8:43 p.m.
The only problem with spice certs in oVirt I remember over the last 5
years concerns certificate encoding - which bit only users who used
non-ascii characters in Organization. The bugs (private RHEV
unfortunately) should be fixed for quite some time - and the fix
involved certificate regeneration. You can see it in recent versions of
engine setup...
Otherwise, it was really transparent process. Try removing
the /etc/pki/vdsm/libvirt-spice directory, reinstalling package that
owns it (yum reinstall vdsm) and reinstalling host in RHEV. You should
get 100 % fresh certs by this time.
BTW when I was meddling with libvirt settings on oVirt host last time,
vdsm complained and refused to work. Doesn't it say something
interesting about it?
David
On Út, 2016-03-08 at 09:11 -0800, Bill James wrote:
any suggestions on how to get ovirt and spice console keys to work
correctly?
On 03/07/2016 10:09 AM, Bill James wrote:
> thanks for the reply.
> I tried reinstall of one host. Didn't help.
> Also tried removing the host and reinstalling it. Didn't help.
>
> Looks like server cert & key were regenerated, but not ca-cert.pem.
>
>
> [root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v
> 2016|tail
> total 84
> -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
> -rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem
> -r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
>
> [root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
> spice_tls=1
> spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
> ## end of configuration section by vdsm-4.17.0
>
> Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
> Didn't help.
>
> Changed console back to VNC and it starts up fine.
>
>
> Seems strange that I could mess up the spice keys just by restarting
> libvirtd. (service libvirtd restart)
>
>
>
> On 03/07/2016 06:15 AM, David Jaša wrote:
>> Hi,
>>
>> it looks like you messed up private key location and/or contents. If you
>> "Reinstall" the host in ovirt engine, the keys/certs should get
>> regenerated.
>>
>> David
>>
>> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>>> I needed to bounce libvirtd after changing a config in
>>> libvirt/qemu.conf
>>> so import-to-ovirt.pl,
>>> but now my VMs with Spice console complain:
>>>
>>> libvirtError: internal error: process exited while connecting to
>>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>>> Could not use private key file
>>>
>>> What is the proper way to sync up the key after restarting libvirtd?
>>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>>> setup, didn't help.
>>>
>>> Work around is just use VNC consoles. But I'd like to get spice working
>>> again.
>>>
>>> centos 7.2
>>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>>
>>>
>>>
>>> Cloud Services for Business www.j2.com
>>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users