any suggestions on how to get ovirt and spice console keys to work correctly? On 03/07/2016 10:09 AM, Bill James wrote:
thanks for the reply. I tried reinstall of one host. Didn't help. Also tried removing the host and reinstalling it. Didn't help.
Looks like server cert & key were regenerated, but not ca-cert.pem.
[root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 2016|tail total 84 -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem -rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem -r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
[root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf spice_tls=1 spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice" ## end of configuration section by vdsm-4.17.0
Chown'd all the files to vdsm:kvm just incase, and rebooted the host. Didn't help.
Changed console back to VNC and it starts up fine.
Seems strange that I could mess up the spice keys just by restarting libvirtd. (service libvirtd restart)
On 03/07/2016 06:15 AM, David Jaša wrote:
Hi,
it looks like you messed up private key location and/or contents. If you "Reinstall" the host in ovirt engine, the keys/certs should get regenerated.
David
On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
I needed to bounce libvirtd after changing a config in libvirt/qemu.conf so import-to-ovirt.pl, but now my VMs with Spice console complain:
libvirtError: internal error: process exited while connecting to monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use private key file
What is the proper way to sync up the key after restarting libvirtd? I even tried rebooting host and restart ovirt-engine and ovirt-engine setup, didn't help.
Work around is just use VNC consoles. But I'd like to get spice working again.
centos 7.2 libvirt-client-1.2.17-13.el7_2.2.x86_64 ovirt-engine-3.6.2.6-1.el7.centos.noarch
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox