On 26 Mar 2016, at 01:19, Bill James <bill.james(a)j2.com>
wrote:
I'm very interested in this too as I have same problem with spice private keys.
can you please paste permissions and selinux status, security context of that
qemu&libvirt process and the inaccessible key file(ps -Z, ls -lZ)?
I wonder if host redeploy would help..did you try to reinstall the host? It should go
through the certificate enrollment again and shouldn’t mess with anything else.
Thanks,
michal
On 3/24/16 2:02 AM, Fabrice Bacchella wrote:
> I' m running on a brand new Centos 7.2 an up to date ovirt 3.6.3.4.
>
> The host is new too and dedicated to ovirt.
>
> When I try to launch a vm, I get :
>
> Thread-9407::ERROR::2016-03-24 09:16:18,301::vm::759::virt.vm::(_startUnderlyingVm)
vmId=`a32e1043-a5a5-4e4c-8436-f7b7a4ff644c`::The vm start process failed
> Traceback (most recent call last):
> File "/usr/share/vdsm/virt/vm.py", line 703, in _startUnderlyingVm
> self._run()
> File "/usr/share/vdsm/virt/vm.py", line 1941, in _run
> self._connection.createXML(domxml, flags),
> File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line
124, in wrapper
> ret = f(*args, **kwargs)
> File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 1313, in
wrapper
> return func(inst, *args, **kwargs)
> File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3611, in
createXML
> if ret is None:raise libvirtError('virDomainCreateXML() failed',
conn=self)
> libvirtError: internal error: process exited while connecting to monitor:
((null):23672): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use private key
file
> 2016-03-24T08:16:18.005359Z qemu-kvm: failed to initialize spice server
>
>
> /var/log/libvirt/qemu/test.log says
>
> 2016-03-24 08:55:48.214+0000: starting up libvirt version: 1.2.17, package:
13.el7_2.3 (CentOS BuildSystem <
http://bugs.centos.org>, 2016-02-16-17:06:00,
worker1.bsys.centos.org), qemu version: 2.3.0 (qemu-kvm-ev-2.3.0-31.el7_2.7.1)
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice
/usr/libexec/qemu-kvm -name test -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu
Haswell-noTSX -m size=2097152k,slots=16,maxmem=4294967296k -realtime mlock=off -smp
2,maxcpus=16,sockets=16,cores=1,threads=1 -numa node,nodeid=0,cpus=0-1,mem=2048 -uuid
a32e1043-a5a5-4e4c-8436-f7b7a4ff644c -smbios type=1,manufacturer=oVirt,product=oVirt
Node,version=7-2.1511.el7.centos.2.10,serial=30373237-3132-5A43-3235-343233333937,uuid=a32e1043-a5a5-4e4c-8436-f7b7a4ff644c
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-test/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=2016-03-24T08:55:46,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet
-no-shutdown -boot menu=on,strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4 -device virtio-serial-pci,
id
> =virtio-serial0,max_ports=16,bus=pci.0,addr=0x5 -drive
if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device
ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive
file=/rhev/data-center/00000001-0001-0001-0001-00000000022a/85d19e93-ee08-41bb-94c9-56adf17287b4/images/da6f49dd-8662-418b-a859-3523b4360c0e/930bbe74-7470-4b22-b096-fdb03276262d,if=none,id=drive-scsi0-0-0-0,format=raw,serial=da6f49dd-8662-418b-a859-3523b4360c0e,cache=none,werror=stop,rerror=stop,aio=native,iops=300
-device
scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1
-netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:16:01:51,bus=pci.0,addr=0x3,bootindex=2
-chardev
socket,id=charserial0,path=/var/run/ovirt-vmconsole-console/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.sock,server,nowait
-device isa-serial,chardev=charserial0,id=serial0 -chardev
socket,id=charchannel0,path=/var/lib/libvirt/q
emu
> /channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.com.redhat.rhevm.vdsm,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm
-chardev
socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.org.qemu.guest_agent.0,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0
-chardev spicevmc,id=charchannel2,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0
-spice
port=5900,tls-port=5901,addr=0,x509-dir=/etc/pki/vdsm/libvirt-spice,seamless-migration=on
-device
qxl-vga,id=video0,ram_size=67108864,vram_size=8388608,vgamem_mb=16,bus=pci.0,addr=0x2
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on
> ((null):29166): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use private
key file
> 2016-03-24T08:55:48.329252Z qemu-kvm: failed to initialize spice server
> 2016-03-24 08:55:48.479+0000: shutting down
>
> and indeed, when I try to strace libvirt :
> open("/etc/pki/vdsm/libvirt-spice/server-key.pem", O_RDONLY) = -1 EACCES
(Permission denied)
>
> chmod a+r /etc/pki/vdsm/libvirt-spice/server-key.pem solved the problem, but it's
obviously not a solution.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users