Re: [Users] RHEV-m hosts with certs configured

Hi, I have couple of RHEV hosts (ovpxen,RHV2, RHV10 etc) and i'm trying to connect from one of the client machine (C1). All the RHEV host have libvirt modified by vdsm. It looks like the below ## beginning of configuration section by vdsm-4.10.2 listen_addr="0.0.0.0" unix_sock_group="kvm" unix_sock_rw_perms="0770" auth_unix_rw="sasl" host_uuid="036118ab-705f-4aeb-9a13-013dc8af6b41" keepalive_interval=-1 log_outputs="1:file:/var/log/libvirtd.log" log_filters="3:virobject 3:virfile 2:virnetlink 3:cgroup 3:event 3:json 1:libvirt 1:util 1:qemu" ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" ## end of configuration section by vdsm-4.10.2 # ls bkp-2013-08-16_110734_cacert.pem cacert.pem vdsmcert.pem bkp-2013-08-16_110734_vdsmcert.pem engine_web_ca.pem [root@ovpxen certs]# pwd /etc/pki/vdsm/certs [root@ovpxen certs]# certtool -i --infile engine_web_ca.pem | head X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Validity: Not Before: Wed Jan 23 13:24:14 UTC 2013 Not After: Sun Jan 22 07:54:14 UTC 2023 Subject: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Subject Public Key Algorithm: RSA Modulus (bits 1024): certtool -i --infile cacert.pem | head X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Validity: Not Before: Wed Jan 23 13:24:14 UTC 2013 Not After: Sun Jan 22 07:54:14 UTC 2023 Subject: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Subject Public Key Algorithm: RSA Modulus (bits 1024): [root@ovpxen certs]# certtool -i --infile vdsmcert.pem | head X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Validity: Not Before: Thu Aug 15 11:09:22 UTC 2013 Not After: Wed Aug 15 05:39:22 UTC 2018 Subject: O=HP,CN=16.184.46.53 Subject Public Key Algorithm: RSA Modulus (bits 2048): Now from the client C1 which cert should i place in /etc/pki/CA/cacert.pem so that i can access from the client using the URI qemu+tls://ovpxen.ind.hp.com/system <http://ovpxen.ind.hp.com/system>;. Please note the host IWFVM00772.hpswlabs.adapps.hp.com <http://IWFVM00772.hpswlabs.adapps.hp.com> is ovirt managed host. It is not the client. My problem here is i can't change the hypervisor hosts as there are too many of them and it is configured by vdsm . What certs should i take from host so that i can use it in the client so that i can connect to multiple hosts from the client using virsh or virt-manager . I need tls as remote protocol as i'm trying to automate commands.