On 12/15/2012 5:47 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Jeff Bailey" <[email protected]>
To: "Alon Bar-Lev" <[email protected]>
Cc: [email protected]
Sent: Sunday, December 16, 2012 12:39:48 AM
Subject: Re: [Users] migration & missing cert - 3.2 alpha
On 12/15/2012 1:49 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Jeff Bailey" <[email protected]>
To: [email protected]
Sent: Saturday, December 15, 2012 6:28:20 PM
Subject: [Users] migration & missing cert - 3.2 alpha
Hi,
I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I
try
to migrate from one host to the other I get
2012-12-15 15:18:51.381+0000: 1541: error :
virNetTLSContextCheckCertFile:113 :
Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file
or
directory
in libvirtd.log on the source host. Is that actually where the
cert
should be and I should try to track down why it's not there or
should
it
be somewhere else? If it should be somewhere else where would
that
be
configured? The default location for the client certificates
seems
to
be /etc/pki/libvirt which doesn't exist so even with a cacert it
still
probably wouldn't work. Could this be related to the missing
spice
certificates (I manually made the symbolic links for those).
Thanks,
Jeff
This is interesting...
What do you have in both machines at /etc/libvirt/libvirtd.conf in
ca_file, cert_file, key_file?
In /etc/libvirt/libvirtd.conf on both hosts:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18
updates-testing repository. Maybe that's the problem. I'll try to
install a clean F18 beta with the updates-testing repo disabled.
OK... although it seems like libvirtd somehow ignores its own settings :)
Yes, it seems that way. I don't know exactly when these certificates
are used. Is it just for libvirt to libvirt communication like when
doing a migration? Does vdsm communicate locally without using TLS?
I'm just wondering if it's something special about migration that's not
using the right certificate path or is libvirt using the wrong path for
everything and the only thing it affects is migration. Anyway, a clean
F18 install with libvirt-0.10.2.1-3.fc18.x86_64 behaves the same way.
As as far as I seen these variables set to /etc/pki/vdsm/*, I did
not duplicate these files to libvirtd.
I would like to understand why the default libvirt setting are in
effect.
Regards,
Alon
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
