[ovirt-users] Re: vm console problem

tested on four different workstations with: fedora20, fedora31 and windows10(remote-manager last vers) вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov <hunter86_bg(a)yahoo.com&gt;: > On March 29, 2020 9:47:02 AM GMT+03:00, David David <dd432690(a)gmail.com&gt; > wrote: > >I did as you said: > >copied from engine /etc/ovirt-engine/ca.pem onto my desktop into > >/etc/pki/ca-trust/source/anchors and then run update-ca-trust > >it didn’t help, still the same errors > > > > > >пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86_bg(a)yahoo.com&gt;: > > > >> On March 27, 2020 12:23:10 PM GMT+02:00, David David > &gt;&lt;dd432690(a)gmail.com&gt; > >> wrote: > >> >here is debug from opening console.vv by remote-viewer > >> > > >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com&gt;: > >> >> David David <dd432690(a)gmail.com&gt; writes: > >> >> > >> >>> yes i have > >> >>> console.vv attached > >> >> > >> >> It looks the same as mine. > >> >> > >> >> There is a difference in our logs, you have > >> >> > >> >> Possible auth 19 > >> >> > >> >> while I have > >> >> > >> >> Possible auth 2 > >> >> > >> >> So I still suspect a wrong authentication method is used, but I > >don't > >> >> have any idea why. > >> >> > >> >> Regards, > >> >> Milan > >> >> > >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com&gt;: > >> >>>> David David <dd432690(a)gmail.com&gt; writes: > >> >>>> > >> >>>>> copied from qemu server all certs except "cacrl" to my > >> >desktop-station > >> >>>>> into /etc/pki/ > >> >>>> > >> >>>> This is not needed, the CA certificate is included in console.vv > >> >and no > >> >>>> other certificate should be needed. > >> >>>> > >> >>>>> but remote-viewer is still didn't work > >> >>>> > >> >>>> The log looks like remote-viewer is attempting certificate > >> >>>> authentication rather than password authentication. Do you have > >> >>>> password in console.vv? It should look like: > >> >>>> > >> >>>> [virt-viewer] > >> >>>> type=vnc > >> >>>> host=192.168.122.2 > >> >>>> port=5900 > >> >>>> password=fxLazJu6BUmL > >> >>>> # Password is valid for 120 seconds. > >> >>>> ... > >> >>>> > >> >>>> Regards, > >> >>>> Milan > >> >>>> > >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer(a)redhat.com&gt;: > >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David > &gt;&lt;dd432690(a)gmail.com&gt; > >> >>>>>> wrote: > >> >>>>>>> > >> >>>>>>> ovirt 4.3.8.2-1.el7 > >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 > >> >>>>>>> remote-viewer version 8.0-3.fc31 > >> >>>>>>> > >> >>>>>>> can't open vm console by remote-viewer > >> >>>>>>> vm has vnc console protocol > >> >>>>>>> when click on console button to connect to a vm, the > >> >remote-viewer > >> >>>>>>> console disappear immediately > >> >>>>>>> > >> >>>>>>> remote-viewer debug in attachment > >> >>>>>> > >> >>>>>> You an issue with the certificates: > >> >>>>>> > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: > >> >>>>>> ../src/vncconnection.c Set credential 2 libvirt > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Failed to find certificate > >CA/cacert.pem > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c No CA certificate provided, using > >GNUTLS > >> >global > >> >>>>>> trust > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Failed to find certificate > >> >>>>>> libvirt/private/clientkey.pem > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Failed to find certificate > >> >>>>>> libvirt/clientcert.pem > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Waiting for missing credentials > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c Got all credentials > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >> >>>>>> ../src/vncconnection.c No CA certificate provided; trying the > >> >system > >> >>>>>> trust store instead > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >> >>>>>> ../src/vncconnection.c Using the system trust store and CRL > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >> >>>>>> ../src/vncconnection.c No client cert or key provided > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >> >>>>>> ../src/vncconnection.c No CA revocation list provided > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: > >> >>>>>> ../src/vncconnection.c Handshake was blocking > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: > >> >>>>>> ../src/vncconnection.c Handshake was blocking > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: > >> >>>>>> ../src/vncconnection.c Handshake was blocking > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >> >>>>>> ../src/vncconnection.c Handshake done > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >> >>>>>> ../src/vncconnection.c Validating > >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: > >> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted > >> >>>>>> > >> >>>>>> Adding people that may know more about this. > >> >>>>>> > >> >>>>>> Nir > >> >>>>>> > >> >>>>>> > >> >>>> > >> >>>> > >> >> > >> >> > >> > >> Hello, > >> > >> You can try to take the engine's CA (maybe it's useless) and put it > >on > >> your system in: > >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then > >run > >> update-ca-trust > >> > >> Best Regards, > >> Strahil Nikolov > >> > > Hey David, > > What is you workstation's OS ? > Also, have you tried from another workstation ? > > Best Regards, > Strahil Nikolov >