Re: [ovirt-users] regenerate libvirt-spice keys after libvirtd restart?

Tue, 08 Mar 2016 09:21:51 -0800

any suggestions on how to get ovirt and spice console keys to work correctly? 

On 03/07/2016 10:09 AM, Bill James wrote:

thanks for the reply.
I tried reinstall of one host. Didn't help.
Also tried removing the host and reinstalling it. Didn't help.

Looks like server cert & key were regenerated, but not ca-cert.pem.



[root@ovirt2 test ~]# ls -rtl /etc/pki/vdsm/libvirt-spice|grep -v 
2016|tail

total 84
-rw-r--r-- 1 root kvm 1379 Feb 19 17:09 ca-cert.pem
-rw-r--r-- 1 root kvm 1570 Mar  7 09:44 server-cert.pem
-r--r----- 1 vdsm kvm 1675 Mar  7 09:44 server-key.pem

[root@ovirt2 test ~]# tail -3 /etc/libvirt/qemu.conf
spice_tls=1
spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
## end of configuration section by vdsm-4.17.0

Chown'd all the files to vdsm:kvm just incase, and rebooted the host.
Didn't help.

Changed console back to VNC and it starts up fine.



Seems strange that I could mess up the spice keys just by restarting 
libvirtd. (service libvirtd restart)




On 03/07/2016 06:15 AM, David Jaša wrote:

Hi,

it looks like you messed up private key location and/or contents. If you
"Reinstall" the host in ovirt engine, the keys/certs should get
regenerated.

David

On Pá, 2016-03-04 at 10:16 -0800, Bill James wrote:

I needed to bounce libvirtd after changing a config in 
libvirt/qemu.conf

so import-to-ovirt.pl,
but now my VMs with Spice console complain:

libvirtError: internal error: process exited while connecting to
monitor: ((null):2791): Spice-Warning **: reds.c:3311:reds_init_ssl:
Could not use private key file

What is the proper way to sync up the key after restarting libvirtd?
I even tried rebooting host and restart ovirt-engine and ovirt-engine
setup, didn't help.

Work around is just use VNC consoles. But I'd like to get spice working
again.

centos 7.2
libvirt-client-1.2.17-13.el7_2.2.x86_64
ovirt-engine-3.6.2.6-1.el7.centos.noarch



Cloud Services for Business www.j2.com
j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox





_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users






















					Reply via email to