yes i have console.vv attached 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal@redhat.com>:
David David <dd432690@gmail.com> writes:
copied from qemu server all certs except "cacrl" to my desktop-station into /etc/pki/
This is not needed, the CA certificate is included in console.vv and no other certificate should be needed.
but remote-viewer is still didn't work
The log looks like remote-viewer is attempting certificate authentication rather than password authentication. Do you have password in console.vv? It should look like:
[virt-viewer] type=vnc host=192.168.122.2 port=5900 password=fxLazJu6BUmL # Password is valid for 120 seconds. ...
Regards, Milan
2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer@redhat.com>:
On Wed, Mar 25, 2020 at 12:45 PM David David <dd432690@gmail.com> wrote:
ovirt 4.3.8.2-1.el7 gtk-vnc2-1.0.0-1.fc31.x86_64 remote-viewer version 8.0-3.fc31
can't open vm console by remote-viewer vm has vnc console protocol when click on console button to connect to a vm, the remote-viewer console disappear immediately
remote-viewer debug in attachment
You an issue with the certificates:
(remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: ../src/vncconnection.c Set credential 2 libvirt (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Searching for certs in /etc/pki (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Searching for certs in /root/.pki (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Failed to find certificate CA/cacert.pem (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c No CA certificate provided, using GNUTLS global trust (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Failed to find certificate CA/cacrl.pem (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Failed to find certificate libvirt/private/clientkey.pem (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Failed to find certificate libvirt/clientcert.pem (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Waiting for missing credentials (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c Got all credentials (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: ../src/vncconnection.c No CA certificate provided; trying the system trust store instead (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: ../src/vncconnection.c Using the system trust store and CRL (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: ../src/vncconnection.c No client cert or key provided (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: ../src/vncconnection.c No CA revocation list provided (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: ../src/vncconnection.c Handshake was blocking (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: ../src/vncconnection.c Handshake was blocking (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: ../src/vncconnection.c Handshake was blocking (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: ../src/vncconnection.c Handshake done (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: ../src/vncconnection.c Validating (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: ../src/vncconnection.c Error: The certificate is not trusted
Adding people that may know more about this.
Nir