9:16 p.m.
I needed to bounce libvirtd after changing a config in libvirt/qemu.conf
so import-to-ovirt.pl,
but now my VMs with Spice console complain:
libvirtError: internal error: process exited while connecting to
monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
Could not use private key file
What is the proper way to sync up the key after restarting libvirtd?
I even tried rebooting host and restart ovirt-engine and ovirt-engine
setup, didn't help.
Work around is just use VNC consoles. But I'd like to get spice working
again.
centos 7.2
libvirt-client-1.2.17-13.el7_2.2.x86_64
ovirt-engine-3.6.2.6-1.el7.centos.noarch
Cloud Services for Business www.j2.com
j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
This email, its contents and attachments contain information from j2 Global, Inc. and/or
its affiliates which may be privileged, confidential or otherwise protected from
disclosure. The information is intended to be for the addressee(s) only. If you are not an
addressee, any disclosure, copy, distribution, or use of the contents of this message is
prohibited. If you have received this email in error please notify the sender by reply
e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights
reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered
trademarks of j2 Global, Inc. and its affiliates.
5:15 p.m.
Hi,
it looks like you messed up private key location and/or contents. If you
"Reinstall" the host in ovirt engine, the keys/certs should get
regenerated.
David
On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
I needed to bounce libvirtd after changing a config in
libvirt/qemu.conf
so import-to-ovirt.pl,
but now my VMs with Spice console complain:
libvirtError: internal error: process exited while connecting to
monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
Could not use private key file
What is the proper way to sync up the key after restarting libvirtd?
I even tried rebooting host and restart ovirt-engine and ovirt-engine
setup, didn't help.
Work around is just use VNC consoles. But I'd like to get spice working
again.
centos 7.2
libvirt-client-1.2.17-13.el7_2.2.x86_64
ovirt-engine-3.6.2.6-1.el7.centos.noarch
Cloud Services for Business www.j2.com
j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
This email, its contents and attachments contain information from j2 Global, Inc. and/or
its affiliates which may be privileged, confidential or otherwise protected from
disclosure. The information is intended to be for the addressee(s) only. If you are not an
addressee, any disclosure, copy, distribution, or use of the contents of this message is
prohibited. If you have received this email in error please notify the sender by reply
e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights
reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered
trademarks of j2 Global, Inc. and its affiliates.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
9:09 p.m.
thanks for the reply.
I tried reinstall of one host. Didn't help.
Also tried removing the host and reinstalling it. Didn't help.
Looks like server cert & key were regenerated, but not ca-cert.pem.
[root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 2016|tail
total 84
-rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
-rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem
-r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
[root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
spice_tls=1
spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
## end of configuration section by vdsm-4.17.0
Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
Didn't help.
Changed console back to VNC and it starts up fine.
Seems strange that I could mess up the spice keys just by restarting
libvirtd. (service libvirtd restart)
On 03/07/2016 06:15 AM, David Jaša wrote:
Hi,
it looks like you messed up private key location and/or contents. If you
"Reinstall" the host in ovirt engine, the keys/certs should get
regenerated.
David
On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
> I needed to bounce libvirtd after changing a config in libvirt/qemu.conf
> so import-to-ovirt.pl,
> but now my VMs with Spice console complain:
>
> libvirtError: internal error: process exited while connecting to
> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
> Could not use private key file
>
> What is the proper way to sync up the key after restarting libvirtd?
> I even tried rebooting host and restart ovirt-engine and ovirt-engine
> setup, didn't help.
>
> Work around is just use VNC consoles. But I'd like to get spice working
> again.
>
> centos 7.2
> libvirt-client-1.2.17-13.el7_2.2.x86_64
> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>
>
>
> Cloud Services for Business www.j2.com
> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>
>
> This email, its contents and attachments contain information from j2 Global, Inc.
and/or its affiliates which may be privileged, confidential or otherwise protected from
disclosure. The information is intended to be for the addressee(s) only. If you are not an
addressee, any disclosure, copy, distribution, or use of the contents of this message is
prohibited. If you have received this email in error please notify the sender by reply
e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights
reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered
trademarks of j2 Global, Inc. and its affiliates.
