[Users] Cannot connect to guest with spice console; SSL validate error

Jacob Wyatt jwyatt at ggc.edu
Tue Aug 7 14:14:37 UTC 2012


I don't know if this is the same issue but for some reason my CA cert for spice was a blank file.  I copied another one from the vdsm directory (mostly guessing) and it worked.

cp /etc/pki/vdsm/certs/cacert.pem  /etc/pki/vdsm/libvirt-spice/ca-cert.pem

________________________________________
From: users-bounces at ovirt.org [users-bounces at ovirt.org] on behalf of Karli Sjöberg [Karli.Sjoberg at slu.se]
Sent: Tuesday, August 07, 2012 10:10 AM
To: users at oVirt.org
Subject: [Users] Cannot connect to guest with spice console;    SSL validate error

Hi,

I seems very difficult to get this working. I have a Fedora 17 client, installed spice-xpi and tried to access console from User Portal but console never shows up. engine.log prints:
2012-08-07 15:56:18,738 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--0.0.0.0-8009-13) [2a8bc3f4] Running command: SetVmTicketCommand internal: false. Entities affected :  ID: 2ad22641-7aeb-4d1b-999e-2c0563376641 Type: VM
2012-08-07 15:56:18,771 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--0.0.0.0-8009-13) [2a8bc3f4] START, SetVmTicketVDSCommand(vdsId = acfc94c0-d7e1-11e1-b35e-b38016c320bb, vmId=2ad22641-7aeb-4d1b-999e-2c0563376641, ticket=NvbcLbRR/7Vx, validTime=120,m userName=karli, userId=de526322-d046-4a06-911e-546e7159556e), log id: 3d61fa94
2012-08-07 15:56:18,816 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--0.0.0.0-8009-13) [2a8bc3f4] FINISH, SetVmTicketVDSCommand, log id: 3d61fa94

>From the F17 client with "ovirt-shell" installed from ovirt-3.1 repo:
$ console milli
(window briefly flashes and disappeares again)
warning: could not fetch host certificate info cause used backend/sdk does not support it.
warning: host identity will not be validated.

And have also used "spicec" directly from F17 client:
# spicec -h cirrus2-1.slu.se -p 5900 -s 5901 -w v36BkUumraDG (The first ticket had by this time expired, so this is a new one)
(flashes)
Error: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)
140059992839392:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1063:
Warning: SSL Error:
# spicec -h cirrus2-1.slu.se -p 5900 -w v36BkUumraDG
(flashes)
Warning: connect error 5 - need secured connection

# rpm -qa | egrep '(ovirt|vdsm)'
ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch
vdsm-cli-4.10.0-5.fc17.noarch
ovirt-engine-config-3.1.0-1.fc17.noarch
ovirt-engine-userportal-3.1.0-1.fc17.noarch
vdsm-4.10.0-5.fc17.x86_64
ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch
ovirt-engine-sdk-3.1.0.4-1.fc17.noarch
ovirt-engine-restapi-3.1.0-1.fc17.noarch
ovirt-engine-backend-3.1.0-1.fc17.noarch
ovirt-engine-3.1.0-1.fc17.noarch
ovirt-engine-webadmin-portal-3.1.0-1.fc17.noarch
ovirt-engine-notification-service-3.1.0-1.fc17.noarch
ovirt-engine-dbscripts-3.1.0-1.fc17.noarch
vdsm-python-4.10.0-5.fc17.x86_64
ovirt-engine-genericapi-3.1.0-1.fc17.noarch
ovirt-engine-tools-common-3.1.0-1.fc17.noarch
ovirt-engine-cli-3.1.0.6-1.fc17.noarch
vdsm-xmlrpc-4.10.0-5.fc17.noarch
vdsm-bootstrap-4.10.0-5.fc17.noarch
ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch
ovirt-engine-setup-3.1.0-1.fc17.noarch


The engine is installed with SSL as enabled by default, the hosts too. VDSM and libvirt are all active and validate fine towards the engine; have status "UP" and so on, but can't get SPICE console working. VNC works of course, but SPICE would be much cooler:) How do I get console working with SPICE?

Best Regards
Karli Sjöberg
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users





More information about the Users mailing list