I did as you said: copied from engine /etc/ovirt-engine/ca.pem onto my desktop into /etc/pki/ca-trust/source/anchors and then run update-ca-trust it didn’t help, still the same errors
вс, 29 мар. 2020 г. в 10:47, David David <dd432...@gmail.com>: > I did as you said: > copied from engine /etc/ovirt-engine/ca.pem onto my desktop into > /etc/pki/ca-trust/source/anchors and then run update-ca-trust > it didn’t help, still the same errors > > > пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86...@yahoo.com>: > >> On March 27, 2020 12:23:10 PM GMT+02:00, David David <dd432...@gmail.com> >> wrote: >> >here is debug from opening console.vv by remote-viewer >> > >> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >> >> David David <dd432...@gmail.com> writes: >> >> >> >>> yes i have >> >>> console.vv attached >> >> >> >> It looks the same as mine. >> >> >> >> There is a difference in our logs, you have >> >> >> >> Possible auth 19 >> >> >> >> while I have >> >> >> >> Possible auth 2 >> >> >> >> So I still suspect a wrong authentication method is used, but I don't >> >> have any idea why. >> >> >> >> Regards, >> >> Milan >> >> >> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzama...@redhat.com>: >> >>>> David David <dd432...@gmail.com> writes: >> >>>> >> >>>>> copied from qemu server all certs except "cacrl" to my >> >desktop-station >> >>>>> into /etc/pki/ >> >>>> >> >>>> This is not needed, the CA certificate is included in console.vv >> >and no >> >>>> other certificate should be needed. >> >>>> >> >>>>> but remote-viewer is still didn't work >> >>>> >> >>>> The log looks like remote-viewer is attempting certificate >> >>>> authentication rather than password authentication. Do you have >> >>>> password in console.vv? It should look like: >> >>>> >> >>>> [virt-viewer] >> >>>> type=vnc >> >>>> host=192.168.122.2 >> >>>> port=5900 >> >>>> password=fxLazJu6BUmL >> >>>> # Password is valid for 120 seconds. >> >>>> ... >> >>>> >> >>>> Regards, >> >>>> Milan >> >>>> >> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsof...@redhat.com>: >> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David <dd432...@gmail.com> >> >>>>>> wrote: >> >>>>>>> >> >>>>>>> ovirt 4.3.8.2-1.el7 >> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64 >> >>>>>>> remote-viewer version 8.0-3.fc31 >> >>>>>>> >> >>>>>>> can't open vm console by remote-viewer >> >>>>>>> vm has vnc console protocol >> >>>>>>> when click on console button to connect to a vm, the >> >remote-viewer >> >>>>>>> console disappear immediately >> >>>>>>> >> >>>>>>> remote-viewer debug in attachment >> >>>>>> >> >>>>>> You an issue with the certificates: >> >>>>>> >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238: >> >>>>>> ../src/vncconnection.c Set credential 2 libvirt >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacert.pem >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c No CA certificate provided, using GNUTLS >> >global >> >>>>>> trust >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Failed to find certificate >> >>>>>> libvirt/private/clientkey.pem >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Failed to find certificate >> >>>>>> libvirt/clientcert.pem >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Waiting for missing credentials >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c Got all credentials >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239: >> >>>>>> ../src/vncconnection.c No CA certificate provided; trying the >> >system >> >>>>>> trust store instead >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>>>> ../src/vncconnection.c Using the system trust store and CRL >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>>>> ../src/vncconnection.c No client cert or key provided >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240: >> >>>>>> ../src/vncconnection.c No CA revocation list provided >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241: >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243: >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251: >> >>>>>> ../src/vncconnection.c Handshake was blocking >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >> >>>>>> ../src/vncconnection.c Handshake done >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298: >> >>>>>> ../src/vncconnection.c Validating >> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301: >> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted >> >>>>>> >> >>>>>> Adding people that may know more about this. >> >>>>>> >> >>>>>> Nir >> >>>>>> >> >>>>>> >> >>>> >> >>>> >> >> >> >> >> >> Hello, >> >> You can try to take the engine's CA (maybe it's useless) and put it on >> your system in: >> /etc/pki/ca-trust/source/anchors (if it's EL7 or a Fedora) and then run >> update-ca-trust >> >> Best Regards, >> Strahil Nikolov >> >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PA23UDBCFEPQYRV54UITVA22QXPQS5SX/