----- Original Message ----- > From: "Cristian Falcas" <cristi.fal...@gmail.com> > To: "Alon Bar-Lev" <alo...@redhat.com> > Cc: "Roy Golan" <rgo...@redhat.com>, users@ovirt.org, "Juan Antonio Hernandez > Fernandez" <jhern...@redhat.com>, > "David Jaša" <dj...@redhat.com>, "Itamar Heim" <ih...@redhat.com> > Sent: Thursday, December 13, 2012 2:01:22 AM > Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot find > suitable CPU model for given data) > > > > > > > On Thu, Dec 13, 2012 at 12:13 AM, Alon Bar-Lev < alo...@redhat.com > > wrote: > > > > > > ----- Original Message ----- > > From: "Cristian Falcas" < cristi.fal...@gmail.com > > > To: "Itamar Heim" < ih...@redhat.com > > > Cc: "Roy Golan" < rgo...@redhat.com >, users@ovirt.org , "Alon > > Bar-Lev" < alo...@redhat.com >, "Juan Antonio Hernandez > > Fernandez" < jhern...@redhat.com >, "David Jaša" < dj...@redhat.com > > > > > Sent: Wednesday, December 12, 2012 11:21:32 PM > > Subject: Re: Spice issues with latest vdsm (was Re: [Users] Cannot > > find suitable CPU model for given data) > > > > > > > > > > > > > > On Wed, Dec 12, 2012 at 11:14 PM, Itamar Heim < ih...@redhat.com > > > wrote: > > > > > > On 12/12/2012 10:39 PM, Cristian Falcas wrote: > > > > > > Hi, > > > > i don't know if I should start a new thread for the spice problems. > > Here > > goes some improvements: > > > > I created the certificates like per https://gist.github.com/ > > 1655511 > > . i > > copied the public one to my home: > > cp /etc/pki/vdsm/libvirt-spice/ ca-cert.pem > > ~cristi/.spice/spice_ truststore.pem > > > > I had the same problem as in > > https://bugzilla.redhat.com/ show_bug.cgi?id=880182 . For this I > > > needed > > to downgrade libcacard twice (until I had the same version as in > > the > > bug) > > > > Now spice works with virt-manager. > > > > Can someone tell me where do I need to copy the certificate on > > ovirt > > in > > order to make spice working over there also? > > > > with which version of boostrap on the engine did you add this host. > > > > > > vdsm-bootstrap-4.10.3-0.3.git47b71e8.fc17.noarch > > > > And otopi packages installed: > > > > otopi-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > > otopi-java-0.0.0-0.5.master.20121211.git9052d0f.fc17.noarch > > > > > > Any reason to perform certificate enrollment manually? > > Alon > > > It's still not working with the handmade certificates. > > I tried to create them because of those errors: > > libvirt log: > > ((null):9248): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not > load certificates from /etc/pki/vdsm/libvirt-spice/ > server-cert.pem > ((null):9248): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not > use private key file > ((null):9248): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not > use CA file /etc/pki/vdsm/libvirt-spice/ca-cert.pem > > [root@localhost Ovirt]# ls -la > /etc/pki/vdsm/libvirt-spice/server-cert.pem > ls: cannot access /etc/pki/vdsm/libvirt-spice/server-cert.pem: No > such file or directory > [root@localhost Ovirt]# ls -la > /etc/pki/vdsm/libvirt-spice/ca-cert.pem > ls: cannot access /etc/pki/vdsm/libvirt-spice/ca-cert.pem: No such > file or directory > > > Spice log: > > 1355334879 INFO [8950:8950] Application::main: starting 0.12.0 > 1355334879 INFO [8950:8950] Application::main: command line: spicec > --controller > 1355334879 INFO [8950:8950] init_key_map: using evdev mapping > 1355334879 INFO [8950:8950] MultyMonScreen::MultyMonScreen: > platform_win: 77594625 > 1355334879 INFO [8950:8950] GUI::GUI: > 1355334879 INFO [8950:8950] ForeignMenu::ForeignMenu: Creating a > foreign menu connection /tmp/SpiceForeignMenu-8950.uds > 1355334879 INFO [8950:8950] Controller::Controller: Creating a > controller connection /tmp/spicec-9GS5mA/spice-xpi > 1355334882 INFO [8950:8952] RedPeer::connect_secure: Connected to > cristifalcas.no-ip.org 5902 > 1355334882 ERROR [8950:8952] RedPeer::connect_secure: failed to > connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1) > 1355334882 WARN [8950:8952] RedChannel::run: SSL Error: > error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure > 1355334882 INFO [8950:8950] main: Spice client terminated (exitcode = > 7) > > > > > I've done this without an improvment: > > [root@localhost Ovirt]# /lib/systemd/systemd-vdsmd reconfigure > Configuring libvirt for vdsm... > [root@localhost Ovirt]# systemctl restart libvirtd.service > vdsmd.service >
Why don't you deply the host again? It should create the certificate correctly. But before you can do this, you must remove whatever certificates you put including symlinks at /etc/pki /etc/libvirt as libvirt will not start if there are invalid certificates. Alon. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users