Bug 1949134
| Summary: | Encrypted migrations fail in 8.4 with "No certificate was found" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Milan Zamazal <mzamazal> | ||||
| Component: | libvirt | Assignee: | Virtualization Maintenance <virt-maint> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.4 | CC: | ahadas, fjin, virt-maint, ymankad | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.4 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-04-14 11:21:55 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1948376 | ||||||
| Attachments: |
|
||||||
I think it is due to the change in this RHELAV8.4 bug: Bug 1879477 - The default_tls_x509_verify should default to 1 for migration/chardev/NBD Before bug 1879477, client cert(on source host) is not needed; after this bug, client cert is needed. Pls confirm whether client-cert.pem and client-key.pem exist in RHV env. The client migration certificates don't exist in RHV. After adding them, encrypted migrations work. Thank you for explanation. |
Created attachment 1771626 [details] QEMU and libvirt logs Description of problem: After upgrading from RHEL/AV 8.3 to 8.4, encrypted migrations no longer work in RHV. They fail when at the beginning and the destination QEMU log reports: qemu-kvm: Verify failed: No certificate was found. Encrypted migrations from 8.4 to 8.3 hosts still work, but encrypted migrations from 8.3 or 8.4 to 8.4 don't. Migrations without encryption work normally on 8.4. Version-Release number of selected component (if applicable): libvirt-7.0.0-13.module+el8.4.0+10604+5608c2b4.x86_64 qemu-kvm-5.1.0-20.el8.x86_64 kernel-4.18.0-304.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Enable encrypted migrations for a RHV cluster. 2. Try to migrate any VM. Actual results: The migration fails at its beginning. Expected results: The migration works. Additional info: I'm not sure whether it's a problem in libvirt or QEMU. Attaching libvirt and QEMU logs.