Re: [ovirt-users] regenerate libvirt-spice keys after libvirtd restart?

thanks for the reply. I tried reinstall of one host. Didn't help. Also tried removing the host and reinstalling it. Didn't help. Looks like server cert & key were regenerated, but not ca-cert.pem. [root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 2016|tail total 84 -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem -rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem -r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem [root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf spice_tls=1 spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice" ## end of configuration section by vdsm-4.17.0 Chown'd all the files to vdsm:kvm just incase, and rebooted the host. Didn't help. Changed console back to VNC and it starts up fine. Seems strange that I could mess up the spice keys just by restarting libvirtd. (service libvirtd restart) On 03/07/2016 06:15 AM, David Jaša wrote: > Hi, > > it looks like you messed up private key location and/or contents. If you > "Reinstall" the host in ovirt engine, the keys/certs should get > regenerated. > > David > > On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote: >> I needed to bounce libvirtd after changing a config in >> libvirt/qemu.conf >> so import-to-ovirt.pl, >> but now my VMs with Spice console complain: >> >> libvirtError: internal error: process exited while connecting to >> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl: >> Could not use private key file >> >> What is the proper way to sync up the key after restarting libvirtd? >> I even tried rebooting host and restart ovirt-engine and ovirt-engine >> setup, didn't help. >> >> Work around is just use VNC consoles. But I'd like to get spice working >> again. >> >> centos 7.2 >> libvirt-client-1.2.17-13.el7_2.2.x86_64 >> ovirt-engine-3.6.2.6-1.el7.centos.noarch >> >> >> >> Cloud Services for Business www.j2.com >> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox >>