Bug 732893 - connect libvirt via qemu+tls failed
Summary: connect libvirt via qemu+tls failed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-24 05:02 UTC by yanbing du
Modified: 2011-12-06 11:27 UTC (History)
8 users (show)

Fixed In Version: libvirt-0.9.4-6.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 11:27:12 UTC


Attachments (Terms of Use)
all certification files (20.00 KB, application/x-tar)
2011-08-24 05:02 UTC, yanbing du
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1513 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-12-06 01:23:30 UTC

Description yanbing du 2011-08-24 05:02:02 UTC
Created attachment 519554 [details]
all certification files

Description of problem:
setup tls environment and connect libvirt use qemu+tls failed, get the error: "Unable to initialize certificate".
BTW, with libvirt-0.9.4-2.el6.x86_64, there's no problem.


Version-Release number of selected component (if applicable):
libvirt-0.9.4-5.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.setup tls environment
  enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable "listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on server and client host.
2. restart libvirtd
3. on client host, connect server host via qemu+tls
   #virsh -c qemu+tls://$server_ip/system
  
Actual results:
#virsh -c qemu+tls://$server_ip/system
error: Unable to initialize certificate
error: failed to connect to the hypervisor

Expected results:
connect successfully

Additional info:

Comment 7 Eric Blake 2011-08-25 14:41:49 UTC
Moving back to assigned until this additional upstream patch has a commit id, since otherwise the testsuite breaks.
https://www.redhat.com/archives/libvir-list/2011-August/msg01237.html

Fix command test wrt gnutls initialize & fix debugging

The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
because we replaced 'environ' with 'newenv'. Simply calling
virTestGetDebug/Verbose() before replacing the 'environ' ensures
we have processed the env variables.

The gnutls initialization code opens /dev/urandom and keeps that
FD around for later use. We have code which kills off FDs 3-5
to avoid interfereing with our test case. Move the virInitialize
call before this point, so it kills off the gnutls /dev/urandom
FD which is irrelevant for testing purposes

* tests/commandtest.c: Fix test debugging & make it robust against
  opened FDs

Comment 8 Eric Blake 2011-08-25 17:45:25 UTC
Back in POST with this second patch:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-August/msg00627.html

Comment 10 Huang Wenlong 2011-08-30 03:17:31 UTC
Verify this bug with libvirt-0.9.4-6.el6.x86_64

1.setup tls environment
  enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable
"listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on
server and client host.
2. restart libvirtd
3. on client host, connect server host via qemu+tls

# virsh -c qemu+tls://10.66.104.54/system 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh #

Comment 11 errata-xmlrpc 2011-12-06 11:27:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html


Note You need to log in before you can comment on or make changes to this bug.