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
8:11 p.m.
any suggestions on how to get ovirt and spice console keys to work
correctly?
On 03/07/2016 10:09 AM, Bill James wrote:
thanks for the reply.
I tried reinstall of one host. Didn't help.
Also tried removing the host and reinstalling it. Didn't help.
Looks like server cert & key were regenerated, but not ca-cert.pem.
[root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v
2016|tail
total 84
-rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
-rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem
-r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
[root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
spice_tls=1
spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
## end of configuration section by vdsm-4.17.0
Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
Didn't help.
Changed console back to VNC and it starts up fine.
Seems strange that I could mess up the spice keys just by restarting
libvirtd. (service libvirtd restart)
On 03/07/2016 06:15 AM, David Jaša wrote:
> Hi,
>
> it looks like you messed up private key location and/or contents. If you
> "Reinstall" the host in ovirt engine, the keys/certs should get
> regenerated.
>
> David
>
> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>> I needed to bounce libvirtd after changing a config in
>> libvirt/qemu.conf
>> so import-to-ovirt.pl,
>> but now my VMs with Spice console complain:
>>
>> libvirtError: internal error: process exited while connecting to
>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>> Could not use private key file
>>
>> What is the proper way to sync up the key after restarting libvirtd?
>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>> setup, didn't help.
>>
>> Work around is just use VNC consoles. But I'd like to get spice working
>> again.
>>
>> centos 7.2
>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>
>>
>>
>> Cloud Services for Business www.j2.com
>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>
8:43 p.m.
The only problem with spice certs in oVirt I remember over the last 5
years concerns certificate encoding - which bit only users who used
non-ascii characters in Organization. The bugs (private RHEV
unfortunately) should be fixed for quite some time - and the fix
involved certificate regeneration. You can see it in recent versions of
engine setup...
Otherwise, it was really transparent process. Try removing
the /etc/pki/vdsm/libvirt-spice directory, reinstalling package that
owns it (yum reinstall vdsm) and reinstalling host in RHEV. You should
get 100 % fresh certs by this time.
BTW when I was meddling with libvirt settings on oVirt host last time,
vdsm complained and refused to work. Doesn't it say something
interesting about it?
David
On Út, 2016-03-08 at 09:11 -0800, Bill James wrote:
any suggestions on how to get ovirt and spice console keys to work
correctly?
On 03/07/2016 10:09 AM, Bill James wrote:
> thanks for the reply.
> I tried reinstall of one host. Didn't help.
> Also tried removing the host and reinstalling it. Didn't help.
>
> Looks like server cert & key were regenerated, but not ca-cert.pem.
>
>
> [root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v
> 2016|tail
> total 84
> -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
> -rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem
> -r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
>
> [root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
> spice_tls=1
> spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
> ## end of configuration section by vdsm-4.17.0
>
> Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
> Didn't help.
>
> Changed console back to VNC and it starts up fine.
>
>
> Seems strange that I could mess up the spice keys just by restarting
> libvirtd. (service libvirtd restart)
>
>
>
> On 03/07/2016 06:15 AM, David Jaša wrote:
>> Hi,
>>
>> it looks like you messed up private key location and/or contents. If you
>> "Reinstall" the host in ovirt engine, the keys/certs should get
>> regenerated.
>>
>> David
>>
>> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>>> I needed to bounce libvirtd after changing a config in
>>> libvirt/qemu.conf
>>> so import-to-ovirt.pl,
>>> but now my VMs with Spice console complain:
>>>
>>> libvirtError: internal error: process exited while connecting to
>>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>>> Could not use private key file
>>>
>>> What is the proper way to sync up the key after restarting libvirtd?
>>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>>> setup, didn't help.
>>>
>>> Work around is just use VNC consoles. But I'd like to get spice working
>>> again.
