----- Original Message ----- > From: "Cristian Falcas" <cristi.fal...@gmail.com> > To: "Alon Bar-Lev" <alo...@redhat.com> > Cc: users@ovirt.org > Sent: Thursday, December 13, 2012 3:00:56 PM > Subject: Re: [Users] Spice issues with latest vdsm (was Re: Cannot find > suitable CPU model for given data) > > On Thu, Dec 13, 2012 at 1:57 PM, Alon Bar-Lev <alo...@redhat.com> > wrote: > > > > > > ----- Original Message ----- > >> From: "Cristian Falcas" <cristi.fal...@gmail.com> > >> To: "Alon Bar-Lev" <alo...@redhat.com> > >> Cc: users@ovirt.org > >> Sent: Thursday, December 13, 2012 1:52:10 PM > >> Subject: Re: [Users] Spice issues with latest vdsm (was Re: Cannot > >> find suitable CPU model for given data) > >> > >> > >> > >> > >> On Thu, Dec 13, 2012 at 1:35 PM, Alon Bar-Lev < alo...@redhat.com > >> > > >> wrote: > >> > > >> > > >> > > >> > ----- Original Message ----- > >> > > From: "Cristian Falcas" < cristi.fal...@gmail.com > > >> > > To: users@ovirt.org > >> > > Sent: Thursday, December 13, 2012 1:27:09 PM > >> > > Subject: Re: [Users] Spice issues with latest vdsm (was Re: > >> > > Cannot find suitable CPU model for given data) > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > On Thu, Dec 13, 2012 at 1:21 PM, David Jaša < dj...@redhat.com > >> > > > > >> > > wrote: > >> > > > >> > > > >> > > Cristian Falcas píše v Čt 13. 12. 2012 v 12:43 +0200: > >> > > > >> > > > >> > > > > >> > > > > >> > > > > >> > > > On Thu, Dec 13, 2012 at 2:07 AM, Alon Bar-Lev < > >> > > > alo...@redhat.com > > >> > > > wrote: > >> > > > > >> > > > > >> > > > ----- Original Message ----- > >> > > > > From: "Cristian Falcas" < cristi.fal...@gmail.com > > >> > > > > >> > > > > To: "Alon Bar-Lev" < alo...@redhat.com > > >> > > > > Cc: "Roy Golan" < rgo...@redhat.com >, users@ovirt.org , > >> > > > > "Juan > >> > > > > Antonio Hernandez Fernandez" < jhern...@redhat.com >, > >> > > > > "David Jaša" < dj...@redhat.com >, "Itamar Heim" < > >> > > > > ih...@redhat.com > > >> > > > > Sent: Thursday, December 13, 2012 2:01:22 AM > >> > > > > Subject: Re: Spice issues with latest vdsm (was Re: > >> > > > > [Users] > >> > > > > Cannot find suitable CPU model for given data) > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > >> > > > > On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev < > >> > > > > alo...@redhat.com > > >> > > > > wrote: > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > ----- Original Message ----- > >> > > > > > From: "Cristian Falcas" < cristi.fal...@gmail.com > > >> > > > > > To: "Itamar Heim" < ih...@redhat.com > > >> > > > > >> > > > > > Cc: "Roy Golan" < rgo...@redhat.com >, users@ovirt.org , > >> > > > > > "Alon > >> > > > > > Bar-Lev" < alo...@redhat.com >, "Juan Antonio Hernandez > >> > > > > > Fernandez" < jhern...@redhat.com >, "David Jaša" < > >> > > > > > dj...@redhat.com > >> > > > > > > > >> > > > > > Sent: Wednesday, December 12, 2012 11:21:32 PM > >> > > > > > Subject: Re: Spice issues with latest vdsm (was Re: > >> > > > > > [Users] > >> > > > > > Cannot > >> > > > > > find suitable CPU model for given data) > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < > >> > > > > > ih...@redhat.com > > >> > > > > > wrote: > >> > > > > > > >> > > > > > > >> > > > > > On 12/12/2012 10:39 PM, Cristian Falcas wrote: > >> > > > > > > >> > > > > > > >> > > > > > Hi, > >> > > > > > > >> > > > > > i don't know if I should start a new thread for the > >> > > > > > spice > >> > > > > > problems. > >> > > > > > Here > >> > > > > > goes some improvements: > >> > > > > > > >> > > > > > I created the certificates like per > >> > > > > > https://gist.github.com/ > >> > > > > > 1655511 > >> > > > > > . i > >> > > > > > copied the public one to my home: > >> > > > > > cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem > >> > > > > > ~cristi/.spice/spice_ truststore.pem > >> > > > > > > >> > > > > > I had the same problem as in > >> > > > > > https://bugzilla.redhat.com/ show_bug.cgi?id=880182 . > >> > > > > > For > >> > > > > > this > >> > > > > > I > >> > > > > > >> > > > > > needed > >> > > > > > to downgrade libcacard twice (until I had the same > >> > > > > > version > >> > > > > > as > >> > > > > > in > >> > > > > > the > >> > > > > > bug) > >> > > > > > > >> > > > > > Now spice works with virt-manager. > >> > > > > > > >> > > > > > Can someone tell me where do I need to copy the > >> > > > > > certificate > >> > > > > > on > >> > > > > > ovirt > >> > > > > > in > >> > > > > > order to make spice working over there also? > >> > > > > > > >> > > > > > with which version of boostrap on the engine did you add > >> > > > > > this > >> > > > > > host. > >> > > > > > > >> > > > > > > >> > > > > > vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch > >> > > > > > > >> > > > > > And otopi packages installed: > >> > > > > > > >> > > > > > otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > >> > > > > > otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > Any reason to perform certificate enrollment manually? > >> > > > > > >> > > > > Alon > >> > > > > > >> > > > > > >> > > > > It's still not working with the handmade certificates. > >> > > > > > >> > > > > I tried to create them because of those errors: > >> > > > > > >> > > > > libvirt log: > >> > > > > > >> > > > > ((null):9248): Spice-Warning **: > >> > > > > reds.c:3307:reds_init_ssl: > >> > > > > Could > >> > > > > not > >> > > > > load certificates from /etc/pki/vdsm/libvirt-spice/ > >> > > > > server-cert.pem > >> > > > > ((null):9248): Spice-Warning **: > >> > > > > reds.c:3317:reds_init_ssl: > >> > > > > Could > >> > > > > not > >> > > > > use private key file > >> > > > > ((null):9248): Spice-Warning **: > >> > > > > reds.c:3325:reds_init_ssl: > >> > > > > Could > >> > > > > not > >> > > > > use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem > >> > > > > > >> > > > > [root@localhost Ovirt]# ls -la > >> > > > > /etc/pki/vdsm/libvirt-spice/server-cert.pem > >> > > > > ls: cannot access > >> > > > > /etc/pki/vdsm/libvirt-spice/server-cert.pem: No > >> > > > > such file or directory > >> > > > > [root@localhost Ovirt]# ls -la > >> > > > > /etc/pki/vdsm/libvirt-spice/ca-cert.pem > >> > > > > ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: > >> > > > > No > >> > > > > such > >> > > > > file or directory > >> > > > > > >> > > > > > >> > > > > Spice log: > >> > > > > > >> > > > > 1355334879 INFO [8950:8950] Application::main: starting > >> > > > > 0.12.0 > >> > > > > 1355334879 INFO [8950:8950] Application::main: command > >> > > > > line: > >> > > > > spicec > >> > > > > --controller > >> > > > > 1355334879 INFO [8950:8950] init_key_map: using evdev > >> > > > > mapping > >> > > > > 1355334879 INFO [8950:8950] > >> > > > > MultyMonScreen::MultyMonScreen: > >> > > > > platform_win: 77594625 > >> > > > > 1355334879 INFO [8950:8950] GUI::GUI: > >> > > > > 1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: > >> > > > > Creating a > >> > > > > foreign menu connection /tmp/SpiceForeignMenu-8950.uds > >> > > > > 1355334879 INFO [8950:8950] Controller::Controller: > >> > > > > Creating > >> > > > > a > >> > > > > controller connection /tmp/spicec-9GS5mA/spice-xpi > >> > > > > 1355334882 INFO [8950:8952] RedPeer::connect_secure: > >> > > > > Connected to > >> > > > > cristifalcas.no-ip.org 5902 > >> > > > > 1355334882 ERROR [8950:8952] RedPeer::connect_secure: > >> > > > > failed > >> > > > > to > >> > > > > connect w/SSL, ssl_error > >> > > > > error:00000001:lib(0):func(0):reason(1) > >> > > > > 1355334882 WARN [8950:8952] RedChannel::run: SSL Error: > >> > > > > error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert > >> > > > > handshake > >> > > > > failure > >> > > > > 1355334882 INFO [8950:8950] main: Spice client terminated > >> > > > > (exitcode = > >> > > > > 7) > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > I've done this without an improvment: > >> > > > > > >> > > > > [root@localhost Ovirt]# /lib/systemd/systemd-vdsmd > >> > > > > reconfigure > >> > > > > Configuring libvirt for vdsm... > >> > > > > [root@localhost Ovirt]# systemctl restart libvirtd.service > >> > > > > vdsmd.service > >> > > > > > >> > > > > >> > > > > >> > > > Why don't you deply the host again? It should create the > >> > > > certificate correctly. > >> > > > > >> > > > But before you can do this, you must remove whatever > >> > > > certificates > >> > > > you put including symlinks at /etc/pki /etc/libvirt as > >> > > > libvirt > >> > > > will not start if there are invalid certificates. > >> > > > > >> > > > Alon. > >> > > > > >> > > > I already did this. Also, i removed all configuration files > >> > > > from > >> > > > host and ovirt, reinstalled ovirt-engine, removed > >> > > > vdsm,libvirt,qemu on host. > >> > > > > >> > > > I still got this when I start the machine: > >> > > > ((null):5004): Spice-Warning **: reds.c:3307:reds_init_ssl: > >> > > > Could > >> > > > not load certificates from > >> > > > /etc/pki/vdsm/libvirt-spice/server-cert.pem > >> > > > ((null):5004): Spice-Warning **: reds.c:3317:reds_init_ssl: > >> > > > Could > >> > > > not use private key file > >> > > > ((null):5004): Spice-Warning **: reds.c:3325:reds_init_ssl: > >> > > > Could > >> > > > not use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem > >> > > > > >> > > > And this when I try to connect: > >> > > > > >> > > > ((null):5004): Spice-Warning **: > >> > > > reds.c:2913:reds_handle_ssl_accept: SSL_accept failed, > >> > > > error=1 > >> > > > >> > > Didn't you disable encryption on engine or in vdsm.conf? > >> > > Unfortunately, it is still interdependent with spice > >> > > encryption > >> > > setup. > >> > > > >> > > (and a side question: if so, why did you disable it? oVirt > >> > > takes > >> > > care > >> > > of it without any extra work so I see no benefit in it) > >> > > > >> > > David > >> > > > >> > > PS: please send mails in plain text > >> > > > >> > > > > >> > > > Best regards, > >> > > > Cristian falcas > >> > > > > >> > > > _______________________________________________ > >> > > > Users mailing list > >> > > > Users@ovirt.org > >> > > > http://lists.ovirt.org/mailman/listinfo/users > >> > > > >> > > -- > >> > > > >> > > David Jaša, RHCE > >> > > > >> > > SPICE QE based in Brno > >> > > GPG Key: 22C33E24 > >> > > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 > >> > > > >> > > > >> > > > >> > > > >> > > I didn't touched anything this time. > >> > > > >> > > [cristi@localhost ~]$ cat /etc/vdsm/vdsm.conf > >> > > [vars] > >> > > ssl = true > >> > > > >> > > [addresses] > >> > > management_port = 54321 > >> > > > >> > > > >> > > qemu: > >> > > ## beginning of configuration section by vdsm-4.9.11 > >> > > dynamic_ownership=0 > >> > > spice_tls=1 > >> > > save_image_format="lzop" > >> > > spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice" > >> > > lock_manager="sanlock" > >> > > auto_dump_path="/var/log/core" > >> > > ## end of configuration section by vdsm-4.9.11 > >> > > > >> > > libvirtd: > >> > > ## beginning of configuration section by vdsm-4.9.11 > >> > > listen_addr="0.0.0.0" > >> > > unix_sock_group="kvm" > >> > > unix_sock_rw_perms="0770" > >> > > auth_unix_rw="sasl" > >> > > host_uuid="ac7ce924-3da8-41a5-9fa5-03af184b0437" > >> > > log_outputs="1:file:/var/log/libvirtd.log" > >> > > log_filters="1:libvirt 3:event 3:json 1:util 1:qemu" > >> > > ca_file="/etc/pki/vdsm/certs/cacert.pem" > >> > > cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" > >> > > key_file="/etc/pki/vdsm/keys/vdsmkey.pem" > >> > > ## end of configuration section by vdsm-4.9.11 > >> > > >> > BTW: it will be easier if you use plain text mail messages to > >> > list > >> > :) > >> > > >> > Can you please try to create the following sym links manually > >> > and > >> > see if it works? > >> > > >> > /etc/pki/vdsm/libvirt-spice/ca-cert.pem -> > >> > /etc/pki/vdsm/certs/cacert.pem > >> > /etc/pki/vdsm/libvirt-spice/server-cert.pem -> > >> > /etc/pki/vdsm/certs/vdsmcert.pem > >> > /etc/pki/vdsm/libvirt-spice/server-key.pem -> > >> > /etc/pki/vdsm/keys/vdsmkey.pem > >> > >> > >> It worked. Thank you. > >> > >> Regarding the html email: I'm using gmail as the email client and > >> I > >> don't know how to set it to send text emails only. I removed all > >> formatting from this replay, maybe it's better now? > > > > gmail: new interface: right left arrow(menu) -> plain text mode. > > gmail: old interface: above message -> plain text > > > > I will fix this for next nightly. > > > > Alon. > > > thank you for the explanation >
Should be fixed now in master, nightly should provide this. Thank you for the report, Alon _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users