[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install

Marcin Sobczyk <msobczyk(a)redhat.com&gt; writes: > Hi, > > On 3/24/20 10:28 AM, Milan Zamazal wrote: >> Hi, I've experienced a problem with host deploy and oVirt master last >> week in an environment with TLS disabled. When I install/reinstall a >> 4.4 host, it removes the following options from >> /etc/libvirt/libvirtd.conf: >> >> ca_file="/etc/pki/vdsm/certs/cacert.pem" >> cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" >> key_file="/etc/pki/vdsm/keys/vdsmkey.pem" >> >> As a result, libvirt refuses to start, complaining about missing >> certificates and keys in their default locations. > And this is where things start to get blurry... > Since you're trying out a non-TLS environment I guess that vdsm-tool > added to 'libvirtd.conf': > > auth_tcp: "none" > listen_tcp: 1 > listen_tls: 0 > > right? Yes. > But supervdsmd's service definition still requires libvirtd-tls.socket > and that might cause libvirtd to complain. > Could you please try manually removing the libvirtd-tls.socket > dependency, disabling this unit and see if libvirtd still complains? If I disable the dependency, libvirt/Vdsm starts happily. >> Does anybody who uses a non-TLS environment experience the same problem? >> Can it be related to the fact that we require libvirtd-tls service from >> the split libvirtd services now? >> >> (Yes, I know TLS should always be used, but that is a shared development >> environment where TLS is disabled for whatever reason.) >> >> Thanks, >> Milan >>