[Users] Live Migration failed oVirt 3.3 Nightly

[Dan Kenigsberg]

On Sun, Sep 15, 2013 at 08:44:18PM +1000, Andrew Lau wrote:
> On Sun, Sep 15, 2013 at 8:00 PM, Dan Kenigsberg <danken at redhat.com> wrote:
> 
> > On Sun, Sep 15, 2013 at 06:48:41PM +1000, Andrew Lau wrote:
> > > Hi Dan,
> > >
> > > Certainly, I've uploaded them to fedora's paste bin and tried to snip
> > just
> > > the relevant details.
> > >
> > > Sender (hv01.melb.domain.net):
> > > http://paste.fedoraproject.org/39660/92339651/
> >
> > This one has
> >
> >     libvirtError: operation failed: Failed to connect to remote libvirt
> > URI qemu+tls://hv02.melb.domain.net/system
> >
> > which is most often related to firewall issues, and some time to key
> > mismatch.
> >
> > Does
> >     virsh -c qemu+tls://hv02.melb.domain.net/system capabilities
> > work when run from the command line of hv01?
> >
> > Dan.
> > > Receiver (hv02.melb.domain.net): `
> > > http://paste.fedoraproject.org/39661/23406913/
> > >
> > > VM being transfered is ovirt_guest_vm
> > >
> > > Thanks,
> > > Andrew
> >
> 
> virsh -c qemu+tls://hv02.melb.domain.net/system
> 2013-09-15 10:41:10.620+0000: 23994: info : libvirt version: 0.10.2,
> package: 18.el6_4.9 (CentOS BuildSystem <http://bugs.centos.org>,
> 2013-07-02-11:19:29, c6b8.bsys.dev.centos.org)
> 2013-09-15 10:41:10.620+0000: 23994: warning :
> virNetTLSContextCheckCertificate:1102 : Certificate check failed
> Certificate failed validation: The certificate hasn't got a known issuer.

Would you share your

    openssl x509 -in /etc/pki/vdsm/certs/cacert.pem -text
    openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -text

on both hosts? This content may be sensitive, and may not
provide an answer why libvirt on src cannot contact libvirtd on the
other host. So before you do that, would you test if

    vdsClient -s hv02.melb.domain.net getVdsCapabilities

works when run on hv01? It may be that the certificates are fine, but
libvirt is not configured to use the correct ones.

Dan.