| Summary: | vdsm: when installing vdsm manually in the host and then installing host with web-admin /etc/libvirt/qemu.conf is using spice_tls=1 which causes vm's to fail to run with cert error | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] oVirt | Reporter: | Dafna Ron <dron> | ||||
| Component: | vdsm | Assignee: | Federico Simoncelli <fsimonce> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | abaron, acathrow, bazulay, danken, iheim, knesenko, mgoldboi, ykaul | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 3.1 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | v4.9.3.3 | Doc Type: | Bug Fix | ||||
| Doc Text: |
if vdsm is started before it has its keys configured, it configures itself to avoid ssl keys - even vdsm is later installed properly with its keys and certificates.
To reconfigure vdsm run
/lib/systemd/systemd-vdsmd reconfigure
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-08-09 08:05:25 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
since there is a workaround on this particular scenario lowering severity to high, Danken- do you think of any other scenarios this issue may pop up? BZ#773371 Generate the VDSM certificates VDSM is installed with ssl enabled by default, such configuration requires the certificates to be generated when they're missing. Change-Id: I68225e8cd58f6aecc487f570627d76bfe7060b22 http://gerrit.ovirt.org/#change,1012
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
if vdsm is started before it has its keys configured, it configures itself to avoid ssl keys - even vdsm is later installed properly with its keys and certificates.
To reconfigure vdsm run
/lib/systemd/systemd-vdsmd reconfigure
In the ovirt-3.1 branch as: b94937438f4c3a531e4f50e7209e69c5fba6f182 closing ON_QA bugs as oVirt 3.1 was released: http://www.ovirt.org/get-ovirt/ |
Created attachment 552170 [details] log and config file Description of problem: when installing vdsm in server manually and then adding the server as host with web-admin the vm's with spice console fail to run with error: libvirtError: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Moran checked and during install, we skip the configuration since we assume its already configured. conf file /etc/libvirt/qemu.conf will show spice_tls=1 # by vdsm instead of spice_tls_x509_cert_dir"/etc/pki/vdsm/libvirt-spice" as result we will try to run vm with cert location: spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" which is the wrong location and vm will fail to run. workaround is to run reconfigure vdsm: /lib/systemd/systemd-vdsmd reconfigure Version-Release number of selected component (if applicable): vdsm-4.9.2-0.65.gitf945dc2.fc16.x86_64 libvirt-0.9.6-4.fc16.x86_64 How reproducible: 100% Steps to Reproduce: 1. install fedora on server and manually install vdsm and libvirt rpm's 2. create new host in web-admin 3. create and run vm with spice console Actual results: vm will fail to run Expected results: we should be using the correct cert location Additional info: full vdsm log Thread-56096::ERROR::2012-01-11 11:40:22,659::vm::550::vm.Vm::(_startUnderlyingVm) vmId=`64240c1f-5b16-4a70-8976-e4dfe9ac9a4c`::The vm start process failed Traceback (most recent call last): File "/usr/share/vdsm/vm.py", line 516, in _startUnderlyingVm self._run() File "/usr/share/vdsm/libvirtvm.py", line 1158, in _run self._connection.createXML(domxml, flags), File "/usr/share/vdsm/libvirtconnection.py", line 79, in wrapper ret = f(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2100, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self) libvirtError: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Thread-56096::DEBUG::2012-01-11 11:40:22,667::vm::880::vm.Vm::(setDownStatus) vmId=`64240c1f-5b16-4a70-8976-e4dfe9ac9a4c`::Changed state to Down: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Dummy-2581::DEBUG::2012-01-11 11:40:22,698::storage_mailbox::637::Storage.Misc.excCmd::(_checkForMail) 'dd if=/rhev/data-center/cf37f4dd-3c33-4594-a561-9824cfc7bc11/mastersd/dom_md/inbox iflag=direct,fullblock count=1 bs=1024000' (cwd None)