Created attachment 552170 [details] log and config file Description of problem: when installing vdsm in server manually and then adding the server as host with web-admin the vm's with spice console fail to run with error: libvirtError: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Moran checked and during install, we skip the configuration since we assume its already configured. conf file /etc/libvirt/qemu.conf will show spice_tls=1 # by vdsm instead of spice_tls_x509_cert_dir"/etc/pki/vdsm/libvirt-spice" as result we will try to run vm with cert location: spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" which is the wrong location and vm will fail to run. workaround is to run reconfigure vdsm: /lib/systemd/systemd-vdsmd reconfigure Version-Release number of selected component (if applicable): vdsm-4.9.2-0.65.gitf945dc2.fc16.x86_64 libvirt-0.9.6-4.fc16.x86_64 How reproducible: 100% Steps to Reproduce: 1. install fedora on server and manually install vdsm and libvirt rpm's 2. create new host in web-admin 3. create and run vm with spice console Actual results: vm will fail to run Expected results: we should be using the correct cert location Additional info: full vdsm log Thread-56096::ERROR::2012-01-11 11:40:22,659::vm::550::vm.Vm::(_startUnderlyingVm) vmId=`64240c1f-5b16-4a70-8976-e4dfe9ac9a4c`::The vm start process failed Traceback (most recent call last): File "/usr/share/vdsm/vm.py", line 516, in _startUnderlyingVm self._run() File "/usr/share/vdsm/libvirtvm.py", line 1158, in _run self._connection.createXML(domxml, flags), File "/usr/share/vdsm/libvirtconnection.py", line 79, in wrapper ret = f(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2100, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self) libvirtError: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Thread-56096::DEBUG::2012-01-11 11:40:22,667::vm::880::vm.Vm::(setDownStatus) vmId=`64240c1f-5b16-4a70-8976-e4dfe9ac9a4c`::Changed state to Down: internal error process exited while connecting to monitor: do_spice_init: starting 0.10.0 reds_init_ssl: Could not load certificates from /etc/pki/libvirt-spice/server-cert.pem Dummy-2581::DEBUG::2012-01-11 11:40:22,698::storage_mailbox::637::Storage.Misc.excCmd::(_checkForMail) 'dd if=/rhev/data-center/cf37f4dd-3c33-4594-a561-9824cfc7bc11/mastersd/dom_md/inbox iflag=direct,fullblock count=1 bs=1024000' (cwd None)
since there is a workaround on this particular scenario lowering severity to high, Danken- do you think of any other scenarios this issue may pop up?
BZ#773371 Generate the VDSM certificates VDSM is installed with ssl enabled by default, such configuration requires the certificates to be generated when they're missing. Change-Id: I68225e8cd58f6aecc487f570627d76bfe7060b22 http://gerrit.ovirt.org/#change,1012
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: if vdsm is started before it has its keys configured, it configures itself to avoid ssl keys - even vdsm is later installed properly with its keys and certificates. To reconfigure vdsm run /lib/systemd/systemd-vdsmd reconfigure
In the ovirt-3.1 branch as: b94937438f4c3a531e4f50e7209e69c5fba6f182
closing ON_QA bugs as oVirt 3.1 was released: http://www.ovirt.org/get-ovirt/