[Users] RHEV-m hosts with certs configured

navin p navinp1281 at gmail.com
Fri Aug 16 08:14:26 UTC 2013


Hi,
   I have couple of RHEV hosts (ovpxen,RHV2, RHV10 etc)  and i'm trying to
connect from one of the client machine (C1). All the RHEV host have libvirt
modified by vdsm. It looks like the below


## beginning of configuration section by vdsm-4.10.2
listen_addr="0.0.0.0"
unix_sock_group="kvm"
unix_sock_rw_perms="0770"
auth_unix_rw="sasl"
host_uuid="036118ab-705f-4aeb-9a13-013dc8af6b41"
keepalive_interval=-1
log_outputs="1:file:/var/log/libvirtd.log"
log_filters="3:virobject 3:virfile 2:virnetlink 3:cgroup 3:event 3:json
1:libvirt 1:util 1:qemu"
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
## end of configuration section by vdsm-4.10.2




# ls
bkp-2013-08-16_110734_cacert.pem    cacert.pem         vdsmcert.pem
bkp-2013-08-16_110734_vdsmcert.pem  engine_web_ca.pem
[root at ovpxen certs]# pwd
/etc/pki/vdsm/certs
[root at ovpxen certs]# certtool -i --infile engine_web_ca.pem  | head
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 09
        Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431
        Validity:
                Not Before: Wed Jan 23 13:24:14 UTC 2013
                Not After: Sun Jan 22 07:54:14 UTC 2023
        Subject: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431
        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):

certtool -i --infile cacert.pem | head
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 09
        Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431
        Validity:
                Not Before: Wed Jan 23 13:24:14 UTC 2013
                Not After: Sun Jan 22 07:54:14 UTC 2023
        Subject: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431
        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):
[root at ovpxen certs]# certtool -i --infile vdsmcert.pem | head
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 0c
        Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431
        Validity:
                Not Before: Thu Aug 15 11:09:22 UTC 2013
                Not After: Wed Aug 15 05:39:22 UTC 2018
        Subject: O=HP,CN=16.184.46.53
        Subject Public Key Algorithm: RSA
                Modulus (bits 2048):


Now from the client C1 which cert should i place in /etc/pki/CA/cacert.pem
so that i can access from the client using the URI
qemu+tls://ovpxen.ind.hp.com/system.  Please note the host
IWFVM00772.hpswlabs.adapps.hp.com is ovirt managed host. It is not the
client.


My problem here is i can't change the hypervisor hosts as there are too
many of them and it is configured by vdsm . What certs should i take from
host so that i can use it in the client so that i can connect to multiple
hosts from the client using virsh or virt-manager . I need tls as remote
protocol as i'm trying to automate commands.

Regards,
Navin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130816/23491817/attachment-0001.html>


More information about the Users mailing list