11:03 a.m.
David David <dd432690(a)gmail.com> writes:
solved using this link
https://bugzilla.redhat.com/show_bug.cgi?id=1672587
Great, good to know.
чт, 2 апр. 2020 г. в 16:11, Milan Zamazal
<mzamazal(a)redhat.com>:
> David David <dd432690(a)gmail.com> writes:
>
> > can connect to a vm which has spice console protocol by remote-viewer but
> > that not working with vnc protocol
> > the remote-viewer can't validate the server certs, is this a bug on the
> > remote-viewerside or in the hypervisor?
> > this problem is generally known? will it be fixed?
>
> It works for me, so it's either a problem with your remote-viewer or an
> unknown problem on the oVirt side. I'd suggest paying attention to the
> authentication method negotiation as pointed out earlier. I'm not
> expert in that area, so I can't help you with that but maybe someone
> else can.
>
> Regards,
> Milan
>
> > вс, 29 мар. 2020 г. в 12:52, David David <dd432690(a)gmail.com>:
> >
> >> there is no such problem with the ovirt-engine 4.2.5.2-1.el7
> >> it appeared when upgrading to 4.3.*
> >>
> >> вс, 29 мар. 2020 г. в 12:46, David David <dd432690(a)gmail.com>:
> >>
> >>> tested on four different workstations with: fedora20, fedora31 and
> >>> windows10(remote-manager last vers)
> >>>
> >>> вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov
<hunter86_bg(a)yahoo.com>:
> >>>
> >>>> On March 29, 2020 9:47:02 AM GMT+03:00, David David <
> dd432690(a)gmail.com>
> >>>> wrote:
> >>>> >I did as you said:
> >>>> >copied from engine /etc/ovirt-engine/ca.pem onto my desktop
into
> >>>> >/etc/pki/ca-trust/source/anchors and then run update-ca-trust
> >>>> >it didn’t help, still the same errors
> >>>> >
> >>>> >
> >>>> >пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov
<hunter86_bg(a)yahoo.com
> >:
> >>>> >
> >>>> >> On March 27, 2020 12:23:10 PM GMT+02:00, David David
> >>>> ><dd432690(a)gmail.com>
> >>>> >> wrote:
> >>>> >> >here is debug from opening console.vv by remote-viewer
> >>>> >> >
> >>>> >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal
<mzamazal(a)redhat.com>:
> >>>> >> >> David David <dd432690(a)gmail.com> writes:
> >>>> >> >>
> >>>> >> >>> yes i have
> >>>> >> >>> console.vv attached
> >>>> >> >>
> >>>> >> >> It looks the same as mine.
> >>>> >> >>
> >>>> >> >> There is a difference in our logs, you have
> >>>> >> >>
> >>>> >> >> Possible auth 19
> >>>> >> >>
> >>>> >> >> while I have
> >>>> >> >>
> >>>> >> >> Possible auth 2
> >>>> >> >>
> >>>> >> >> So I still suspect a wrong authentication method
is used, but I
> >>>> >don't
> >>>> >> >> have any idea why.
> >>>> >> >>
> >>>> >> >> Regards,
> >>>> >> >> Milan
> >>>> >> >>
> >>>> >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal
<mzamazal(a)redhat.com
> >:
> >>>> >> >>>> David David <dd432690(a)gmail.com>
writes:
> >>>> >> >>>>
> >>>> >> >>>>> copied from qemu server all certs
except "cacrl" to my
> >>>> >> >desktop-station
> >>>> >> >>>>> into /etc/pki/
> >>>> >> >>>>
> >>>> >> >>>> This is not needed, the CA certificate is
included in
> console.vv
> >>>> >> >and no
> >>>> >> >>>> other certificate should be needed.
> >>>> >> >>>>
> >>>> >> >>>>> but remote-viewer is still didn't
work
> >>>> >> >>>>
> >>>> >> >>>> The log looks like remote-viewer is
attempting certificate
> >>>> >> >>>> authentication rather than password
authentication. Do you
> have
> >>>> >> >>>> password in console.vv? It should look
like:
> >>>> >> >>>>
> >>>> >> >>>> [virt-viewer]
> >>>> >> >>>> type=vnc
> >>>> >> >>>> host=192.168.122.2
> >>>> >> >>>> port=5900
> >>>> >> >>>> password=fxLazJu6BUmL
> >>>> >> >>>> # Password is valid for 120 seconds.
