David David <dd432...@gmail.com> writes: > solved using this link https://bugzilla.redhat.com/show_bug.cgi?id=1672587
Great, good to know. > чт, 2 апр. 2020 г. в 16:11, Milan Zamazal <mzama...@redhat.com>: > >> David David <dd432...@gmail.com> writes: >> >> > can connect to a vm which has spice console protocol by remote-viewer but >> > that not working with vnc protocol >> > the remote-viewer can't validate the server certs, is this a bug on the >> > remote-viewerside or in the hypervisor? >> > this problem is generally known? will it be fixed? >> >> It works for me, so it's either a problem with your remote-viewer or an >> unknown problem on the oVirt side. I'd suggest paying attention to the >> authentication method negotiation as pointed out earlier. I'm not >> expert in that area, so I can't help you with that but maybe someone >> else can. >> >> Regards, >> Milan >> >> > вс, 29 мар. 2020 г. в 12:52, David David <dd432...@gmail.com>: >> > >> >> there is no such problem with the ovirt-engine 4.2.5.2-1.el7 >> >> it appeared when upgrading to 4.3.* >> >> >> >> вс, 29 мар. 2020 г. в 12:46, David David <dd432...@gmail.com>: >> >> >> >>> tested on four different workstations with: fedora20, fedora31 and >> >>> windows10(remote-manager last vers) >> >>> >> >>> вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov <hunter86...@yahoo.com>: >> >>> >> >>>> On March 29, 2020 9:47:02 AM GMT+03:00, David David < >> dd432...@gmail.com> >> >>>> wrote: >> >>>> >I did as you said: >> >>>> >copied from engine /etc/ovirt-engine/ca.pem onto my desktop into >> >>>> >/etc/pki/ca-trust/source/anchors and then run update-ca-trust >> >>>> >it didn’t help, still the same errors >> >>>> > >> >>>> > >> >>>> >пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86...@yahoo.com >> >: >> >>>> > >> >>>> >> On March 27, 2020 12:23:10 PM GMT+02:00, David David >> >>>> ><dd432...@gmail.com> >> >>>> >> wrote: >> >>>> >> >here is debug from opening console.vv by remote-viewer >> >>>> >> > >> >>>> >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >> >>>> >> >> David David <dd432...@gmail.com> writes: >> >>>> >> >> >> >>>> >> >>> yes i have >> >>>> >> >>> console.vv attached >> >>>> >> >> >> >>>> >> >> It looks the same as mine. >> >>>> >> >> >> >>>> >> >> There is a difference in our logs, you have >> >>>> >> >> >> >>>> >> >> Possible auth 19 >> >>>> >> >> >> >>>> >> >> while I have >> >>>> >> >> >> >>>> >> >> Possible auth 2 >> >>>> >> >> >> >>>> >> >> So I still suspect a wrong authentication method is used, but I >> >>>> >don't >> >>>> >> >> have any idea why. >> >>>> >> >> >> >>>> >> >> Regards, >> >>>> >> >> Milan >> >>>> >> >> >> >>>> >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzama...@redhat.com >> >: >> >>>> >> >>>> David David <dd432...@gmail.com> writes: >> >>>> >> >>>> >> >>>> >> >>>>> copied from qemu server all certs except "cacrl" to my >> >>>> >> >desktop-station >> >>>> >> >>>>> into /etc/pki/ >> >>>> >> >>>> >> >>>> >> >>>> This is not needed, the CA certificate is included in >> console.vv >> >>>> >> >and no >> >>>> >> >>>> other certificate should be needed. >> >>>> >> >>>> >> >>>> >> >>>>> but remote-viewer is still didn't work >> >>>> >> >>>> >> >>>> >> >>>> The log looks like remote-viewer is attempting certificate >> >>>> >> >>>> authentication rather than password authentication. Do you >> have >> >>>> >> >>>> password in console.vv? It should look like: >> >>>> >> >>>> >> >>>> >> >>>> [virt-viewer] >> >>>> >> >>>> type=vnc >> >>>> >> >>>> host=192.168.122.2 >> >>>> >> >>>> port=5900 >> >>>> >> >>>> password=fxLazJu6BUmL >> >>>> >> >>>> # Password is valid for 120 seconds. >> >>>> >> >>>> ... >> >>>> >> >>>> >> >>>> >> >>>> Regards, >> >>>> >> >>>> Milan >> >>>> >> >>>> >> >>>> >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsof...