having a problem with live migration > > After fresh install of node > /etc/libvirt/libvirtd.conf > listen_tls = 0 > listen_tcp = 1 > # tcp and tls ports are defaults > # tls_port = "16514" > #tcp_port = "16509" > > > [root@ovirt-h-6 ~]# netstat -ant |grep -E "16514|16509" > tcp 0 0 0.0.0.0:16509 0.0.0.0:* > LISTEN > > iptables is set to accept ALL > > When migration is attempted - it then tries and fails to use tls > > 2012-03-28 18:33:15.566+0000: 1622: error : doPeer2PeerMigrate:2129 : > operation failed: Failed to connect to remote libvirt URI > qemu+tls://192.168.192.230/system > > - manually configuring a registered/running node with listen_tls = 1, > migration will then succeed > > - editing the live-cd and setting "listen_tls=1" , a fresh install then has > some problems > libvirtd fails to start on install due to a certificate error (which am > guessing is installed as part of the node registration process with the > engine) > "Cannot read CA Certifcate /etc/pki/CA/cacert.pem" > > This also causes the setting of hostname/network details to fail during the > automated installation; so this seems the wrong way to go > > I'm not sure if the problem here is live migration shouldn't be using tls; > or that the node registration process should set "listen_tls=1" l; but isn't > > Any assistance appreciated > > Cheers, > Dave >
Let's just verify first what libvirt is saying. Can you please post the output of: ls -l /etc/pki/CA/ Also, AFAIR, it should be using /etc/pki/vdsm/certs/cacert.pem Can you take a look in the relevant config files (vdsm mostly) and see how it's defined? Did you happen to manually change it? _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
