[ovirt-users] Re: vm console problem

I did as you said: copied from engine /etc/ovirt-engine/ca.pem onto my desktop into /etc/pki/ca-trust/source/anchors and then run update-ca-trust it didn’t help, still the same errors пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86_bg(a)yahoo.com&gt;: > On March 27, 2020 12:23:10 PM GMT+02:00, David David <dd432690(a)gmail.com&gt; > wrote: > >here is debug from opening console.vv by remote-viewer > > > >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com&gt;: > >> David David <dd432690(a)gmail.com&gt; writes: > >> > >>> yes i have > >>> console.vv attached > >> > >> It looks the same as mine. > >> > >> There is a difference in our logs, you have > >> > >> Possible auth 19 > >> > >> while I have > >> > >> Possible auth 2 > >> > >> So I still suspect a wrong authentication method is used, but I don't > >> have any idea why. > >> > >> Regards, > >> Milan > >> > >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal(a)redhat.com&gt;: > >>>> David David <dd432690(a)gmail.com&gt; writes: > >>>> > >>>>> copied from qemu server all certs except "cacrl" to my > >desktop-station > >>>>> into /etc/pki/ > >>>> > >>>> This is not needed, the CA certificate is included in console.vv > >and no > >>>> other certificate should be needed. > >>>> > >>>>> but remote-viewer is still didn't work > >>>> > >>>> The log looks like remote-viewer is attempting certificate > >>>> authentication rather than password authentication. Do you have > >>>> password in console.vv? It should look like: > >>>> > >>>> [virt-viewer] > >>>> type=vnc > >>>> host=192.168.122.2 > >>>> port=5900 > >>>> password=fxLazJu6BUmL > >>>> # Password is valid for 120 seconds. > >>>> ... > >>>> > >>>> Regards, > >>>> Milan > >>>> > >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer(a)redhat.com&gt;: > >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David <dd432690(a)gmail.com&gt; > >>>>>> wrote: > >>>>>>> > >>>>>>> ovirt 4.3.8.2-1.el7 > >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 > >>>>>>> remote-viewer version 8.0-3.fc31 > >>>>>>> > >>>>>>> can't open vm console by remote-viewer > >>>>>>> vm has vnc console protocol > >>>>>>> when click on console button to connect to a vm, the > >remote-viewer > >>>>>>> console disappear immediately > >>>>>>> > >>>>>>> remote-viewer debug in attachment > >>>>>> > >>>>>> You an issue with the certificates: > >>>>>> > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: > >>>>>> ../src/vncconnection.c Set credential 2 libvirt > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacert.pem > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c No CA certificate provided, using GNUTLS > >global > >>>>>> trust > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Failed to find certificate > >>>>>> libvirt/private/clientkey.pem > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Failed to find certificate > >>>>>> libvirt/clientcert.pem > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Waiting for missing credentials > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c Got all credentials > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: > >>>>>> ../src/vncconnection.c No CA certificate provided; trying the > >system > >>>>>> trust store instead > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>>>> ../src/vncconnection.c Using the system trust store and CRL > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>>>> ../src/vncconnection.c No client cert or key provided > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: > >>>>>> ../src/vncconnection.c No CA revocation list provided > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: > >>>>>> ../src/vncconnection.c Handshake was blocking > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: > >>>>>> ../src/vncconnection.c Handshake was blocking > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: > >>>>>> ../src/vncconnection.c Handshake was blocking > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >>>>>> ../src/vncconnection.c Handshake done > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: > >>>>>> ../src/vncconnection.c Validating > >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: > >>>>>> ../src/vncconnection.c Error: The certificate is not trusted > >>>>>> > >>>>>> Adding people that may know more about this. > >>>>>> > >>>>>> Nir > >>>>>> > >>>>>> > >>>> > >>>> > >> > >> > > Hello, > > You can try to take the engine's CA (maybe it's useless) and put it on > your system in: > /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then run > update-ca-trust > > Best Regards, > Strahil Nikolov >