[Users] migration & missing cert - 3.2 alpha

Jeff Bailey bailey at cs.kent.edu
Sat Dec 15 22:39:48 UTC 2012


On 12/15/2012 1:49 PM, Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Jeff Bailey" <bailey at cs.kent.edu>
>> To: users at ovirt.org
>> Sent: Saturday, December 15, 2012 6:28:20 PM
>> Subject: [Users] migration & missing cert - 3.2 alpha
>>
>> Hi,
>>
>> I have an F18 Beta + oVirt 3.2 alpha setup with two hosts.  When I
>> try
>> to migrate from one host to the other I get
>>
>> 2012-12-15 15:18:51.381+0000: 1541: error :
>> virNetTLSContextCheckCertFile:113 :
>> Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or
>> directory
>>
>> in libvirtd.log on the source host.  Is that actually where the cert
>> should be and I should try to track down why it's not there or should
>> it
>> be somewhere else?  If it should be somewhere else where would that
>> be
>> configured?  The default location for the client certificates seems
>> to
>> be /etc/pki/libvirt which doesn't exist so even with a cacert it
>> still
>> probably wouldn't work.  Could this be related to the missing spice
>> certificates (I manually made the symbolic links for those).
>>
>> Thanks,
>>     Jeff
> This is interesting...
>
> What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file?

In /etc/libvirt/libvirtd.conf on both hosts:

ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"

It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18 
updates-testing repository.  Maybe that's the problem.  I'll try to 
install a clean F18 beta with the updates-testing repo disabled.

> As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd.
>
> I would like to understand why the default libvirt setting are in effect.
>
> Regards,
> Alon




More information about the Users mailing list