| Summary: | virt-manager:can't vnc to guest when using TLS connections on xen. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | zhe peng <zpeng> |
| Component: | virt-manager | Assignee: | Cole Robinson <crobinso> |
| Status: | CLOSED NOTABUG | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.7 | CC: | dyuan, mskinner, mzhan, rwu |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-13 10:04:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug. Make sure it works for plain TCP connections as well! I think I'm running into this on a RHEL 6.1 box. Thanks! never mind - i got mine to work with: <graphics type='vnc' port='-1' autoport='yes' listen="0.0.0.0"/> in the guest.xml file. Please provide the output of virt-manager --debug when reproducing |
Description of problem: virt-manager can't vnc to guest when using TLS connections. Version-Release number of selected component (if applicable): libvirt-0.8.2-20.el5 virt-manager-0.6.1-14.el5 How reproducible: always Steps to Reproduce: steup: 1.- make sure you have 2 machines, one runs virt-manager, the other runs as a host. - Log the host machine into a Xen environment - libvirtd service is running on both system - require package "gnutls-utils" installed 2.Make sure 2 hosts UTC time was same. #date -U if not please set it. 3. Make sure the iptables let the vnc port 5900 though on both machine. On server (dhcp-66.70.159.nay.redhat.com) 1. Set up a Certificate Authority (CA) 1.1 # certtool --generate-privkey > cakey.pem 1.2 self-sign cakey.pem by creating a file with the signature details called ca.info containing: cn = dhcp-66.70.159.nay.redhat.com (or the ip of the server) ca cert_signing_key 1.3 # certtool --generate-self-signed --load-privkey cakey.pem --template ca.info --outfile cacert.pem 2. Create server certificates 2.1 certtool --generate-privkey > serverkey.pem 2.2 sign that key with the CA's private key by first creating a template file called server.info organization = Red Hat cn = dhcp-66.70.159.nay.redhat.com (or the ip of the server) tls_www_server encryption_key signing_key 2.3 # certtool --generate-certificate --load-privkey serverkey.pem --load-ca-certificate cacert.pem \ --load-ca-privkey cakey.pem --template server.info --outfile servercert.pem 3. Copy CA key and server key to correct directory 3.1 # cp cakey.pem cacert.pem /etc/pki/CA 3.2 # mkdir -p /etc/pki/libvirt/private 3.3 # cp serverkey.pem /etc/pki/libvirt/private 3.4 # cp servercert.pem /etc/pki/libvirt 4. Copy CA key to client(10.66.70.162) into correct directory 4.1 # scp cakey.pem cacert.pem root.70.162:/etc/pki/CA 5. Turn on libvird monitor listening in /etc/sysconfig/libvirtd -- uncomment LIBVIRTD_ARGS="--listen" 6. Edit /etc/libvirt/libvirtd.conf -- uncomment "listen_tls = 1" -- uncomment and set auth_tls = "none" -- uncommenet "vnc_tls=1" -- set this line : vnc_listen = "0.0.0.0" 7. Set the the guest specific file: /etc/libvirt/qemu/<guest-name>.xml change the "127.0.0.1" to "0.0.0.0" in Graphics line 8. # service libvirtd restart 9. # service iptables stop On client (dhcp-66.70.162.nay.redhat.com) 10. Create client certificates 10.1 # certtool --generate-privkey > clientkey.pem 10.2 Act as CA and sign the certificate. Create client.info containing: country = GB state = London locality = London organization = Red Hat cn = dhcp-66.70.162.nay.redhat.com (or the ip of the client) tls_www_client encryption_key signing_key 10.3 # certtool --generate-certificate --load-privkey clientkey.pem --load-ca-certificate /etc/pki/CA/cacert.pem \ --load-ca-privkey /etc/pki/CA/cakey.pem --template client.info --outfile clientcert.pem 11. Copy client key to correct directory 11.1 # mkdir -p /etc/pki/libvirt/private 11.2 # cp clientkey.pem /etc/pki/libvirt/private 11.3 # cp clientcert.pem /etc/pki/libvirt/ [Steps] 1, Launch virt-manager 2, Connect to a remote host ("File ->Add Connection ->Choose Qemu/xen for Hypervisor --> choose 'Remote SSL/TLS with x509 certificate' -->Select the remote host you want to connect.-->Click 'Connect'") 3, Try to run/shutdown/force off/open some vm on the remote connect. Actual results: user can't vnc to client guest,an error message shown up in virt-manager "TCP/IP error:VNC connection to hypervisor host got refused or disconnected!" Expected results: user can vnc to client guest. Additional info: