David David <dd432...@gmail.com> writes: > can connect to a vm which has spice console protocol by remote-viewer but > that not working with vnc protocol > the remote-viewer can't validate the server certs, is this a bug on the > remote-viewerside or in the hypervisor? > this problem is generally known? will it be fixed?
It works for me, so it's either a problem with your remote-viewer or an unknown problem on the oVirt side. I'd suggest paying attention to the authentication method negotiation as pointed out earlier. I'm not expert in that area, so I can't help you with that but maybe someone else can. Regards, Milan > вс, 29 мар. 2020 г. в 12:52, David David <dd432...@gmail.com>: > >> there is no such problem with the ovirt-engine 4.2.5.2-1.el7 >> it appeared when upgrading to 4.3.* >> >> вс, 29 мар. 2020 г. в 12:46, David David <dd432...@gmail.com>: >> >>> tested on four different workstations with: fedora20, fedora31 and >>> windows10(remote-manager last vers) >>> >>> вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov <hunter86...@yahoo.com>: >>> >>>> On March 29, 2020 9:47:02 AM GMT+03:00, David David <dd432...@gmail.com> >>>> wrote: >>>> >I did as you said: >>>> >copied from engine /etc/ovirt-engine/ca.pem onto my desktop into >>>> >/etc/pki/ca-trust/source/anchors and then run update-ca-trust >>>> >it didn’t help, still the same errors >>>> > >>>> > >>>> >пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86...@yahoo.com>: >>>> > >>>> >> On March 27, 2020 12:23:10 PM GMT+02:00, David David >>>> ><dd432...@gmail.com> >>>> >> wrote: >>>> >> >here is debug from opening console.vv by remote-viewer >>>> >> > >>>> >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >>>> >> >> David David <dd432...@gmail.com> writes: >>>> >> >> >>>> >> >>> yes i have >>>> >> >>> console.vv attached >>>> >> >> >>>> >> >> It looks the same as mine. >>>> >> >> >>>> >> >> There is a difference in our logs, you have >>>> >> >> >>>> >> >> Possible auth 19 >>>> >> >> >>>> >> >> while I have >>>> >> >> >>>> >> >> Possible auth 2 >>>> >> >> >>>> >> >> So I still suspect a wrong authentication method is used, but I >>>> >don't >>>> >> >> have any idea why. >>>> >> >> >>>> >> >> Regards, >>>> >> >> Milan >>>> >> >> >>>> >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >>>> >> >>>> David David <dd432...@gmail.com> writes: >>>> >> >>>> >>>> >> >>>>> copied from qemu server all certs except "cacrl" to my >>>> >> >desktop-station >>>> >> >>>>> into /etc/pki/ >>>> >> >>>> >>>> >> >>>> This is not needed, the CA certificate is included in console.vv >>>> >> >and no >>>> >> >>>> other certificate should be needed. >>>> >> >>>> >>>> >> >>>>> but remote-viewer is still didn't work >>>> >> >>>> >>>> >> >>>> The log looks like remote-viewer is attempting certificate >>>> >> >>>> authentication rather than password authentication. Do you have >>>> >> >>>> password in console.vv? It should look like: >>>> >> >>>> >>>> >> >>>> [virt-viewer] >>>> >> >>>> type=vnc >>>> >> >>>> host=192.168.122.2 >>>> >> >>>> port=5900 >>>> >> >>>> password=fxLazJu6BUmL >>>> >> >>>> # Password is valid for 120 seconds. >>>> >> >>>> ... >>>> >> >>>> >>>> >> >>>> Regards, >>>> >> >>>> Milan >>>> >> >>>> >>>> >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsof...@redhat.com>: >>>> >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David >>>> ><dd432...@gmail.com> >>>> >> >>>>>> wrote: >>>> >> >>>>>>> >>>> >> >>>>>>> ovirt 4.3.8.2-1.el7 >>>> >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 >>>> >> >>>>>>> remote-viewer version 8.0-3.fc31 >>>> >> >>>>>>> >>>> >> >>>>>>> can't open vm console by remote-viewer >>>> >> >>>>>>> vm has vnc console protocol >>>> >> >>>>>>> when click on console button to connect to a vm, the >>>> >> >remote-viewer >>>> >> >>>>>>> console disappear immediately >>>> >> >>>>>>> >>>> >> >>>>>>> remote-viewer debug in attachment >>>> >> >>>>>> >>>> >> >>>>>> You an issue with the certificates: >>>> >> >>>>>> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: >>>> >> >>>>>> ../src/vncconnection.c Set credential 2 libvirt >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >>>> >CA/cacert.pem >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided, using >>>> >GNUTLS >>>> >> >global >>>> >> >>>>>> trust >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >>>> >> >>>>>> libvirt/private/clientkey.pem >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >>>> >> >>>>>> libvirt/clientcert.pem >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Waiting for missing credentials >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c Got all credentials >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided; trying the >>>> >> >system >>>> >> >>>>>> trust store instead >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>> >> >>>>>> ../src/vncconnection.c Using the system trust store and CRL >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>> >> >>>>>> ../src/vncconnection.c No client cert or key provided >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >>>> >> >>>>>> ../src/vncconnection.c No CA revocation list provided >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >>>> >> >>>>>> ../src/vncconnection.c Handshake done >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >>>> >> >>>>>> ../src/vncconnection.c Validating >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: >>>> >> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted >>>> >> >>>>>> >>>> >> >>>>>> Adding people that may know more about this. >>>> >> >>>>>> >>>> >> >>>>>> Nir >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> >>>> >>>> >> >>>> >>>> >> >> >>>> >> >> >>>> >> >>>> >> Hello, >>>> >> >>>> >> You can try to take the engine's CA (maybe it's useless) and put it >>>> >on >>>> >> your system in: >>>> >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then >>>> >run >>>> >> update-ca-trust >>>> >> >>>> >> Best Regards, >>>> >> Strahil Nikolov >>>> >> >>>> >>>> Hey David, >>>> >>>> What is you workstation's OS ? >>>> Also, have you tried from another workstation ? >>>> >>>> Best Regards, >>>> Strahil Nikolov >>>> >>> > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/MACDEEWMWOTPGHIJ24WTQI5KAL4TMYS7/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IZEU4UBPT3WF2LKIDJCUSB4TQ3PCJO7K/