solved using this link https://bugzilla.redhat.com/show_bug.cgi?id=1672587
чт, 2 апр. 2020 г. в 16:11, Milan Zamazal <[email protected]>: > David David <[email protected]> writes: > > > can connect to a vm which has spice console protocol by remote-viewer but > > that not working with vnc protocol > > the remote-viewer can't validate the server certs, is this a bug on the > > remote-viewerside or in the hypervisor? > > this problem is generally known? will it be fixed? > > It works for me, so it's either a problem with your remote-viewer or an > unknown problem on the oVirt side. I'd suggest paying attention to the > authentication method negotiation as pointed out earlier. I'm not > expert in that area, so I can't help you with that but maybe someone > else can. > > Regards, > Milan > > > вс, 29 мар. 2020 г. в 12:52, David David <[email protected]>: > > > >> there is no such problem with the ovirt-engine 4.2.5.2-1.el7 > >> it appeared when upgrading to 4.3.* > >> > >> вс, 29 мар. 2020 г. в 12:46, David David <[email protected]>: > >> > >>> tested on four different workstations with: fedora20, fedora31 and > >>> windows10(remote-manager last vers) > >>> > >>> вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov <[email protected]>: > >>> > >>>> On March 29, 2020 9:47:02 AM GMT+03:00, David David < > [email protected]> > >>>> wrote: > >>>> >I did as you said: > >>>> >copied from engine /etc/ovirt-engine/ca.pem onto my desktop into > >>>> >/etc/pki/ca-trust/source/anchors and then run update-ca-trust > >>>> >it didn’t help, still the same errors > >>>> > > >>>> > > >>>> >пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <[email protected] > >: > >>>> > > >>>> >> On March 27, 2020 12:23:10 PM GMT+02:00, David David > >>>> ><[email protected]> > >>>> >> wrote: > >>>> >> >here is debug from opening console.vv by remote-viewer > >>>> >> > > >>>> >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <[email protected]>: > >>>> >> >> David David <[email protected]> writes: > >>>> >> >> > >>>> >> >>> yes i have > >>>> >> >>> console.vv attached > >>>> >> >> > >>>> >> >> It looks the same as mine. > >>>> >> >> > >>>> >> >> There is a difference in our logs, you have > >>>> >> >> > >>>> >> >> Possible auth 19 > >>>> >> >> > >>>> >> >> while I have > >>>> >> >> > >>>> >> >> Possible auth 2 > >>>> >> >> > >>>> >> >> So I still suspect a wrong authentication method is used, but I > >>>> >don't > >>>> >> >> have any idea why. > >>>> >> >> > >>>> >> >> Regards, > >>>> >> >> Milan > >>>> >> >> > >>>> >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <[email protected] > >: > >>>> >> >>>> David David <[email protected]> writes: > >>>> >> >>>> > >>>> >> >>>>> copied from qemu server all certs except "cacrl" to my > >>>> >> >desktop-station > >>>> >> >>>>> into /etc/pki/ > >>>> >> >>>> > >>>> >> >>>> This is not needed, the CA certificate is included in > console.vv > >>>> >> >and no > >>>> >> >>>> other certificate should be needed. > >>>> >> >>>> > >>>> >> >>>>> but remote-viewer is still didn't work > >>>> >> >>>> > >>>> >> >>>> The log looks like remote-viewer is attempting certificate > >>>> >> >>>> authentication rather than password authentication. Do you > have > >>>> >> >>>> password in console.vv? It should look like: > >>>> >> >>>> > >>>> >> >>>> [virt-viewer] > >>>> >> >>>> type=vnc > >>>> >> >>>> host=192.168.122.2 > >>>> >> >>>> port=5900 > >>>> >> >>>> password=fxLazJu6BUmL > >>>> >> >>>> # Password is valid for 120 seconds. > >>>> >> >>>> ... > >>>> >> >>>> > >>>> >> >>>> Regards, > >>>> >> >>>> Milan > >>>> >> >>>> > >>>> >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <[email protected]>: > >>>> >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David > >>>> ><[email protected]> > >>>> >> >>>>>> wrote: > >>>> >> >>>>>>> > >>>> >> >>>>>>> ovirt 4.3.8.2-1.el7 > >>>> >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 > >>>> >> >>>>>>> remote-viewer version 8.0-3.fc31 > >>>> >> >>>>>>> > >>>> >> >>>>>>> can't open vm console by remote-viewer > >>>> >> >>>>>>> vm has vnc console protocol > >>>> >> >>>>>>> when click on console button to connect to a vm, the > >>>> >> >remote-viewer > >>>> >> >>>>>>> console disappear immediately > >>>> >> >>>>>>> > >>>> >> >>>>>>> remote-viewer debug in attachment > >>>> >> >>>>>> > >>>> >> >>>>>> You an issue with the certificates: > >>>> >> >>>>>> > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: > >>>> >> >>>>>> ../src/vncconnection.c Set credential 2 libvirt > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate > >>>> >CA/cacert.pem > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided, using > >>>> >GNUTLS > >>>> >> >global > >>>> >> >>>>>> trust > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate > CA/cacrl.pem > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate > >>>> >> >>>>>> libvirt/private/clientkey.pem > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate > >>>> >> >>>>>> libvirt/clientcert.pem > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Waiting for missing credentials > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c Got all credentials > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided; trying > the > >>>> >> >system > >>>> >> >>>>>> trust store instead > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>> >> >>>>>> ../src/vncconnection.c Using the system trust store and CRL > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>> >> >>>>>> ../src/vncconnection.c No client cert or key provided > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>> >> >>>>>> ../src/vncconnection.c No CA revocation list provided > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: > >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: > >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: > >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >>>> >> >>>>>> ../src/vncconnection.c Handshake done > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >>>> >> >>>>>> ../src/vncconnection.c Validating > >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: > >>>> >> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted > >>>> >> >>>>>> > >>>> >> >>>>>> Adding people that may know more about this. > >>>> >> >>>>>> > >>>> >> >>>>>> Nir > >>>> >> >>>>>> > >>>> >> >>>>>> > >>>> >> >>>> > >>>> >> >>>> > >>>> >> >> > >>>> >> >> > >>>> >> > >>>> >> Hello, > >>>> >> > >>>> >> You can try to take the engine's CA (maybe it's useless) and put > it > >>>> >on > >>>> >> your system in: > >>>> >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and > then > >>>> >run > >>>> >> update-ca-trust > >>>> >> > >>>> >> Best Regards, > >>>> >> Strahil Nikolov > >>>> >> > >>>> > >>>> Hey David, > >>>> > >>>> What is you workstation's OS ? > >>>> Also, have you tried from another workstation ? > >>>> > >>>> Best Regards, > >>>> Strahil Nikolov > >>>> > >>> > > _______________________________________________ > > Users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > > https://lists.ovirt.org/archives/list/[email protected]/message/MACDEEWMWOTPGHIJ24WTQI5KAL4TMYS7/ > >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/3QKFE7VV3WYKYARQZRJGDLEA7KQOHMOY/