@redhat.com>: >> >>>> >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David >> >>>> ><dd432...@gmail.com> >> >>>> >> >>>>>> wrote: >> >>>> >> >>>>>>> >> >>>> >> >>>>>>> ovirt 4.3.8.2-1.el7 >> >>>> >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 >> >>>> >> >>>>>>> remote-viewer version 8.0-3.fc31 >> >>>> >> >>>>>>> >> >>>> >> >>>>>>> can't open vm console by remote-viewer >> >>>> >> >>>>>>> vm has vnc console protocol >> >>>> >> >>>>>>> when click on console button to connect to a vm, the >> >>>> >> >remote-viewer >> >>>> >> >>>>>>> console disappear immediately >> >>>> >> >>>>>>> >> >>>> >> >>>>>>> remote-viewer debug in attachment >> >>>> >> >>>>>> >> >>>> >> >>>>>> You an issue with the certificates: >> >>>> >> >>>>>> >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: >> >>>> >> >>>>>> ../src/vncconnection.c Set credential 2 libvirt >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >> >>>> >CA/cacert.pem >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided, using >> >>>> >GNUTLS >> >>>> >> >global >> >>>> >> >>>>>> trust >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >> CA/cacrl.pem >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >> >>>> >> >>>>>> libvirt/private/clientkey.pem >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Failed to find certificate >> >>>> >> >>>>>> libvirt/clientcert.pem >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Waiting for missing credentials >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c Got all credentials >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>> >> >>>>>> ../src/vncconnection.c No CA certificate provided; trying >> the >> >>>> >> >system >> >>>> >> >>>>>> trust store instead >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>> >> >>>>>> ../src/vncconnection.c Using the system trust store and CRL >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>> >> >>>>>> ../src/vncconnection.c No client cert or key provided >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>> >> >>>>>> ../src/vncconnection.c No CA revocation list provided >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: >> >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: >> >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: >> >>>> >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >> >>>> >> >>>>>> ../src/vncconnection.c Handshake done >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >> >>>> >> >>>>>> ../src/vncconnection.c Validating >> >>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: >> >>>> >> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted >> >>>> >> >>>>>> >> >>>> >> >>>>>> Adding people that may know more about this. >> >>>> >> >>>>>> >> >>>> >> >>>>>> Nir >> >>>> >> >>>>>> >> >>>> >> >>>>>> >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >>>> >> Hello, >> >>>> >> >> >>>> >> You can try to take the engine's CA (maybe it's useless) and put >> it >> >>>> >on >> >>>> >> your system in: >> >>>> >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and >> then >> >>>> >run >> >>>> >> update-ca-trust >> >>>> >> >> >>>> >> Best Regards, >> >>>> >> Strahil Nikolov >> >>>> >> >> >>>> >> >>>> Hey David, >> >>>> >> >>>> What is you workstation's OS ? >> >>>> Also, have you tried from another workstation ? >> >>>> >> >>>> Best Regards, >> >>>> Strahil Nikolov >> >>>> >> >>> >> > _______________________________________________ >> > Users mailing list -- users@ovirt.org >> > To unsubscribe send an email to users-le...@ovirt.org >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> > oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> > List Archives: >> > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MACDEEWMWOTPGHIJ24WTQI5KAL4TMYS7/ >> >> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YTDCQ4JR2Q72JAZRVQZPBWOB2XU4HZHZ/