<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev <span dir="ltr"><<a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im"><br>
<br>
----- Original Message -----<br>
> From: "Cristian Falcas" <<a href="mailto:cristi.falcas@gmail.com">cristi.falcas@gmail.com</a>><br>
> To: "Itamar Heim" <<a href="mailto:iheim@redhat.com">iheim@redhat.com</a>><br>
> Cc: "Roy Golan" <<a href="mailto:rgolan@redhat.com">rgolan@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a>, "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>>, "Juan Antonio Hernandez<br>
> Fernandez" <<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>>, "David Jaša" <<a href="mailto:djasa@redhat.com">djasa@redhat.com</a>><br>
> Sent: Wednesday, December 12, 2012 11:21:32 PM<br>
> Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot find suitable CPU model for given data)<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < <a href="mailto:iheim@redhat.com">iheim@redhat.com</a> ><br>
> wrote:<br>
><br>
><br>
> On 12/12/2012 10:39 PM, Cristian Falcas wrote:<br>
><br>
><br>
> Hi,<br>
><br>
> i don't know if I should start a new thread for the spice problems.<br>
> Here<br>
> goes some improvements:<br>
><br>
> I created the certificates like per <a href="https://gist.github.com/" target="_blank">https://gist.github.com/</a> 1655511<br>
> . i<br>
> copied the public one to my home:<br>
> cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem<br>
> ~cristi/.spice/spice_ truststore.pem<br>
><br>
> I had the same problem as in<br>
</div>> <a href="https://bugzilla.redhat.com/" target="_blank">https://bugzilla.redhat.com/</a> show_bug.cgi?id=880182 . For this I<br>
<div class="im">> needed<br>
> to downgrade libcacard twice (until I had the same version as in the<br>
> bug)<br>
><br>
> Now spice works with virt-manager.<br>
><br>
> Can someone tell me where do I need to copy the certificate on ovirt<br>
> in<br>
> order to make spice working over there also?<br>
><br>
> with which version of boostrap on the engine did you add this host.<br>
><br>
><br>
> vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch<br>
><br>
> And otopi packages installed:<br>
><br>
> otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch<br>
> otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch<br>
><br>
><br>
<br>
</div>Any reason to perform certificate enrollment manually?<br>
<span class=""><font color="#888888"><br>
Alon<br>
</font></span></blockquote></div><br><br>It's still not working with the handmade certificates.<br><br>I tried to create them because of those errors:<br><br>libvirt log:<br><br>((null):9248): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not load certificates from /etc/pki/vdsm/libvirt-spice/<div class="gmail_extra">
server-cert.pem<br>
((null):9248): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not use private key file<br>((null):9248): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem<br><br>
[root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/server-cert.pem<br>ls: cannot access /etc/pki/vdsm/libvirt-spice/server-cert.pem: No such file or directory<br>[root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/ca-cert.pem<br>
ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: No such file or directory<br><br><br>Spice log:<br><br>1355334879 INFO [8950:8950] Application::main: starting 0.12.0<br>1355334879 INFO [8950:8950] Application::main: command line: spicec --controller<br>
1355334879 INFO [8950:8950] init_key_map: using evdev mapping<br>1355334879 INFO [8950:8950] MultyMonScreen::MultyMonScreen: platform_win: 77594625<br>1355334879 INFO [8950:8950] GUI::GUI: <br>1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: Creating a foreign menu connection /tmp/SpiceForeignMenu-8950.uds<br>
1355334879 INFO [8950:8950] Controller::Controller: Creating a controller connection /tmp/spicec-9GS5mA/spice-xpi<br>1355334882 INFO [8950:8952] RedPeer::connect_secure: Connected to <a href="http://cristifalcas.no-ip.org" target="_blank">cristifalcas.no-ip.org</a> 5902<br>
1355334882 ERROR [8950:8952] RedPeer::connect_secure: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)<br>1355334882
WARN [8950:8952] RedChannel::run: SSL Error: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure<br>
1355334882 INFO [8950:8950] main: Spice client terminated (exitcode = 7)<br><br><br><br><br>I've done this without an improvment:<br><br>[root@localhost Ovirt]# /lib/systemd/systemd-vdsmd reconfigure<br>Configuring libvirt for vdsm...<br>
[root@localhost Ovirt]# systemctl restart libvirtd.service vdsmd.service</div><br></div>