[Users] Ovirt Node - tls VM Migration Fails
Doron Fediuck
dfediuck at redhat.com
Thu Mar 29 15:50:58 UTC 2012
On 29/03/12 17:23, David Elliott wrote:
> Hi
>
> I'm ovirt node using the latest ovirt-node-iso-2.3.0-1.0.fc16.iso, and
> having a problem with live migration
>
> After fresh install of node
> /etc/libvirt/libvirtd.conf
> listen_tls = 0
> listen_tcp = 1
> # tcp and tls ports are defaults
> # tls_port = "16514"
> #tcp_port = "16509"
>
>
> [root at ovirt-h-6 ~]# netstat -ant |grep -E "16514|16509"
> tcp 0 0 0.0.0.0:16509 0.0.0.0:*
> LISTEN
>
> iptables is set to accept ALL
>
> When migration is attempted - it then tries and fails to use tls
>
> 2012-03-28 18:33:15.566+0000: 1622: error : doPeer2PeerMigrate:2129 :
> operation failed: Failed to connect to remote libvirt URI
> qemu+tls://192.168.192.230/system
>
> - manually configuring a registered/running node with listen_tls = 1,
> migration will then succeed
>
> - editing the live-cd and setting "listen_tls=1" , a fresh install then has
> some problems
> libvirtd fails to start on install due to a certificate error (which am
> guessing is installed as part of the node registration process with the
> engine)
> "Cannot read CA Certifcate /etc/pki/CA/cacert.pem"
>
> This also causes the setting of hostname/network details to fail during the
> automated installation; so this seems the wrong way to go
>
> I'm not sure if the problem here is live migration shouldn't be using tls;
> or that the node registration process should set "listen_tls=1" l; but isn't
>
> Any assistance appreciated
>
> Cheers,
> Dave
>
Let's just verify first what libvirt is saying.
Can you please post the output of:
ls -l /etc/pki/CA/
Also, AFAIR, it should be using
/etc/pki/vdsm/certs/cacert.pem
Can you take a look in the relevant config files (vdsm mostly)
and see how it's defined? Did you happen to manually change it?
More information about the Users
mailing list