Bug 1676704
| Summary: | Cannot disable VNC Encryption in cluster | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-host-deploy | Reporter: | Sergey <serg> | ||||
| Component: | Core | Assignee: | Tomasz Barański <tbaransk> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Liran Rotenberg <lrotenbe> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.8.0 | CC: | bugs, lleistne, michal.skrivanek, rbarry, serg | ||||
| Target Milestone: | ovirt-4.3.1 | Flags: | rbarry:
ovirt-4.3?
|
||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-03-01 10:20:17 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Could you attach the /etc/libvirt/qemu.conf file? Created attachment 1534445 [details]
qemu.conf
Here it is, before I've disabled vnc_tls manually as a workaround.
Thanks, Sergey! The patch is already on gerrit. Your workaround is good, but remember to put the host in maintenance mode before changing the config file and restart libvirt so it picks up the change. Thanks! It was a new host, so I've already rebooted it. Found this bug while deploying new cluster. Verified on:
ovirt-engine-4.3.1.1-0.1.el7.noarch
python2-ovirt-host-deploy-1.8.0-1.el7ev.noarch
ovirt-host-deploy-java-1.8.0-1.el7ev.noarch
ovirt-host-deploy-common-1.8.0-1.el7ev.noarch
Steps:
1. Create cluster with checked "Enable VNC Encryption" option.
2. Add and install host.
3. Check host's qemu config file, set with vnc_tls=1
# cat /etc/libvirt/qemu.conf | grep vnc_tls
4. Uncheck "Enable VNC Encryption" option
5. Reinstall host
6. Check host's qemu config file, set without vnc_tls=1
# cat /etc/libvirt/qemu.conf | grep vnc_tls
Results:
After step 3, the host was with VNC encryption set.
In step 6 the block in qemu.conf was removed, disabling VNC encryption.
In the host-deploy log:
2019-02-28 10:05:27,579 p=1732 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - enable TLS] ***
2019-02-28 10:05:27,624 p=1732 u=ovirt | skipping: [virt-nested-vm13.scl.lab.tlv.redhat.com] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
2019-02-28 10:05:27,696 p=1732 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - disable TLS] ***
2019-02-28 10:05:28,744 p=1732 u=ovirt | changed: [virt-nested-vm13.scl.lab.tlv.redhat.com] => {
"changed": true
}
MSG:
Block removed
This bugzilla is included in oVirt 4.3.1 release, published on February 28th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Description of problem: After unchecking "Enable VNC Encryption" in cluster console settings oVirt UI shows warning on all hosts in cluster: "Host needs to be reinstalled as important configuration changes were applied on it." But after reinstalling hosts VNC Encryption is still enabled, ovirt-host-deploy-ansible log: 2019-02-13 00:08:17,728 p=16592 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - enable TLS] *** 2019-02-13 00:08:17,759 p=16592 u=ovirt | skipping: [*ovirthost*] => { "changed": false, "skip_reason": "Conditional result was False" } 2019-02-13 00:08:17,885 p=16592 u=ovirt | TASK [ovirt-host-deploy-vnc-certificates : Modify qemu config file - disable TLS] *** 2019-02-13 00:08:18,545 p=16592 u=ovirt | ok: [*ovirthost*] => { "changed": false } cat /etc/libvirt/qemu.conf | grep vnc_tls #vnc_tls = 1 # If the path is not provided, but vnc_tls = 1, then the #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir #vnc_tls_x509_verify = 1 vnc_tls=1 vnc_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-vnc" Version-Release number of selected component (if applicable): ovirt-engine.noarch 4.3.0.4-1.el7 ovirt-host-deploy-common.noarch 1.8.0-1.el7 ovirt-host-deploy-java.noarch 1.8.0-1.el7 python2-ovirt-host-deploy.noarch 1.8.0-1.el7 How reproducible: Steps to Reproduce: 1. create cluster with checked "Enable VNC Encryption" option 2. add and install host 3. uncheck "Enable VNC Encryption" option 4. reinstall host Actual results: VNC Encryption enabled vnc_tls=1 exists in /etc/libvirt/qemu.conf Expected results: VNC Encryption disabled no vnc_tls=1 in /etc/libvirt/qemu.conf Additional info: