[ovirt-users] libvirt failed to read spice key

Michal Skrivanek michal.skrivanek at redhat.com
Fri Apr 1 08:48:50 UTC 2016 

> On 26 Mar 2016, at 01:19, Bill James <bill.james at j2.com> wrote:
> 
> I'm very interested in this too as I have same problem with spice private keys.

can you please paste permissions and selinux status, security context of that qemu&libvirt process and the inaccessible key file(ps -Z, ls -lZ)?

I wonder if host redeploy would help..did you try to reinstall the host? It should go through the certificate enrollment again and shouldn’t mess with anything else.

Thanks,
michal

> 
> 
> 
> On 3/24/16 2:02 AM, Fabrice Bacchella wrote:
>> I' m running on a brand new Centos 7.2 an up to date ovirt 3.6.3.4.
>> 
>> The host is new too and dedicated to ovirt.
>> 
>> When I try to launch a vm, I get :
>> 
>> Thread-9407::ERROR::2016-03-24 09:16:18,301::vm::759::virt.vm::(_startUnderlyingVm) vmId=`a32e1043-a5a5-4e4c-8436-f7b7a4ff644c`::The vm start process failed
>> Traceback (most recent call last):
>>   File "/usr/share/vdsm/virt/vm.py", line 703, in _startUnderlyingVm
>>     self._run()
>>   File "/usr/share/vdsm/virt/vm.py", line 1941, in _run
>>     self._connection.createXML(domxml, flags),
>>   File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 124, in wrapper
>>     ret = f(*args, **kwargs)
>>   File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 1313, in wrapper
>>     return func(inst, *args, **kwargs)
>>   File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3611, in createXML
>>     if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
>> libvirtError: internal error: process exited while connecting to monitor: ((null):23672): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use private key file
>> 2016-03-24T08:16:18.005359Z qemu-kvm: failed to initialize spice server
>> 
>> 
>> /var/log/libvirt/qemu/test.log says
>> 
>> 2016-03-24 08:55:48.214+0000: starting up libvirt version: 1.2.17, package: 13.el7_2.3 (CentOS BuildSystem <http://bugs.centos.org>, 2016-02-16-17:06:00, worker1.bsys.centos.org), qemu version: 2.3.0 (qemu-kvm-ev-2.3.0-31.el7_2.7.1)
>> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name test -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu Haswell-noTSX -m size=2097152k,slots=16,maxmem=4294967296k -realtime mlock=off -smp 2,maxcpus=16,sockets=16,cores=1,threads=1 -numa node,nodeid=0,cpus=0-1,mem=2048 -uuid a32e1043-a5a5-4e4c-8436-f7b7a4ff644c -smbios type=1,manufacturer=oVirt,product=oVirt Node,version=7-2.1511.el7.centos.2.10,serial=30373237-3132-5A43-3235-343233333937,uuid=a32e1043-a5a5-4e4c-8436-f7b7a4ff644c -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-test/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2016-03-24T08:55:46,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot menu=on,strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4 -device virtio-serial-pci,
> id
>>  =virtio-serial0,max_ports=16,bus=pci.0,addr=0x5 -drive if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=/rhev/data-center/00000001-0001-0001-0001-00000000022a/85d19e93-ee08-41bb-94c9-56adf17287b4/images/da6f49dd-8662-418b-a859-3523b4360c0e/930bbe74-7470-4b22-b096-fdb03276262d,if=none,id=drive-scsi0-0-0-0,format=raw,serial=da6f49dd-8662-418b-a859-3523b4360c0e,cache=none,werror=stop,rerror=stop,aio=native,iops=300 -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 -netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:16:01:51,bus=pci.0,addr=0x3,bootindex=2 -chardev socket,id=charserial0,path=/var/run/ovirt-vmconsole-console/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.sock,server,nowait -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,path=/var/lib/libvirt/q
> emu
>>  /channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.com.redhat.rhevm.vdsm,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.org.qemu.guest_agent.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel2,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 -spice port=5900,tls-port=5901,addr=0,x509-dir=/etc/pki/vdsm/libvirt-spice,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=8388608,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on
>> ((null):29166): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use private key file
>> 2016-03-24T08:55:48.329252Z qemu-kvm: failed to initialize spice server
>> 2016-03-24 08:55:48.479+0000: shutting down
>> 
>> and indeed, when I try to strace libvirt :
>>  open("/etc/pki/vdsm/libvirt-spice/server-key.pem", O_RDONLY) = -1 EACCES (Permission denied)
>> 
>> chmod a+r /etc/pki/vdsm/libvirt-spice/server-key.pem solved the problem, but it's obviously not a solution.
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
>

More information about the Users mailing list