On Wed, Oct 28, 2015 at 4:10 PM, Simone Tiraboschi <stirabos@redhat.com> wrote:


It's not a regression cause the hosted-engine storage domain wasn't neither visible in 3.5.
Once again, also if you see it in the engine you cannot use it for anything apart from the engine VM itself, you still have to add another storage domain for regular VMs.
 

understood. But I'm also not able to connect to the sh engine VM itself via spice, so in case of problems with the engine, you are not able to connect to it via web admin (that is ok), but I don't see any way to understand its state to be able to debug/resolve problems...

Are there any command line commands to run to see status of sh engine VM?

Joop, are you able to access your sh engine console? Is it vnc or spice?

under hypervisor in

/etc/pki/vdsm/certs/

[root@ovc71 certs]# ll
total 16
-rw-r--r--. 1 root kvm 1415 Oct 26 16:17 cacert.pem
-rw-------. 1 vdsm kvm 1131 Oct 26 14:43 cacert.pem.20151026161748
-rw-r--r--. 1 root kvm 1623 Oct 26 16:17 vdsmcert.pem
-rw-------. 1 vdsm kvm 1249 Oct 26 14:43 vdsmcert.pem.20151026161748


During install I was able to connect via
remote-viewer --spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem spice://localhost?tls-port=5900 --spice-host-subject="C=EN, L=Test, O=Test, CN=Test"

using the fie that was then renamed in ca-cert.pem.20151026161748:
[root@ovc71 certs]#  openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem.20151026161748 -noout -text  | grep Subject
        Subject: C=EN, L=Test, O=Test, CN=TestCA
        Subject Public Key Info:
            X509v3 Subject Key Identifier: 

But I'm not able to connect based on the current certificate:
[root@ovc71 certs]#  openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -text  | grep Subject
        Subject: C=US, O=localdomain.local, CN=shengine.localdomain.local.37976
        Subject Public Key Info:
            X509v3 Subject Key Identifier:



[root@ovc71 certs]# hosted-engine --add-console-password
Enter password: 
code = 0
message = 'Done'



Also from hypervisor itself:

[root@ovc71 ~]# remote-viewer --spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem spice://ovc71.localdomain.local?tls-port=5900 --spice-host-subject="C=US, O=localdomain.local, CN=shengine.localdomain.local.37976"

** (remote-viewer:7992): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-QzfEVK7OiG: Connection refused
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.
(/usr/bin/remote-viewer:7992): Spice-Warning **: ssl_verify.c:492:openssl_verify: ssl: subject 'C=US, O=localdomain.local, CN=shengine.localdomain.local.37976' verification failed
(/usr/bin/remote-viewer:7992): Spice-Warning **: ssl_verify.c:494:openssl_verify: ssl: verification failed

(remote-viewer:7992): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)


The error in remote-viewer windows:
Unable to connect to the graphic server spice://ovc71.localdomain.local?tls-port=5900