Description of problem: On existing cluster, when upgrading to 4.3, the cluster's VNC encryption is false. But, on hosts, they configured with VNC encryption. In the DB, select vnc_encryption_enabled from vds_dynamic where vds_id=<your host id>; Will result with false flag on the hosts. In the host /etc/libvirt/qemu.conf vnc_tls=1 vnc_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-vnc" This will result NoVNC to break - https://bugzilla.redhat.com/show_bug.cgi?id=1659155 The user is not aware to the encryption, remote-viewer needs additional configuration - in this state it will open and immediate close. Version-Release number of selected component (if applicable): ovirt-engine-4.3.0-0.8.rc2.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Upgrade the host from 4.2 to 4.3. Actual results: VNC encryption is set on the host while the cluster set False to VNC encryption. Expected results: VNC encryption to be set as the cluster. Additional info: From the engine, host-deploy, ovirt-host-mgmt-ansible log: 2019-02-05 13:25:28,278 p=60013 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - enable TLS] *** 2019-02-05 13:25:28,757 p=60013 u=ovirt | changed: [ocelot06.qa.lab.tlv.redhat.com] => { "changed": true } MSG: Block inserted 2019-02-05 13:25:28,800 p=60013 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - disable TLS] *** 2019-02-05 13:25:28,812 p=60013 u=ovirt | skipping: [ocelot06.qa.lab.tlv.redhat.com] => { "changed": false, "skip_reason": "Conditional result was False" }
Created attachment 1527121 [details] host_deploy_log
There is a workaround until the bug is fixed: 1. Comment out `vnc_tls=1` in /etc/libvirt/qemu.conf (or change it to vnc_tls=0). 2. Restart the host (actually, what is strictly necessary is restarting libvirt and all affected VMs. Restarting the host might just be easier).
Greg was faster, but definitely able to be verified with nightlies
Verified on: ovirt-engine-4.3.0.5-0.0.master.20190210112640.git53b60e3.el7.noarch Steps: 1. Create a cluster with un-upgraded host, VNC encryption disabled. 2. Check the host qemu.conf for vnc_tls # less /etc/libvirt/qemu.conf | grep vnc_tls 3. Check for update from the UI. 4. Upgrade the host from UI. 5. Check the host qemu.conf for vnc_tls # less /etc/libvirt/qemu.conf | grep vnc_tls 6. Check host-deploy log for TLS conditions. Results: In step 2, qemu.conf is without vnc_tls=1, it's commented as it should be. In step 5, the result is the same as step 2, as expected. From step 6: 2019-02-12 09:35:07,419 p=24786 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - enable TLS] *** 2019-02-12 09:35:07,434 p=24786 u=ovirt | skipping: [ocelot03.qa.lab.tlv.redhat.com] => { "changed": false, "skip_reason": "Conditional result was False" } 2019-02-12 09:35:07,476 p=24786 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - disable TLS] *** 2019-02-12 09:35:07,990 p=24786 u=ovirt | ok: [ocelot03.qa.lab.tlv.redhat.com] => { "changed": false }
This bugzilla is included in oVirt 4.3.1 release, published on February 28th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.