----- Original Message ----- > From: "Jeff Bailey" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: [email protected] > Sent: Sunday, December 16, 2012 2:51:21 AM > Subject: Re: [Users] migration & missing cert - 3.2 alpha > > > On 12/15/2012 5:47 PM, Alon Bar-Lev wrote: > > > > ----- Original Message ----- > >> From: "Jeff Bailey" <[email protected]> > >> To: "Alon Bar-Lev" <[email protected]> > >> Cc: [email protected] > >> Sent: Sunday, December 16, 2012 12:39:48 AM > >> Subject: Re: [Users] migration & missing cert - 3.2 alpha > >> > >> > >> On 12/15/2012 1:49 PM, Alon Bar-Lev wrote: > >>> ----- Original Message ----- > >>>> From: "Jeff Bailey" <[email protected]> > >>>> To: [email protected] > >>>> Sent: Saturday, December 15, 2012 6:28:20 PM > >>>> Subject: [Users] migration & missing cert - 3.2 alpha > >>>> > >>>> Hi, > >>>> > >>>> I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When > >>>> I > >>>> try > >>>> to migrate from one host to the other I get > >>>> > >>>> 2012-12-15 15:18:51.381+0000: 1541: error : > >>>> virNetTLSContextCheckCertFile:113 : > >>>> Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such > >>>> file > >>>> or > >>>> directory > >>>> > >>>> in libvirtd.log on the source host. Is that actually where the > >>>> cert > >>>> should be and I should try to track down why it's not there or > >>>> should > >>>> it > >>>> be somewhere else? If it should be somewhere else where would > >>>> that > >>>> be > >>>> configured? The default location for the client certificates > >>>> seems > >>>> to > >>>> be /etc/pki/libvirt which doesn't exist so even with a cacert it > >>>> still > >>>> probably wouldn't work. Could this be related to the missing > >>>> spice > >>>> certificates (I manually made the symbolic links for those). > >>>> > >>>> Thanks, > >>>> Jeff > >>> This is interesting... > >>> > >>> What do you have in both machines at /etc/libvirt/libvirtd.conf > >>> in > >>> ca_file, cert_file, key_file? > >> In /etc/libvirt/libvirtd.conf on both hosts: > >> > >> ca_file="/etc/pki/vdsm/certs/cacert.pem" > >> cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" > >> key_file="/etc/pki/vdsm/keys/vdsmkey.pem" > >> > >> It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the > >> F18 > >> updates-testing repository. Maybe that's the problem. I'll try > >> to > >> install a clean F18 beta with the updates-testing repo disabled. > > OK... although it seems like libvirtd somehow ignores its own > > settings :) > > Yes, it seems that way. I don't know exactly when these certificates > are used. Is it just for libvirt to libvirt communication like when > doing a migration? Does vdsm communicate locally without using TLS? > I'm just wondering if it's something special about migration that's > not > using the right certificate path or is libvirt using the wrong path > for > everything and the only thing it affects is migration. Anyway, a > clean > F18 install with libvirt-0.10.2.1-3.fc18.x86_64 behaves the same way.
OK, for now you can copy manually the certificates. I will check libvirt sources. > > >>> As as far as I seen these variables set to /etc/pki/vdsm/*, I did > >>> not duplicate these files to libvirtd. > >>> > >>> I would like to understand why the default libvirt setting are in > >>> effect. > >>> > >>> Regards, > >>> Alon > >> > > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
