libvirtd.conf:
listen_addr="0" # by vdsm
unix_sock_group="kvm" # by vdsm
unix_sock_rw_perms="0770" # by vdsm
auth_unix_rw="sasl" # by vdsm
save_image_format="lzop" # by vdsm
log_outputs="1:file:/var/log/libvirtd.log" # by vdsm
log_filters="1:util 3:json 1:libvirt 1:qemu 1:remote" # by vdsm
auth_tcp="none" # by vdsm
listen_tcp=1 # by vdsm
listen_tls=0 # by vdsm


missing the following values:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"

Created attachment 484171 [details]
vdsm log

But do the files at /etc/pki/libvirt-spice/server-cert.pem and /etc/pki/vdsm/certs/cacert.pem etc actually exist?

I think this can happen if you manually changed vdsm to use ssl without generating the keys.

I guess it makes sense for vdsm to check their configuration and existence on service vdsmd start.

This looks like https://bugzilla.redhat.com/show_bug.cgi?id=683905, is it reproducing since the commit that fixed 683905 ?

/etc/pki/libvirt-spice/server-cert.pem and /etc/pki/vdsm/certs/cacert.pem files does exist!
I did not change any default vdsm settings

This bug is very hard to reproduce because there is no pre-requirements

After talking to Yotam i would like to clear my bug description.
The bug is:
vdsm does not fully configure libvirtd.conf the following lines are missing:
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"

Manually adding these line makes vdsm works great!

From reading the code, I assume that this can happen if the vdsm is started before the installation process is over.
The vdsm will not re-insert values into libvirtd.conf if it already did so, so subsequent installs won't change the (bad) values there.
I think this is the scenario that reproduces it:
- Install RHEL6 from scratch
- Install VDSM
- Start the vdsm
- Stop the vdsm
- Start installation

You should see the bug reproducing.
Opened a preintegration ticket.

*** Bug 706039 has been marked as a duplicate of this bug. ***

Reproducible in vdsm-71

Problem is when configuration script is run before host is installed into rhev-m environment, libvirtd.conf is edited and due to certificates in /etc/pki/vdsm/ don't exist, following lines are appended
auth_tcp="none" # by vdsm
listen_tcp=1 # by vdsm
listen_tls=0 # by vdsm

After host is installed into rhev-m env., configuration script is not run again therefore it can't append paths to certs.

Steps to reproduce:
1) Remove host from rhev-m setup
2) yum -y remove libvirt vdsm vdsm-cli
3) rm -rf /etc/pki/vdsm
4) yum -y install vdsm vdsm-cli
5) service vdsmd start
6) Install host to rhev-m

Created attachment 503189 [details]
vds_bootstrap log

Attaching vds_bootstrap log

Isn't bug 709696 dup of this one?

*** Bug 709696 has been marked as a duplicate of this bug. ***

we must not forget to call 'reconfigure' at the end of RHEL installation.

http://gerrit.usersys.redhat.com/574

Bug report changed to ON_QA status by me since Errata System refused to do so.
A QE request has been submitted for advisory RHEA-2011:11186-01
http://errata.devel.redhat.com/errata/show/11186

Verified - vdsm-4.9-81.el6 - above described scenarios no longer reproduce on vdsm-4.9-81.el6.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1782.html