Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1063576 - hosted-engine-setup not configuring libvirt correctly
Summary: hosted-engine-setup not configuring libvirt correctly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.4.0
Assignee: Yedidyah Bar David
QA Contact: Jiri Belka
URL:
Whiteboard: integration
Depends On: 1034634
Blocks: rhev3.4beta 1142926
TreeView+ depends on / blocked
 
Reported: 2014-02-11 04:15 UTC by thunt
Modified: 2014-09-18 12:24 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, certificate authority certificates were not generated for libvirt. This resulted in a failure to connect to the engine virtual machine using virsh or SPICE during the hosted-engine deployment. Now, the necessary certificates are generated before libvirt is configured for VDSM and users can connect to the engine virtual machine using virsh or SPICE.
Clone Of:
Environment:
Last Closed: 2014-06-09 14:47:52 UTC
oVirt Team: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0505 normal SHIPPED_LIVE ovirt-hosted-engine-setup bug fix and enhancement update 2014-06-09 18:45:23 UTC

Description thunt 2014-02-11 04:15:48 UTC
Description of problem:
Spiceients can't connect to hypervisor after hosted-engine install

Version-Release number of selected component (if applicable):
3.3.0 (updated as of 10-feb-2014)

How reproducible:
Very

Steps to Reproduce:
1. Install hosted-engine
2. Create VM in RHEV-M using SPICE display
3. Start VM

Actual results:
VM fails to start with libvirt error

Expected results:
VM should start.

Additional info:

The following is a diff between the libvirt configuration after hosted-engine install, and a working libvirt configuration.
< - Working config
> - Config after hosted-engine install
[root@hypervisor3 ~]# diff -rw /tmp/libvirt/ /etc/libvirt/
Only in /etc/libvirt/: libvirt.conf
diff -rw /tmp/libvirt/libvirtd.conf /etc/libvirt/libvirtd.conf
405,411c405,407
< #auth_tcp="none"
< #listen_tcp=1
< #listen_tls=0
< ca_file="/etc/pki/vdsm/certs/cacert.pem"
< cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
< key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
< 
---
> auth_tcp="none"
> listen_tcp=1
> listen_tls=0
diff -rw /tmp/libvirt/qemu.conf /etc/libvirt/qemu.conf
408d407
< spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"

Comment 1 Sandro Bonazzola 2014-02-11 08:58:03 UTC
Thanks for reporting, it's a known issue, closing as duplicate of bug #1034634

*** This bug has been marked as a duplicate of bug 1034634 ***

Comment 2 thunt 2014-02-13 02:35:22 UTC
The behavior I was seeing does not seem to match BZ #1034634, and if they are the same bug, the priority of that should be very high.

In this case the certs are actually being generated and the RHEV-M install completes.

However, RHEV is useless as no VM's can be started until the config files are manually edited to resolve the problems, and if a second hypervisor is added it will go into an error state.

Comment 3 Sandro Bonazzola 2014-02-13 07:50:50 UTC
(In reply to thunt from comment #2)
> The behavior I was seeing does not seem to match BZ #1034634, and if they
> are the same bug, the priority of that should be very high.
> 
> In this case the certs are actually being generated and the RHEV-M install
> completes.

I'll try to reproduce, thanks for the additional info.

Comment 4 Sandro Bonazzola 2014-03-06 15:29:22 UTC
I think that last changes introduced by didi should have fixed this too.
didi, can you confirm?

Comment 5 Yedidyah Bar David 2014-03-09 09:37:30 UTC
(In reply to Sandro Bonazzola from comment #4)
> I think that last changes introduced by didi should have fixed this too.
> didi, can you confirm?

I think so too, but these changes are the fix for BZ #1034634 , and comment #2 implies it's a different issue:

(In reply to thunt from comment #2)
> The behavior I was seeing does not seem to match BZ #1034634, and if they
> are the same bug, the priority of that should be very high.
> 
> In this case the certs are actually being generated and the RHEV-M install
> completes.

Which certs? [1] causes generation/copying of certs (and keys) which I do not think are possible without it. Note that this is unrelated to RHEV-M install/setup.

So I currently think it actually is a duplicate of bug #1034634 .

[1] http://gerrit.ovirt.org/25142

Comment 6 thunt 2014-03-10 14:54:42 UTC
Unfortunately, I no longer have access to an environment to test this as the problem occurred on a now-finished consulting engagement.

What I do remember is that I never had to create or copy certs, so I have to assume that they were created/copied correctly and the issue was with the config files.

Note that I didn't any issues until I actually tried to create a VM with Spice in RHEV-M, so you can close out this bug if:-
- On hosted_engine_1, you can do a hosted-engine install on a clean RHEL6 configuration, and then start a VM and attach to the console.
- On hosted_engine_2, you can do a hosted-engine install for instance 2, and then successfully migrate a VM with Spice to it.

Comment 7 Yedidyah Bar David 2014-03-10 15:48:31 UTC
(In reply to thunt from comment #6)
> Unfortunately, I no longer have access to an environment to test this as the
> problem occurred on a now-finished consulting engagement.

Very well. I still think it's a duplicate of bug #1034634, but will let QA verify that anyway.

> 
> What I do remember is that I never had to create or copy certs, so I have to
> assume that they were created/copied correctly and the issue was with the
> config files.

If you refer to the configuration files detailed in the description, then the process is as follows:

If vdsm-tool is asked to configure libvirt before generating key/cert for it, it will not configure it to use ssl. Otherwise it will. Part of the fix for bug #1034634 was to reverse the order of doing these two actions.

> 
> Note that I didn't any issues until I actually tried to create a VM with
> Spice in RHEV-M, so you can close out this bug if:-
> - On hosted_engine_1, you can do a hosted-engine install on a clean RHEL6
> configuration, and then start a VM and attach to the console.

Not sure if you refer here to the engine's VM, created during deploy, or a "normal" VM created after hosted-engine deploy is finished. I verified the former.

> - On hosted_engine_2, you can do a hosted-engine install for instance 2, and
> then successfully migrate a VM with Spice to it.

I did not verify that one.

Moving to Modified for now and settings 'Depends on: 1034634' - I hope that's enough.

Comment 8 Jiri Belka 2014-04-16 13:05:05 UTC
ok, vdsm-4.14.6-0.1.beta3.el6ev.x86_64 / ovirt-hosted-engine-setup-1.1.2-2.el6ev.noarch

spice works for vm managed by hosted engine.

Comment 10 errata-xmlrpc 2014-06-09 14:47:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0505.html


Note You need to log in before you can comment on or make changes to this bug.