Hide Forgot
Created attachment 519554 [details] all certification files Description of problem: setup tls environment and connect libvirt use qemu+tls failed, get the error: "Unable to initialize certificate". BTW, with libvirt-0.9.4-2.el6.x86_64, there's no problem. Version-Release number of selected component (if applicable): libvirt-0.9.4-5.el6.x86_64 How reproducible: always Steps to Reproduce: 1.setup tls environment enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable "listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on server and client host. 2. restart libvirtd 3. on client host, connect server host via qemu+tls #virsh -c qemu+tls://$server_ip/system Actual results: #virsh -c qemu+tls://$server_ip/system error: Unable to initialize certificate error: failed to connect to the hypervisor Expected results: connect successfully Additional info:
Moving to POST: http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-August/msg00595.html
Moving back to assigned until this additional upstream patch has a commit id, since otherwise the testsuite breaks. https://www.redhat.com/archives/libvir-list/2011-August/msg01237.html Fix command test wrt gnutls initialize & fix debugging The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work because we replaced 'environ' with 'newenv'. Simply calling virTestGetDebug/Verbose() before replacing the 'environ' ensures we have processed the env variables. The gnutls initialization code opens /dev/urandom and keeps that FD around for later use. We have code which kills off FDs 3-5 to avoid interfereing with our test case. Move the virInitialize call before this point, so it kills off the gnutls /dev/urandom FD which is irrelevant for testing purposes * tests/commandtest.c: Fix test debugging & make it robust against opened FDs
Back in POST with this second patch: http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-August/msg00627.html
Verify this bug with libvirt-0.9.4-6.el6.x86_64 1.setup tls environment enable LIBVIRTD_ARGS="--listen" in /etc/sysconfig/libvirtd and enable "listen_tls" in /etc/libvirt/libvirtd.conf, then setup certification both on server and client host. 2. restart libvirtd 3. on client host, connect server host via qemu+tls # virsh -c qemu+tls://10.66.104.54/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh #
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1513.html