[Users] Spice issues with latest vdsm (was Re: Cannot find suitable CPU model for given data)

Alon Bar-Lev alonbl at redhat.com
Thu Dec 13 00:07:51 UTC 2012 


----- Original Message -----
> From: "Cristian Falcas" <cristi.falcas at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "Roy Golan" <rgolan at redhat.com>, users at ovirt.org, "Juan Antonio Hernandez Fernandez" <jhernand at redhat.com>,
> "David Jaša" <djasa at redhat.com>, "Itamar Heim" <iheim at redhat.com>
> Sent: Thursday, December 13, 2012 2:01:22 AM
> Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot find suitable CPU model for given data)
> 
> 
> 
> 
> 
> 
> On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev < alonbl at redhat.com >
> wrote:
> 
> 
> 
> 
> 
> ----- Original Message -----
> > From: "Cristian Falcas" < cristi.falcas at gmail.com >
> > To: "Itamar Heim" < iheim at redhat.com >
> > Cc: "Roy Golan" < rgolan at redhat.com >, users at ovirt.org , "Alon
> > Bar-Lev" < alonbl at redhat.com >, "Juan Antonio Hernandez
> > Fernandez" < jhernand at redhat.com >, "David Jaša" < djasa at redhat.com
> > >
> > Sent: Wednesday, December 12, 2012 11:21:32 PM
> > Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot
> > find suitable CPU model for given data)
> > 
> > 
> > 
> > 
> > 
> > 
> > On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < iheim at redhat.com >
> > wrote:
> > 
> > 
> > On 12/12/2012 10:39 PM, Cristian Falcas wrote:
> > 
> > 
> > Hi,
> > 
> > i don't know if I should start a new thread for the spice problems.
> > Here
> > goes some improvements:
> > 
> > I created the certificates like per https://gist.github.com/
> > 1655511
> > . i
> > copied the public one to my home:
> > cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem
> > ~cristi/.spice/spice_ truststore.pem
> > 
> > I had the same problem as in
> > https://bugzilla.redhat.com/ show_bug.cgi?id=880182 . For this I
> 
> > needed
> > to downgrade libcacard twice (until I had the same version as in
> > the
> > bug)
> > 
> > Now spice works with virt-manager.
> > 
> > Can someone tell me where do I need to copy the certificate on
> > ovirt
> > in
> > order to make spice working over there also?
> > 
> > with which version of boostrap on the engine did you add this host.
> > 
> > 
> > vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch
> > 
> > And otopi packages installed:
> > 
> > otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch
> > otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch
> > 
> > 
> 
> Any reason to perform certificate enrollment manually?
> 
> Alon
> 
> 
> It's still not working with the handmade certificates.
> 
> I tried to create them because of those errors:
> 
> libvirt log:
> 
> ((null):9248): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not
> load certificates from /etc/pki/vdsm/libvirt-spice/
> server-cert.pem
> ((null):9248): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not
> use private key file
> ((null):9248): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not
> use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem
> 
> [root at localhost Ovirt]# ls -la
> /etc/pki/vdsm/libvirt-spice/server-cert.pem
> ls: cannot access /etc/pki/vdsm/libvirt-spice/server-cert.pem: No
> such file or directory
> [root at localhost Ovirt]# ls -la
> /etc/pki/vdsm/libvirt-spice/ca-cert.pem
> ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: No such
> file or directory
> 
> 
> Spice log:
> 
> 1355334879 INFO [8950:8950] Application::main: starting 0.12.0
> 1355334879 INFO [8950:8950] Application::main: command line: spicec
> --controller
> 1355334879 INFO [8950:8950] init_key_map: using evdev mapping
> 1355334879 INFO [8950:8950] MultyMonScreen::MultyMonScreen:
> platform_win: 77594625
> 1355334879 INFO [8950:8950] GUI::GUI:
> 1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: Creating a
> foreign menu connection /tmp/SpiceForeignMenu-8950.uds
> 1355334879 INFO [8950:8950] Controller::Controller: Creating a
> controller connection /tmp/spicec-9GS5mA/spice-xpi
> 1355334882 INFO [8950:8952] RedPeer::connect_secure: Connected to
> cristifalcas.no-ip.org 5902
> 1355334882 ERROR [8950:8952] RedPeer::connect_secure: failed to
> connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)
> 1355334882 WARN [8950:8952] RedChannel::run: SSL Error:
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
> failure
> 1355334882 INFO [8950:8950] main: Spice client terminated (exitcode =
> 7)
> 
> 
> 
> 
> I've done this without an improvment:
> 
> [root at localhost Ovirt]# /lib/systemd/systemd-vdsmd reconfigure
> Configuring libvirt for vdsm...
> [root at localhost Ovirt]# systemctl restart libvirtd.service
> vdsmd.service
> 

Why don't you deply the host again? It should create the certificate correctly.

But before you can do this, you must remove whatever certificates you put including symlinks at /etc/pki /etc/libvirt as libvirt will not start if there are invalid certificates.

Alon.

More information about the Users mailing list