On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev <alonbl(a)redhat.com> wrote:
----- Original Message -----
> From: "Cristian Falcas" <cristi.falcas(a)gmail.com>
> To: "Itamar Heim" <iheim(a)redhat.com>
> Cc: "Roy Golan" <rgolan(a)redhat.com>, users(a)ovirt.org, "Alon
Bar-Lev" <
alonbl(a)redhat.com>, "Juan Antonio Hernandez
> Fernandez" <jhernand(a)redhat.com>, "David Jaša"
<djasa(a)redhat.com>
> Sent: Wednesday, December 12, 2012 11:21:32 PM
> Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot find
suitable CPU model for given data)
>
>
>
>
>
>
> On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < iheim(a)redhat.com >
> wrote:
>
>
> On 12/12/2012 10:39 PM, Cristian Falcas wrote:
>
>
> Hi,
>
> i don't know if I should start a new thread for the spice problems.
> Here
> goes some improvements:
>
> I created the certificates like per
https://gist.github.com/ 1655511
> . i
> copied the public one to my home:
> cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem
> ~cristi/.spice/spice_ truststore.pem
>
> I had the same problem as in
>
https://bugzilla.redhat.com/ show_bug.cgi?id=880182 . For this I
> needed
> to downgrade libcacard twice (until I had the same version as in the
> bug)
>
> Now spice works with virt-manager.
>
> Can someone tell me where do I need to copy the certificate on ovirt
> in
> order to make spice working over there also?
>
> with which version of boostrap on the engine did you add this host.
>
>
> vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch
>
> And otopi packages installed:
>
> otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch
> otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch
>
>
Any reason to perform certificate enrollment manually?
Alon
It's still not working with the handmade certificates.
I tried to create them because of those errors:
libvirt log:
((null):9248): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not load
certificates from /etc/pki/vdsm/libvirt-spice/
server-cert.pem
((null):9248): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not use
private key file
((null):9248): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not use
CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem
[root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/server-cert.pem
ls: cannot access /etc/pki/vdsm/libvirt-spice/server-cert.pem: No such file
or directory
[root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/ca-cert.pem
ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: No such file or
directory
Spice log:
1355334879 INFO [8950:8950] Application::main: starting 0.12.0
1355334879 INFO [8950:8950] Application::main: command line: spicec
--controller
1355334879 INFO [8950:8950] init_key_map: using evdev mapping
1355334879 INFO [8950:8950] MultyMonScreen::MultyMonScreen: platform_win:
77594625
1355334879 INFO [8950:8950] GUI::GUI:
1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: Creating a foreign
menu connection /tmp/SpiceForeignMenu-8950.uds
1355334879 INFO [8950:8950] Controller::Controller: Creating a controller
connection /tmp/spicec-9GS5mA/spice-xpi
1355334882 INFO [8950:8952] RedPeer::connect_secure: Connected to
cristifalcas.no-ip.org 5902
1355334882 ERROR [8950:8952] RedPeer::connect_secure: failed to connect
w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)
1355334882 WARN [8950:8952] RedChannel::run: SSL Error: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
1355334882 INFO [8950:8950] main: Spice client terminated (exitcode = 7)
I've done this without an improvment:
[root@localhost Ovirt]# /lib/systemd/systemd-vdsmd reconfigure
Configuring libvirt for vdsm...
[root@localhost Ovirt]# systemctl restart libvirtd.service vdsmd.service