Re: [Users] Spice issues with latest vdsm (was Re: Cannot find suitable CPU model for given data)

From: "Cristian Falcas" <cristi.falcas(a)gmail.com&gt; To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; Cc: "Roy Golan" <rgolan(a)redhat.com&gt;, users(a)ovirt.org, "Juan Antonio Hernandez Fernandez" <jhernand(a)redhat.com&gt;, "David Jaša" <djasa(a)redhat.com&gt;, "Itamar Heim" <iheim(a)redhat.com&gt; Sent: Thursday, December 13, 2012 2:01:22 AM Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot find suitable CPU model for given data) On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev < alonbl(a)redhat.com > wrote: ----- Original Message ----- > From: "Cristian Falcas" < cristi.falcas(a)gmail.com > > To: "Itamar Heim" < iheim(a)redhat.com > > Cc: "Roy Golan" < rgolan(a)redhat.com >, users(a)ovirt.org , "Alon > Bar-Lev" < alonbl(a)redhat.com >, "Juan Antonio Hernandez > Fernandez" < jhernand(a)redhat.com >, "David Jaša" < djasa(a)redhat.com > > > Sent: Wednesday, December 12, 2012 11:21:32 PM > Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot > find suitable CPU model for given data) > > > > > > > On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < iheim(a)redhat.com > > wrote: > > > On 12/12/2012 10:39 PM, Cristian Falcas wrote: > > > Hi, > > i don't know if I should start a new thread for the spice problems. > Here > goes some improvements: > > I created the certificates like per https://gist.github.com/ > 1655511 > . i > copied the public one to my home: > cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem > ~cristi/.spice/spice_ truststore.pem > > I had the same problem as in > https://bugzilla.redhat.com/ show_bug.cgi?id=880182 . For this I > needed > to downgrade libcacard twice (until I had the same version as in > the > bug) > > Now spice works with virt-manager. > > Can someone tell me where do I need to copy the certificate on > ovirt > in > order to make spice working over there also? > > with which version of boostrap on the engine did you add this host. > > > vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch > > And otopi packages installed: > > otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > > Any reason to perform certificate enrollment manually? Alon It's still not working with the handmade certificates. I tried to create them because of those errors: libvirt log: ((null):9248): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not load certificates from /etc/pki/vdsm/libvirt-spice/ server-cert.pem ((null):9248): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not use private key file ((null):9248): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem [root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/server-cert.pem ls: cannot access /etc/pki/vdsm/libvirt-spice/server-cert.pem: No such file or directory [root@localhost Ovirt]# ls -la /etc/pki/vdsm/libvirt-spice/ca-cert.pem ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: No such file or directory Spice log: 1355334879 INFO [8950:8950] Application::main: starting 0.12.0 1355334879 INFO [8950:8950] Application::main: command line: spicec --controller 1355334879 INFO [8950:8950] init_key_map: using evdev mapping 1355334879 INFO [8950:8950] MultyMonScreen::MultyMonScreen: platform_win: 77594625 1355334879 INFO [8950:8950] GUI::GUI: 1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: Creating a foreign menu connection /tmp/SpiceForeignMenu-8950.uds 1355334879 INFO [8950:8950] Controller::Controller: Creating a controller connection /tmp/spicec-9GS5mA/spice-xpi 1355334882 INFO [8950:8952] RedPeer::connect_secure: Connected to cristifalcas.no-ip.org 5902 1355334882 ERROR [8950:8952] RedPeer::connect_secure: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1) 1355334882 WARN [8950:8952] RedChannel::run: SSL Error: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure 1355334882 INFO [8950:8950] main: Spice client terminated (exitcode = 7) I've done this without an improvment: [root@localhost Ovirt]# /lib/systemd/systemd-vdsmd reconfigure Configuring libvirt for vdsm... [root@localhost Ovirt]# systemctl restart libvirtd.service vdsmd.service