| Summary: | connect libvirt via qemu+tls failed | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | yanbing du <ydu> | ||||
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.2 | CC: | dallan, dyuan, eblake, mzhan, rwu, veillard, weizhan, whuang | ||||
| Target Milestone: | rc | Keywords: | Regression | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libvirt-0.9.4-6.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-12-06 11:27:12 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Moving to POST: http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-August/msg00595.html Moving back to assigned until this additional upstream patch has a commit id, since otherwise the testsuite breaks. https://www.redhat.com/archives/libvir-list/2011-August/msg01237.html Fix command test wrt gnutls initialize & fix debugging The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work because we replaced 'environ' with 'newenv'. Simply calling virTestGetDebug/Verbose() before replacing the 'environ' ensures we have processed the env variables. The gnutls initialization code opens /dev/urandom and keeps that FD around for later use. We have code which kills off FDs 3-5 to avoid interfereing with our test case. Move the virInitialize call before this point, so it kills off the gnutls /dev/urandom FD which is irrelevant for testing purposes * tests/commandtest.c: Fix test debugging & make it robust against opened FDs Back in POST with this second patch: http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-August/msg00627.html Verify this bug with libvirt-0.9.4-6.el6.x86_64
1.setup tls environment
enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable
"listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on
server and client host.
2. restart libvirtd
3. on client host, connect server host via qemu+tls
# virsh -c qemu+tls://10.66.104.54/system
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1513.html |
Created attachment 519554 [details] all certification files Description of problem: setup tls environment and connect libvirt use qemu+tls failed, get the error: "Unable to initialize certificate". BTW, with libvirt-0.9.4-2.el6.x86_64, there's no problem. Version-Release number of selected component (if applicable): libvirt-0.9.4-5.el6.x86_64 How reproducible: always Steps to Reproduce: 1.setup tls environment enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable "listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on server and client host. 2. restart libvirtd 3. on client host, connect server host via qemu+tls #virsh -c qemu+tls://$server_ip/system Actual results: #virsh -c qemu+tls://$server_ip/system error: Unable to initialize certificate error: failed to connect to the hypervisor Expected results: connect successfully Additional info: