On March 27, 2020 12:23:10 PM GMT+02:00, David David <dd432...@gmail.com> wrote: >here is debug from opening console.vv by remote-viewer > >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >> David David <dd432...@gmail.com> writes: >> >>> yes i have >>> console.vv attached >> >> It looks the same as mine. >> >> There is a difference in our logs, you have >> >> Possible auth 19 >> >> while I have >> >> Possible auth 2 >> >> So I still suspect a wrong authentication method is used, but I don't >> have any idea why. >> >> Regards, >> Milan >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >>>> David David <dd432...@gmail.com> writes: >>>> >>>>> copied from qemu server all certs except "cacrl" to my >desktop-station >>>>> into /etc/pki/ >>>> >>>> This is not needed, the CA certificate is included in console.vv >and no >>>> other certificate should be needed. >>>> >>>>> but remote-viewer is still didn't work >>>> >>>> The log looks like remote-viewer is attempting certificate >>>> authentication rather than password authentication. Do you have >>>> password in console.vv? It should look like: >>>> >>>> [virt-viewer] >>>> type=vnc >>>> host=192.168.122.2 >>>> port=5900 >>>> password=fxLazJu6BUmL >>>> # Password is valid for 120 seconds. >>>> ... >>>> >>>> Regards, >>>> Milan >>>> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsof...@redhat.com>: >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David <dd432...@gmail.com> >>>>>> wrote: >>>>>>> >>>>>>> ovirt 4.3.8.2-1.el7 >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 >>>>>>> remote-viewer version 8.0-3.fc31 >>>>>>> >>>>>>> can't open vm console by remote-viewer >>>>>>> vm has vnc console protocol >>>>>>> when click on console button to connect to a vm, the >remote-viewer >>>>>>> console disappear immediately >>>>>>> >>>>>>> remote-viewer debug in attachment >>>>>> >>>>>> You an issue with the certificates: >>>>>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: >>>>>> ../src/vncconnection.c Set credential 2 libvirt >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacert.pem >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c No CA certificate provided, using GNUTLS >global >>>>>> trust >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Failed to find certificate >>>>>> libvirt/private/clientkey.pem >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Failed to find certificate >>>>>> libvirt/clientcert.pem >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Waiting for missing credentials >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c Got all credentials >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>>>> ../src/vncconnection.c No CA certificate provided; trying the >system >>>>>> trust store instead >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>>>> ../src/vncconnection.c Using the system trust store and CRL >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>>>> ../src/vncconnection.c No client cert or key provided >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>>>> ../src/vncconnection.c No CA revocation list provided >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: >>>>>> ../src/vncconnection.c Handshake was blocking >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: >>>>>> ../src/vncconnection.c Handshake was blocking >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: >>>>>> ../src/vncconnection.c Handshake was blocking >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >>>>>> ../src/vncconnection.c Handshake done >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >>>>>> ../src/vncconnection.c Validating >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: >>>>>> ../src/vncconnection.c Error: The certificate is not trusted >>>>>> >>>>>> Adding people that may know more about this. >>>>>> >>>>>> Nir >>>>>> >>>>>> >>>> >>>> >> >>
Hello, You can try to take the engine's CA (maybe it's useless) and put it on your system in: /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then run update-ca-trust Best Regards, Strahil Nikolov _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/G4EHEN7DOTYND5BQDVFEGW3VK4PFNEOU/