[ovirt-users] regenerate libvirt-spice keys after libvirtd restart?

Bill James bill.james at j2.com
Mon Mar 7 18:09:30 UTC 2016


thanks for the reply.
I tried reinstall of one host. Didn't help.
Also tried removing the host and reinstalling it. Didn't help.

Looks like server cert & key were regenerated, but not ca-cert.pem.


[root at ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 2016|tail
total 84
-rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
-rw-r--r-- 1 root kvm 1570 Mar  7 09:44 server-cert.pem
-r--r----- 1 vdsm kvm 1675 Mar  7 09:44 server-key.pem

[root at ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
spice_tls=1
spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
## end of configuration section by vdsm-4.17.0

Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
Didn't help.

Changed console back to VNC and it starts up fine.


Seems strange that I could mess up the spice keys just by restarting 
libvirtd. (service libvirtd restart)



On 03/07/2016 06:15 AM, David Jaša wrote:
> Hi,
>
> it looks like you messed up private key location and/or contents. If you
> "Reinstall" the host in ovirt engine, the keys/certs should get
> regenerated.
>
> David
>
> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>> I needed to bounce libvirtd after changing a config in libvirt/qemu.conf
>> so import-to-ovirt.pl,
>> but now my VMs with Spice console complain:
>>
>> libvirtError: internal error: process exited while connecting to
>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>> Could not use private key file
>>
>> What is the proper way to sync up the key after restarting libvirtd?
>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>> setup, didn't help.
>>
>> Work around is just use VNC consoles. But I'd like to get spice working
>> again.
>>
>> centos 7.2
>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>
>>
>>
>> Cloud Services for Business www.j2.com
>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>
>>
>> This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>




More information about the Users mailing list