[ovirt-users] ovirt 3.6 and self hosted engine: clarification on datacenter input

Gianluca Cecchi gianluca.cecchi at gmail.com
Wed Oct 28 16:00:37 UTC 2015 

On Wed, Oct 28, 2015 at 4:10 PM, Simone Tiraboschi <stirabos at redhat.com>
wrote:

>
>
> It's not a regression cause the hosted-engine storage domain wasn't
> neither visible in 3.5.
> Once again, also if you see it in the engine you cannot use it for
> anything apart from the engine VM itself, you still have to add another
> storage domain for regular VMs.
>
>

understood. But I'm also not able to connect to the sh engine VM itself via
spice, so in case of problems with the engine, you are not able to connect
to it via web admin (that is ok), but I don't see any way to understand its
state to be able to debug/resolve problems...

Are there any command line commands to run to see status of sh engine VM?

Joop, are you able to access your sh engine console? Is it vnc or spice?

under hypervisor in

/etc/pki/vdsm/certs/

[root at ovc71 certs]# ll
total 16
-rw-r--r--. 1 root kvm 1415 Oct 26 16:17 cacert.pem
-rw-------. 1 vdsm kvm 1131 Oct 26 14:43 cacert.pem.20151026161748
-rw-r--r--. 1 root kvm 1623 Oct 26 16:17 vdsmcert.pem
-rw-------. 1 vdsm kvm 1249 Oct 26 14:43 vdsmcert.pem.20151026161748


During install I was able to connect via
remote-viewer --spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem
spice://localhost?tls-port=5900 --spice-host-subject="C=EN, L=Test, O=Test,
CN=Test"

using the fie that was then renamed in ca-cert.pem.20151026161748:
[root at ovc71 certs]#  openssl x509 -in
/etc/pki/vdsm/libvirt-spice/ca-cert.pem.20151026161748 -noout -text  | grep
Subject
        Subject: C=EN, L=Test, O=Test, CN=TestCA
        Subject Public Key Info:
            X509v3 Subject Key Identifier:

But I'm not able to connect based on the current certificate:
[root at ovc71 certs]#  openssl x509 -in
/etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -text  | grep Subject
        Subject: C=US, O=localdomain.local,
CN=shengine.localdomain.local.37976
        Subject Public Key Info:
            X509v3 Subject Key Identifier:



[root at ovc71 certs]# hosted-engine --add-console-password
Enter password:
code = 0
message = 'Done'



Also from hypervisor itself:

[root at ovc71 ~]# remote-viewer
--spice-ca-file=/etc/pki/vdsm/libvirt-spice/ca-cert.pem
spice://ovc71.localdomain.local?tls-port=5900 --spice-host-subject="C=US,
O=localdomain.local, CN=shengine.localdomain.local.37976"

** (remote-viewer:7992): WARNING **: Couldn't connect to accessibility bus:
Failed to connect to socket /tmp/dbus-QzfEVK7OiG: Connection refused
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will
not be saved or shared with other applications.
(/usr/bin/remote-viewer:7992): Spice-Warning **:
ssl_verify.c:492:openssl_verify: ssl: subject 'C=US, O=localdomain.local,
CN=shengine.localdomain.local.37976' verification failed
(/usr/bin/remote-viewer:7992): Spice-Warning **:
ssl_verify.c:494:openssl_verify: ssl: verification failed

(remote-viewer:7992): GSpice-WARNING **: main-1:0: SSL_connect:
error:00000001:lib(0):func(0):reason(1)


The error in remote-viewer windows:
Unable to connect to the graphic server
spice://ovc71.localdomain.local?tls-port=5900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151028/449b3f9d/attachment-0001.html>

More information about the Users mailing list