Bug 1034679

Summary: [hosted-engine] qemu+tls not working during deployment
Product: Red Hat Enterprise Virtualization Manager Reporter: Doron Fediuck <dfediuck>
Component: ovirt-hosted-engine-setupAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED DUPLICATE QA Contact: Leonid Natapov <lnatapov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: dfediuck, didi, iheim, oschreib, pstehlik, sbonazzo, scohen
Target Milestone: ---Keywords: Triaged
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-09 16:19:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Doron Fediuck 2013-11-26 10:33:18 UTC 
Description of problem:
During the deployment phase, a user should be able to connect to the VM console
using gnu+tls. However, certificates are missing (see bug 1034634), and after
generating it manually, still unable to connect to the console.

Version-Release number of selected component (if applicable):
IS24.2

How reproducible:
Try connecting: 
virsh -c qemu+tls://some-host/system console HostedEngine

Actual results:
error: unable to connect to server at 'sla-sheldon:16514': Connection refused
error: failed to connect to the hypervisor

Expected results:
Should connect to console

Additional info:
it seems that libvirt is not listening to tls:
netstat -ap --ip | grep libv
tcp        0      0 *:16509                     *:*                         LISTEN      3402/libvirtd     

libvirtd.conf updated by vdsm has:
listen_tcp=1
listen_tls=0
## end of configuration section by vdsm-4.10.3
Comment 2 Yedidyah Bar David 2013-11-26 11:26:47 UTC 
Doron, you probably meant "qemu+tls" and perhaps in some cases "gnutls" (no "+").
Comment 3 Doron Fediuck 2013-11-28 15:11:58 UTC 
(In reply to Yedidyah Bar David from comment #2)
> Doron, you probably meant "qemu+tls" and perhaps in some cases "gnutls" (no
> "+").

Right, I was using associations...
Comment 4 Itamar Heim 2013-12-08 09:00:11 UTC 
isn't this a dup of bug 1034634?
Comment 5 Sandro Bonazzola 2013-12-09 16:19:57 UTC 
tls port is not listening because the required certificate is not generated by hosted-engine --deploy. It's generated later by ovirt-host-deploy when the host is added to the engine.

*** This bug has been marked as a duplicate of bug 1034634 ***