On Mon, Nov 12, 2018 at 4:38 PM Giannino Stoppani <sceglimilano(a)gmail.com>
wrote:
I've always used ovirt with enabled ssl until now, and I've
done so only
because it's instructed by oVirt doc:
https://www.ovirt.org/develop/developer-guide/vdsm/installing-vdsm-from-r...
Having ssl enabled, still lead to what I think are the same errors, as
you can see from the following and the attached logs.
# vi /etc/vdsm/vdsm.conf
[vars]
ssl = true
Restarting vdsmd will lead to failure (expectedly, as we've just
switched ssl mode):
# systemctl restart vdsmd
Job for vdsmd.service failed because the control process exited with
error code. See "systemctl status vdsmd.service" and "journalctl
-xe"
for details.
So I'll reconfigure it:
# vdsm-tool configure --force
Checking configuration status...
abrt is already configured for vdsm
lvm is configured for vdsm
libvirt is already configured for vdsm
FAILED: conflicting vdsm and libvirt-qemu tls configuration.
vdsm.conf with ssl=True requires the following changes:
libvirtd.conf: listen_tcp=0, auth_tcp="sasl", listen_tls=1
qemu.conf: spice_tls=1.
Current revision of multipath.conf detected, preserving
Running configure...
Reconfiguration of abrt is done.
Reconfiguration of passwd is done.
Reconfiguration of libvirt is done.
Done configuring modules to VDSM.
Looks fine...
As a quick check to see if everything has been configured correctly, I
run again the configuration and this time there won't be anything to be
done:
# vdsm-tool configure --force
You can do this instead:
vdsm-tool is-configured
Checking configuration status...
abrt is already configured for vdsm
lvm is configured for vdsm
libvirt is already configured for vdsm
SUCCESS: ssl configured to true. No conflicts
Current revision of multipath.conf detected, preserving
Running configure...
Reconfiguration of abrt is done.
Reconfiguration of passwd is done.
Reconfiguration of libvirt is done.
Done configuring modules to VDSM.
Still ok...
Starting vdsmd still fails:
# systemctl start vdsmd
Job for vdsmd.service failed because the control process exited with
error code. See "systemctl status vdsmd.service" and "journalctl
-xe"
for details.
I've attached new logs for ssl enabled as xz archive.
Good. What we see is:
Nov 12 14:44:50 ovirtone.test.one vdsmd_init_common.sh[26855]: sysctl:
cannot stat /proc/sys/ssl: No s
Nov 12 14:44:50 ovirtone.test.one systemd[1]: vdsmd.service: control
process exited, code=exited statu
Nov 12 14:44:50 ovirtone.test.one systemd[1]: Failed to start Virtual
Desktop Server Manager.
Looks like a bug, can you file urgent bug for this with the attached logs?
Nir
Il giorno mer 7 nov 2018 alle ore 12:07 Nir Soffer <nsoffer(a)redhat.com>
ha scritto:
> On Tue, Nov 6, 2018 at 3:58 PM Giannino Stoppani <sceglimilano(a)gmail.com>
> wrote:
>
>> Thank you all for the replies, I'm sticking to bottom posting with 70
>> columns wide line, with the exception of log lines.
>>
>> On Wed, Oct 31, 2018 at 11:48 AM Shani Leviim <sleviim(a)redhat.com>
>> wrote:
>>
>>> I think that this one can help :
>>>
https://www.ovirt.org/develop/developer-guide/vdsm/installing-vdsm-from-r...
>>> Make sure you've installed libvirt from the rpm as appeared on the link
>>> there.
>>>
>>
>> I've followed your link, from my notes I see I've already tested it in
>> the beginning of my messing. I've set 'ssl = false' in
>> /etc/vdsm/vdsm.conf
>>
>
> Disabling ssl is not supported configuration. If can be used for debugging
> in development environment but it should not be used in production.
> This configuration is also not tested, so it is likely to break.
>
> Even if you disable ssl in vdsm, other parts of the system require ssl,
> like
> ovirt-imageio.
>
> Nir
>