[ovirt-users] regenerate libvirt-spice keys after libvirtd restart?

Bill James bill.james at j2.com
Tue Mar 8 17:11:45 UTC 2016


any suggestions on how to get ovirt and spice console keys to work 
correctly?


On 03/07/2016 10:09 AM, Bill James wrote:
> thanks for the reply.
> I tried reinstall of one host. Didn't help.
> Also tried removing the host and reinstalling it. Didn't help.
>
> Looks like server cert & key were regenerated, but not ca-cert.pem.
>
>
> [root at ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 
> 2016|tail
> total 84
> -rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
> -rw-r--r-- 1 root kvm 1570 Mar  7 09:44 server-cert.pem
> -r--r----- 1 vdsm kvm 1675 Mar  7 09:44 server-key.pem
>
> [root at ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
> spice_tls=1
> spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
> ## end of configuration section by vdsm-4.17.0
>
> Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
> Didn't help.
>
> Changed console back to VNC and it starts up fine.
>
>
> Seems strange that I could mess up the spice keys just by restarting 
> libvirtd. (service libvirtd restart)
>
>
>
> On 03/07/2016 06:15 AM, David Jaša wrote:
>> Hi,
>>
>> it looks like you messed up private key location and/or contents. If you
>> "Reinstall" the host in ovirt engine, the keys/certs should get
>> regenerated.
>>
>> David
>>
>> On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:
>>> I needed to bounce libvirtd after changing a config in 
>>> libvirt/qemu.conf
>>> so import-to-ovirt.pl,
>>> but now my VMs with Spice console complain:
>>>
>>> libvirtError: internal error: process exited while connecting to
>>> monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
>>> Could not use private key file
>>>
>>> What is the proper way to sync up the key after restarting libvirtd?
>>> I even tried rebooting host and restart ovirt-engine and ovirt-engine
>>> setup, didn't help.
>>>
>>> Work around is just use VNC consoles. But I'd like to get spice working
>>> again.
>>>
>>> centos 7.2
>>> libvirt-client-1.2.17-13.el7_2.2.x86_64
>>> ovirt-engine-3.6.2.6-1.el7.centos.noarch
>>>
>>>
>>>
>>> Cloud Services for Business www.j2.com
>>> j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
>>>
>




More information about the Users mailing list