Hey Daniel, Sorry, I should have mentioned that. Yes, I did setup the x509/TLS certificates based on the instructions provided by the libvirt documentation. The setup with the certificates work flawlessly with 0.4.6. Here is a successful run of the virsh command using libvirt 0.4.6 with the certificates:
# LIBVIRT_DEBUG=6 virsh -d 5 -c xen://node3/ list command: "list " DEBUG: libvirt.c: virInitialize (register drivers) DEBUG: xen_internal.c: xenHypervisorInit (Using new hypervisor call: 30003 ) DEBUG: xen_internal.c: xenHypervisorInit (Using hypervisor call v2, sys ver6 dom ver5 ) DEBUG: libvirt.c: virConnectOpenAuth (name=xen://node3/, auth=0x675b9c, flags=0) DEBUG: libvirt.c: do_open (name "xen://node3/" to URI components: scheme xen opaque (null) authority (null) server node3 user (null) port 0 path / ) DEBUG: libvirt.c: do_open (trying driver 0 (Test) ...) DEBUG: libvirt.c: do_open (driver 0 Test returned DECLINED) DEBUG: libvirt.c: do_open (trying driver 1 (QEMU) ...) DEBUG: libvirt.c: do_open (driver 1 QEMU returned DECLINED) DEBUG: libvirt.c: do_open (trying driver 2 (Xen) ...) DEBUG: libvirt.c: do_open (driver 2 Xen returned DECLINED) DEBUG: libvirt.c: do_open (trying driver 3 (remote) ...) DEBUG: remote_internal.c: doRemoteOpen (proceeding with name = xen:///) DEBUG: remote_internal.c: initialise_gnutls (loading CA file /etc/pki/CA/cacert.pem) DEBUG: remote_internal.c: initialise_gnutls (loading client cert and key from files /etc/pki/libvirt/clientcert.pem and /etc/pki/libvirt/private/clientkey.pem) DEBUG: libvirt.c: do_open (driver 3 remote returned SUCCESS) DEBUG: libvirt.c: do_open (network driver 0 Test returned DECLINED) DEBUG: libvirt.c: do_open (network driver 1 QEMU returned DECLINED) DEBUG: libvirt.c: do_open (network driver 2 remote returned SUCCESS) DEBUG: libvirt.c: do_open (storage driver 0 Test returned DECLINED) DEBUG: libvirt.c: do_open (storage driver 1 storage returned DECLINED) DEBUG: libvirt.c: do_open (storage driver 2 remote returned SUCCESS) DEBUG: libvirt.c: virConnectNumOfDomains (conn=0x8e681f0) DEBUG: libvirt.c: virConnectListDomains (conn=0x8e681f0, ids=0x8e76f58, maxids=1) Id Name State ---------------------------------- DEBUG: libvirt.c: virDomainLookupByID (conn=0x8e681f0, id=0) DEBUG: hash.c: __virGetDomain (New hash entry 0x8e8e330) DEBUG: libvirt.c: virDomainGetInfo (domain=0x8e8e330, info=0xbfce7cc4) DEBUG: libvirt.c: virDomainGetName (domain=0x8e8e330) DEBUG: libvirt.c: virDomainGetID (domain=0x8e8e330) 0 Domain-0 running DEBUG: libvirt.c: virDomainFree (domain=0x8e8e330) DEBUG: hash.c: virUnrefDomain (unref domain 0x8e8e330 Domain-0 1) DEBUG: hash.c: virReleaseDomain (release domain 0x8e8e330 Domain-0) DEBUG: hash.c: virReleaseDomain (unref connection 0x8e681f0 xen://node3/ 2) DEBUG: libvirt.c: virConnectClose (conn=0x8e681f0) DEBUG: hash.c: virUnrefConnect (unref connection 0x8e681f0 xen://node3/ 1) DEBUG: hash.c: virReleaseConnect (release connection 0x8e681f0 xen://node3/) Hany On Mon, Jun 8, 2009 at 12:34 PM, Daniel P. Berrange <berra...@redhat.com>wrote: > On Mon, Jun 08, 2009 at 12:20:12PM -0400, Hany Fahim wrote: > > Hey Daniel, > > Thanks for the reply. The strange thing is, libvirt isn't even attempting > to > > establish a connection with the remote server. I've performed tcpdumps to > > verify this; no traffic is exchanged between the two hosts when executing > > the virsh command. If I switch back to a version of libvirt below 0.5.0 > such > > as 0.4.6, it works like a charm. > > Have you configured the neccessary x509/TLS certificates on the client side > ? > > Daniel > -- > |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/:| > |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org:| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 > :| >
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list