[ovirt-devel] Re: libvirt can't start in a non-TLS environment after host install
Hi,
On 3/24/20 10:28 AM, Milan Zamazal wrote:
Hi, I've experienced a problem with host deploy and oVirt master
last
week in an environment with TLS disabled. When I install/reinstall a
4.4 host, it removes the following options from
/etc/libvirt/libvirtd.conf:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
As a result, libvirt refuses to start, complaining about missing
certificates and keys in their default locations.
And this is where things start to
get blurry...
Since you're trying out a non-TLS environment I guess that vdsm-tool
added to 'libvirtd.conf':
auth_tcp: "none"
listen_tcp: 1
listen_tls: 0
right?
But supervdsmd's service definition still requires libvirtd-tls.socket
and that might cause libvirtd to complain.
Could you please try manually removing the libvirtd-tls.socket
dependency, disabling this unit and see if libvirtd still complains?
Does anybody who uses a non-TLS environment experience the same
problem?
Can it be related to the fact that we require libvirtd-tls service from
the split libvirtd services now?
(Yes, I know TLS should always be used, but that is a shared development
environment where TLS is disabled for whatever reason.)
Thanks,
Milan