[Users] migration & missing cert - 3.2 alpha
Jeff Bailey
bailey at cs.kent.edu
Sat Dec 15 22:39:48 UTC 2012
On 12/15/2012 1:49 PM, Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Jeff Bailey" <bailey at cs.kent.edu>
>> To: users at ovirt.org
>> Sent: Saturday, December 15, 2012 6:28:20 PM
>> Subject: [Users] migration & missing cert - 3.2 alpha
>>
>> Hi,
>>
>> I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I
>> try
>> to migrate from one host to the other I get
>>
>> 2012-12-15 15:18:51.381+0000: 1541: error :
>> virNetTLSContextCheckCertFile:113 :
>> Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or
>> directory
>>
>> in libvirtd.log on the source host. Is that actually where the cert
>> should be and I should try to track down why it's not there or should
>> it
>> be somewhere else? If it should be somewhere else where would that
>> be
>> configured? The default location for the client certificates seems
>> to
>> be /etc/pki/libvirt which doesn't exist so even with a cacert it
>> still
>> probably wouldn't work. Could this be related to the missing spice
>> certificates (I manually made the symbolic links for those).
>>
>> Thanks,
>> Jeff
> This is interesting...
>
> What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file?
In /etc/libvirt/libvirtd.conf on both hosts:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18
updates-testing repository. Maybe that's the problem. I'll try to
install a clean F18 beta with the updates-testing repo disabled.
> As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd.
>
> I would like to understand why the default libvirt setting are in effect.
>
> Regards,
> Alon
More information about the Users
mailing list