On 29/03/12 17:23, David Elliott wrote:
Hi
I'm ovirt node using the latest ovirt-node-iso-2.3.0-1.0.fc16.iso, and having a problem with live migration
After fresh install of node /etc/libvirt/libvirtd.conf listen_tls = 0 listen_tcp = 1 # tcp and tls ports are defaults # tls_port = "16514" #tcp_port = "16509"
[root@ovirt-h-6 ~]# netstat -ant |grep -E "16514|16509" tcp 0 0 0.0.0.0:16509 0.0.0.0:* LISTEN
iptables is set to accept ALL
When migration is attempted - it then tries and fails to use tls
2012-03-28 18:33:15.566+0000: 1622: error : doPeer2PeerMigrate:2129 : operation failed: Failed to connect to remote libvirt URI qemu+tls://192.168.192.230/system
- manually configuring a registered/running node with listen_tls = 1, migration will then succeed
- editing the live-cd and setting "listen_tls=1" , a fresh install then has some problems libvirtd fails to start on install due to a certificate error (which am guessing is installed as part of the node registration process with the engine) "Cannot read CA Certifcate /etc/pki/CA/cacert.pem"
This also causes the setting of hostname/network details to fail during the automated installation; so this seems the wrong way to go
I'm not sure if the problem here is live migration shouldn't be using tls; or that the node registration process should set "listen_tls=1" l; but isn't
Any assistance appreciated
Cheers, Dave
Let's just verify first what libvirt is saying. Can you please post the output of: ls -l /etc/pki/CA/ Also, AFAIR, it should be using /etc/pki/vdsm/certs/cacert.pem Can you take a look in the relevant config files (vdsm mostly) and see how it's defined? Did you happen to manually change it?