> On 26 Mar 2016, at 01:19, Bill James <bill.ja...@j2.com> wrote: > > I'm very interested in this too as I have same problem with spice private > keys.
can you please paste permissions and selinux status, security context of that qemu&libvirt process and the inaccessible key file(ps -Z, ls -lZ)? I wonder if host redeploy would help..did you try to reinstall the host? It should go through the certificate enrollment again and shouldn’t mess with anything else. Thanks, michal > > > > On 3/24/16 2:02 AM, Fabrice Bacchella wrote: >> I' m running on a brand new Centos 7.2 an up to date ovirt 3.6.3.4. >> >> The host is new too and dedicated to ovirt. >> >> When I try to launch a vm, I get : >> >> Thread-9407::ERROR::2016-03-24 >> 09:16:18,301::vm::759::virt.vm::(_startUnderlyingVm) >> vmId=`a32e1043-a5a5-4e4c-8436-f7b7a4ff644c`::The vm start process failed >> Traceback (most recent call last): >> File "/usr/share/vdsm/virt/vm.py", line 703, in _startUnderlyingVm >> self._run() >> File "/usr/share/vdsm/virt/vm.py", line 1941, in _run >> self._connection.createXML(domxml, flags), >> File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line >> 124, in wrapper >> ret = f(*args, **kwargs) >> File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 1313, in >> wrapper >> return func(inst, *args, **kwargs) >> File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3611, in >> createXML >> if ret is None:raise libvirtError('virDomainCreateXML() failed', >> conn=self) >> libvirtError: internal error: process exited while connecting to monitor: >> ((null):23672): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use >> private key file >> 2016-03-24T08:16:18.005359Z qemu-kvm: failed to initialize spice server >> >> >> /var/log/libvirt/qemu/test.log says >> >> 2016-03-24 08:55:48.214+0000: starting up libvirt version: 1.2.17, package: >> 13.el7_2.3 (CentOS BuildSystem <http://bugs.centos.org>, >> 2016-02-16-17:06:00, worker1.bsys.centos.org), qemu version: 2.3.0 >> (qemu-kvm-ev-2.3.0-31.el7_2.7.1) >> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin >> QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name test -S -machine >> pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu Haswell-noTSX -m >> size=2097152k,slots=16,maxmem=4294967296k -realtime mlock=off -smp >> 2,maxcpus=16,sockets=16,cores=1,threads=1 -numa >> node,nodeid=0,cpus=0-1,mem=2048 -uuid a32e1043-a5a5-4e4c-8436-f7b7a4ff644c >> -smbios type=1,manufacturer=oVirt,product=oVirt >> Node,version=7-2.1511.el7.centos.2.10,serial=30373237-3132-5A43-3235-343233333937,uuid=a32e1043-a5a5-4e4c-8436-f7b7a4ff644c >> -no-user-config -nodefaults -chardev >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-test/monitor.sock,server,nowait >> -mon chardev=charmonitor,id=monitor,mode=control -rtc >> base=2016-03-24T08:55:46,driftfix=slew -global >> kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot >> menu=on,strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 >> -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4 -device >> virtio-serial-pci, > id >> =virtio-serial0,max_ports=16,bus=pci.0,addr=0x5 -drive >> if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device >> ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive >> file=/rhev/data-center/00000001-0001-0001-0001-00000000022a/85d19e93-ee08-41bb-94c9-56adf17287b4/images/da6f49dd-8662-418b-a859-3523b4360c0e/930bbe74-7470-4b22-b096-fdb03276262d,if=none,id=drive-scsi0-0-0-0,format=raw,serial=da6f49dd-8662-418b-a859-3523b4360c0e,cache=none,werror=stop,rerror=stop,aio=native,iops=300 >> -device >> scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 >> -netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device >> virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:16:01:51,bus=pci.0,addr=0x3,bootindex=2 >> -chardev >> socket,id=charserial0,path=/var/run/ovirt-vmconsole-console/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.sock,server,nowait >> -device isa-serial,chardev=charserial0,id=serial0 -chardev >> socket,id=charchannel0,path=/var/lib/libvirt/q > emu >> >> /channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.com.redhat.rhevm.vdsm,server,nowait >> -device >> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm >> -chardev >> socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/a32e1043-a5a5-4e4c-8436-f7b7a4ff644c.org.qemu.guest_agent.0,server,nowait >> -device >> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 >> -chardev spicevmc,id=charchannel2,name=vdagent -device >> virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 >> -spice >> port=5900,tls-port=5901,addr=0,x509-dir=/etc/pki/vdsm/libvirt-spice,seamless-migration=on >> -device >> qxl-vga,id=video0,ram_size=67108864,vram_size=8388608,vgamem_mb=16,bus=pci.0,addr=0x2 >> -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on >> ((null):29166): Spice-Warning **: reds.c:3311:reds_init_ssl: Could not use >> private key file >> 2016-03-24T08:55:48.329252Z qemu-kvm: failed to initialize spice server >> 2016-03-24 08:55:48.479+0000: shutting down >> >> and indeed, when I try to strace libvirt : >> open("/etc/pki/vdsm/libvirt-spice/server-key.pem", O_RDONLY) = -1 EACCES >> (Permission denied) >> >> chmod a+r /etc/pki/vdsm/libvirt-spice/server-key.pem solved the problem, but >> it's obviously not a solution. >> >> >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users