On Wed, Oct 28, 2015 at 4:10 PM, Simone Tiraboschi <stirabos(a)redhat.com>
wrote:
It's not a regression cause the hosted-engine storage domain wasn't
neither visible in 3.5.
Once again, also if you see it in the engine you cannot use it for
anything apart from the engine VM itself, you still have to add another
storage domain for regular VMs.
understood. But I'm also not able to connect to the sh engine VM itself via
spice, so in case of problems with the engine, you are not able to connect
to it via web admin (that is ok), but I don't see any way to understand its
state to be able to debug/resolve problems...
Are there any command line commands to run to see status of sh engine VM?
Joop, are you able to access your sh engine console? Is it vnc or spice?
under hypervisor in
/etc/pki/vdsm/certs/
[root@ovc71 certs]# ll
total 16
-rw-r--r--. 1 root kvm 1415 Oct 26 16:17 cacert.pem
-rw-------. 1 vdsm kvm 1131 Oct 26 14:43 cacert.pem.20151026161748
-rw-r--r--. 1 root kvm 1623 Oct 26 16:17 vdsmcert.pem
-rw-------. 1 vdsm kvm 1249 Oct 26 14:43 vdsmcert.pem.20151026161748
During install I was able to connect via
remote-viewer --spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem
spice://localhost?tls-port=5900 --spice-host-subject="C=EN, L=Test, O=Test,
CN=Test"
using the fie that was then renamed in ca-cert.pem.20151026161748:
[root@ovc71 certs]# openssl x509 -in
/etc/pki/vdsm/libvirt-spice/ca-cert.pem.20151026161748 -noout -text | grep
Subject
Subject: C=EN, L=Test, O=Test, CN=TestCA
Subject Public Key Info:
X509v3 Subject Key Identifier:
But I'm not able to connect based on the current certificate:
[root@ovc71 certs]# openssl x509 -in
/etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -text | grep Subject
Subject: C=US, O=localdomain.local,
CN=shengine.localdomain.local.37976
Subject Public Key Info:
X509v3 Subject Key Identifier:
[root@ovc71 certs]# hosted-engine --add-console-password
Enter password:
code = 0
message = 'Done'
Also from hypervisor itself:
[root@ovc71 ~]# remote-viewer
--spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem
spice://ovc71.localdomain.local?tls-port=5900 --spice-host-subject="C=US,
O=localdomain.local, CN=shengine.localdomain.local.37976"
** (remote-viewer:7992): WARNING **: Couldn't connect to accessibility bus:
Failed to connect to socket /tmp/dbus-QzfEVK7OiG: Connection refused
GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will
not be saved or shared with other applications.
(/usr/bin/remote-viewer:7992): Spice-Warning **:
ssl_verify.c:492:openssl_verify: ssl: subject 'C=US, O=localdomain.local,
CN=shengine.localdomain.local.37976' verification failed
(/usr/bin/remote-viewer:7992): Spice-Warning **:
ssl_verify.c:494:openssl_verify: ssl: verification failed
(remote-viewer:7992): GSpice-WARNING **: main-1:0: SSL_connect:
error:00000001:lib(0):func(0):reason(1)
The error in remote-viewer windows:
Unable to connect to the graphic server
spice://ovc71.localdomain.local?tls-port=5900