> >>>> >> >>>> ...
> >>>> >> >>>>
> >>>> >> >>>> Regards,
> >>>> >> >>>> Milan
> >>>> >> >>>>
> >>>> >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer
<nsoffer(a)redhat.com>:
> >>>> >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM
David David
> >>>> ><dd432690(a)gmail.com>
> >>>> >> >>>>>> wrote:
> >>>> >> >>>>>>>
> >>>> >> >>>>>>> ovirt 4.3.8.2-1.el7
> >>>> >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64
> >>>> >> >>>>>>> remote-viewer version
8.0-3.fc31
> >>>> >> >>>>>>>
> >>>> >> >>>>>>> can't open vm console by
remote-viewer
> >>>> >> >>>>>>> vm has vnc console protocol
> >>>> >> >>>>>>> when click on console button
to connect to a vm, the
> >>>> >> >remote-viewer
> >>>> >> >>>>>>> console disappear immediately
> >>>> >> >>>>>>>
> >>>> >> >>>>>>> remote-viewer debug in
attachment
> >>>> >> >>>>>>
> >>>> >> >>>>>> You an issue with the
certificates:
> >>>> >> >>>>>>
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.238:
> >>>> >> >>>>>> ../src/vncconnection.c Set
credential 2 libvirt
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Searching
for certs in /etc/pki
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Searching
for certs in /root/.pki
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Failed to
find certificate
> >>>> >CA/cacert.pem
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c No CA
certificate provided, using
> >>>> >GNUTLS
> >>>> >> >global
> >>>> >> >>>>>> trust
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Failed to
find certificate
> CA/cacrl.pem
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Failed to
find certificate
> >>>> >> >>>>>> libvirt/private/clientkey.pem
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Failed to
find certificate
> >>>> >> >>>>>> libvirt/clientcert.pem
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Waiting for
missing credentials
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c Got all
credentials
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.239:
> >>>> >> >>>>>> ../src/vncconnection.c No CA
certificate provided; trying
> the
> >>>> >> >system
> >>>> >> >>>>>> trust store instead
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.240:
> >>>> >> >>>>>> ../src/vncconnection.c Using the
system trust store and CRL
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.240:
> >>>> >> >>>>>> ../src/vncconnection.c No client
cert or key provided
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.240:
> >>>> >> >>>>>> ../src/vncconnection.c No CA
revocation list provided
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.241:
> >>>> >> >>>>>> ../src/vncconnection.c Handshake
was blocking
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.243:
> >>>> >> >>>>>> ../src/vncconnection.c Handshake
was blocking
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.251:
> >>>> >> >>>>>> ../src/vncconnection.c Handshake
was blocking
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.298:
> >>>> >> >>>>>> ../src/vncconnection.c Handshake
done
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.298:
> >>>> >> >>>>>> ../src/vncconnection.c Validating
> >>>> >> >>>>>> (remote-viewer:2721):
gtk-vnc-DEBUG: 11:56:25.301:
> >>>> >> >>>>>> ../src/vncconnection.c Error: The
certificate is not trusted
> >>>> >> >>>>>>
> >>>> >> >>>>>> Adding people that may know more
about this.
> >>>> >> >>>>>>
> >>>> >> >>>>>> Nir
> >>>> >> >>>>>>
> >>>> >> >>>>>>
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>
> >>>> >> >>
> >>>> >>
> >>>> >> Hello,
> >>>> >>
> >>>> >> You can try to take the engine's CA (maybe it's
useless) and put
> it
> >>>> >on
> >>>> >> your system in:
> >>>> >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a
Fedora) and
> then
> >>>> >run
> >>>> >> update-ca-trust
> >>>> >>
> >>>> >> Best Regards,
> >>>> >> Strahil Nikolov
> >>>> >>
> >>>>
> >>>> Hey David,
> >>>>
> >>>> What is you workstation's OS ?
> >>>> Also, have you tried from another workstation ?
> >>>>
> >>>> Best Regards,
> >>>> Strahil Nikolov
> >>>>
> >>>
> > _______________________________________________
> > Users mailing list -- users(a)ovirt.org
> > To unsubscribe send an email to users-leave(a)ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MACDEEWMWOT...
>
>