On 12/15/2012 1:49 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Jeff Bailey" <bailey@cs.kent.edu> To: users@ovirt.org Sent: Saturday, December 15, 2012 6:28:20 PM Subject: [Users] migration & missing cert - 3.2 alpha
Hi,
I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I try to migrate from one host to the other I get
2012-12-15 15:18:51.381+0000: 1541: error : virNetTLSContextCheckCertFile:113 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
in libvirtd.log on the source host. Is that actually where the cert should be and I should try to track down why it's not there or should it be somewhere else? If it should be somewhere else where would that be configured? The default location for the client certificates seems to be /etc/pki/libvirt which doesn't exist so even with a cacert it still probably wouldn't work. Could this be related to the missing spice certificates (I manually made the symbolic links for those).
Thanks, Jeff This is interesting...
What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file?
In /etc/libvirt/libvirtd.conf on both hosts: ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18 updates-testing repository. Maybe that's the problem. I'll try to install a clean F18 beta with the updates-testing repo disabled.
As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd.
I would like to understand why the default libvirt setting are in effect.
Regards, Alon