Re: [Users] migration & missing cert - 3.2 alpha
On 12/15/2012 1:49 PM, Alon Bar-Lev wrote:
----- Original Message -----
> From: "Jeff Bailey" <bailey(a)cs.kent.edu>
> To: users(a)ovirt.org
> Sent: Saturday, December 15, 2012 6:28:20 PM
> Subject: [Users] migration & missing cert - 3.2 alpha
>
> Hi,
>
> I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I
> try
> to migrate from one host to the other I get
>
> 2012-12-15 15:18:51.381+0000: 1541: error :
> virNetTLSContextCheckCertFile:113 :
> Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or
> directory
>
> in libvirtd.log on the source host. Is that actually where the cert
> should be and I should try to track down why it's not there or should
> it
> be somewhere else? If it should be somewhere else where would that
> be
> configured? The default location for the client certificates seems
> to
> be /etc/pki/libvirt which doesn't exist so even with a cacert it
> still
> probably wouldn't work. Could this be related to the missing spice
> certificates (I manually made the symbolic links for those).
>
> Thanks,
> Jeff
This is interesting...
What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file,
key_file?
In /etc/libvirt/libvirtd.conf on both hosts:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18
updates-testing repository. Maybe that's the problem. I'll try to
install a clean F18 beta with the updates-testing repo disabled.
As as far as I seen these variables set to /etc/pki/vdsm/*, I did not
duplicate these files to libvirtd.
I would like to understand why the default libvirt setting are in effect.
Regards,
Alon