8:57 p.m.
On March 27, 2020 12:23:10 PM GMT+02:00, David David <dd432690(a)gmail.com> wrote:
here is debug from opening console.vv by remote-viewer
2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com>:
> David David <dd432690(a)gmail.com> writes:
>
>> yes i have
>> console.vv attached
>
> It looks the same as mine.
>
> There is a difference in our logs, you have
>
> Possible auth 19
>
> while I have
>
> Possible auth 2
>
> So I still suspect a wrong authentication method is used, but I don't
> have any idea why.
>
> Regards,
> Milan
>
>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com>:
>>> David David <dd432690(a)gmail.com> writes:
>>>
>>>> copied from qemu server all certs except "cacrl" to my
desktop-station
>>>> into /etc/pki/
>>>
>>> This is not needed, the CA certificate is included in console.vv
and no
>>> other certificate should be needed.
>>>
>>>> but remote-viewer is still didn't work
>>>
>>> The log looks like remote-viewer is attempting certificate
>>> authentication rather than password authentication. Do you have
>>> password in console.vv? It should look like:
>>>
>>> [virt-viewer]
>>> type=vnc
>>> host=192.168.122.2
>>> port=5900
>>> password=fxLazJu6BUmL
>>> # Password is valid for 120 seconds.
>>> ...
>>>
>>> Regards,
>>> Milan
>>>
>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer(a)redhat.com>:
>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David
<dd432690(a)gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> ovirt 4.3.8.2-1.el7
>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64
>>>>>> remote-viewer version 8.0-3.fc31
>>>>>>
>>>>>> can't open vm console by remote-viewer
>>>>>> vm has vnc console protocol
>>>>>> when click on console button to connect to a vm, the
remote-viewer
>>>>>> console disappear immediately
>>>>>>
>>>>>> remote-viewer debug in attachment
>>>>>
>>>>> You an issue with the certificates:
>>>>>
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238:
>>>>> ../src/vncconnection.c Set credential 2 libvirt
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Searching for certs in /etc/pki
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Searching for certs in /root/.pki
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Failed to find certificate CA/cacert.pem
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c No CA certificate provided, using GNUTLS
global
>>>>> trust
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Failed to find certificate
>>>>> libvirt/private/clientkey.pem
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Failed to find certificate
>>>>> libvirt/clientcert.pem
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Waiting for missing credentials
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c Got all credentials
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>> ../src/vncconnection.c No CA certificate provided; trying the
system
>>>>> trust store instead
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>> ../src/vncconnection.c Using the system trust store and CRL
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>> ../src/vncconnection.c No client cert or key provided
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>> ../src/vncconnection.c No CA revocation list provided
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241:
>>>>> ../src/vncconnection.c Handshake was blocking
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243:
>>>>> ../src/vncconnection.c Handshake was blocking
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251:
>>>>> ../src/vncconnection.c Handshake was blocking
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>>>>> ../src/vncconnection.c Handshake done
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>>>>> ../src/vncconnection.c Validating
>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301:
>>>>> ../src/vncconnection.c Error: The certificate is not trusted
>>>>>
>>>>> Adding people that may know more about this.
>>>>>
>>>>> Nir
>>>>>
>>>>>
>>>
>>>
>
>
Hello,
You can try to take the engine's CA (maybe it's useless) and put it on your
system in:
/etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then run
update-ca-trust
Best Regards,
Strahil Nikolov