>>>
>>> centos 7.2
>>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>>
>>>
>>>
>>> Cloud Services for Business www.j2.com
>>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
9:27 p.m.
doesn't look too interesting to me, but maybe I'm missing something.
periodic/0::WARNING::2016-03-08
10:16:10,290::periodic::258::virt.periodic.VmDispatcher::(__call__)
could not run <class 'virt.periodic.DriveWatermarkMonitor'> on
[u'e180a49c-8afc-4612-806b-f39d14b77389']
Thread-87::ERROR::2016-03-08
10:16:10,775::vm::758::virt.vm::(_startUnderlyingVm)
vmId=`e180a49c-8afc-4612-806b-f39d14b77389`::The vm start process failed
Traceback (most recent call last):
File "/usr/share/vdsm/virt/vm.py", line 702, in _startUnderlyingVm
self._run()
File "/usr/share/vdsm/virt/vm.py", line 1930, in _run
self._connection.createXML(domxml, flags),
File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py",
line 124, in wrapper
ret = f(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3611, in
createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed',
conn=self)
libvirtError: internal error: process exited while connecting to
monitor: ((null):6890): Spice-Warning **: reds.c:3311:reds_init_ssl:
Could not use private key file
2016-03-08T18:16:10.556407Z qemu-kvm: failed to initialize spice server
Larger log entry attached.
ALso tried removing /etc/pki/vdsm/libvirt-spice & reinstalling vdsm,
then "reinstalling" host in ovirt.
Same issue.
On 03/08/2016 09:43 AM, David Jaša wrote:
The only problem with spice certs in oVirt I remember over the last
5
years concerns certificate encoding - which bit only users who used
non-ascii characters in Organization. The bugs (private RHEV
unfortunately) should be fixed for quite some time - and the fix
involved certificate regeneration. You can see it in recent versions of
engine setup...
Otherwise, it was really transparent process. Try removing
the /etc/pki/vdsm/libvirt-spice directory, reinstalling package that
owns it (yum reinstall vdsm) and reinstalling host in RHEV. You should
get 100 % fresh certs by this time.
BTW when I was meddling with libvirt settings on oVirt host last time,
vdsm complained and refused to work. Doesn't it say something
interesting about it?
David
On Út, 2016-03-08 at 09:11 -0800, Bill James wrote:
> any suggestions on how to get ovirt and spice console keys to work
> correctly?
>
>
> On 03/07/2016 10:09 AM, Bill James wrote:
>> thanks for the reply.
>> I tried reinstall of one host. Didn't help.
>> Also tried removing the host and reinstalling it. Didn't help.
>>
>> Looks like server cert & key were regenerated, but not ca-cert.pem.
>>
>>
>> [root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v
>> 2016|tail
>> total 84
>> -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
>> -rw-r--r-- 1 root kvm 1570 Mar 7 09:44 server-cert.pem
>> -r--r----- 1 vdsm kvm 1675 Mar 7 09:44 server-key.pem
>>
>> [root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
>> spice_tls=1
>> spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
>> ## end of configuration section by vdsm-4.17.0
>>
>> Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
>> Didn't help.
>>
>> Changed console back to VNC and it starts up fine.
>>
>>
>> Seems strange that I could mess up the spice keys just by restarting
>> libvirtd. (service libvirtd restart)
>>
>>
>>
>> On 03/07/2016 06:15 AM, David Jaša wrote:
>>> Hi,
>>>
>>> it looks like you messed up private key location and/or contents. If you
>>> "Reinstall" the host in ovirt engine, the keys/certs should get
>>> regenerated.
>>>
>>> David
>>>
>>> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>>>> I needed to bounce libvirtd after changing a config in
>>>> libvirt/qemu.conf
>>>> so import-to-ovirt.pl,
>>>> but now my VMs with Spice console complain:
>>>>
>>>> libvirtError: internal error: process exited while connecting to
>>>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>>>> Could not use private key file
>>>>
>>>> What is the proper way to sync up the key after restarting libvirtd?
>>>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>>>> setup, didn't help.
>>>>
>>>> Work around is just use VNC consoles. But I'd like to get spice
working
>>>> again.
>>>>
>>>> centos 7.2
>>>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>>>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>>>
>>>>
>>>>
>>>> Cloud Services for Business www.j2.com
>>>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
3181
days inactive
3185
days old
5 comments
2 participants
participants (2)
-
Bill James -
David Jaša