Hey Daniel,
Sorry, I should have mentioned that. Yes, I did setup the x509/TLS
certificates based on the instructions provided by the libvirt
documentation. The setup with the certificates work flawlessly with 0.4.6.
Here is a successful run of the virsh command using libvirt 0.4.6 with the
certificates:
# LIBVIRT_DEBUG=6 virsh -d 5 -c xen://node3/ list
command: "list "
DEBUG: libvirt.c: virInitialize (register drivers)
DEBUG: xen_internal.c: xenHypervisorInit (Using new hypervisor call: 30003
)
DEBUG: xen_internal.c: xenHypervisorInit (Using hypervisor call v2, sys ver6
dom ver5
)
DEBUG: libvirt.c: virConnectOpenAuth (name=xen://node3/, auth=0x675b9c,
flags=0)
DEBUG: libvirt.c: do_open (name "xen://node3/" to URI components:
scheme xen
opaque (null)
authority (null)
server node3
user (null)
port 0
path /
)
DEBUG: libvirt.c: do_open (trying driver 0 (Test) ...)
DEBUG: libvirt.c: do_open (driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 1 (QEMU) ...)
DEBUG: libvirt.c: do_open (driver 1 QEMU returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 2 (Xen) ...)
DEBUG: libvirt.c: do_open (driver 2 Xen returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 3 (remote) ...)
DEBUG: remote_internal.c: doRemoteOpen (proceeding with name = xen:///)
DEBUG: remote_internal.c: initialise_gnutls (loading CA file
/etc/pki/CA/cacert.pem)
DEBUG: remote_internal.c: initialise_gnutls (loading client cert and key
from files /etc/pki/libvirt/clientcert.pem and
/etc/pki/libvirt/private/clientkey.pem)
DEBUG: libvirt.c: do_open (driver 3 remote returned SUCCESS)
DEBUG: libvirt.c: do_open (network driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (network driver 1 QEMU returned DECLINED)
DEBUG: libvirt.c: do_open (network driver 2 remote returned SUCCESS)
DEBUG: libvirt.c: do_open (storage driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (storage driver 1 storage returned DECLINED)
DEBUG: libvirt.c: do_open (storage driver 2 remote returned SUCCESS)
DEBUG: libvirt.c: virConnectNumOfDomains (conn=0x8e681f0)
DEBUG: libvirt.c: virConnectListDomains (conn=0x8e681f0, ids=0x8e76f58,
maxids=1)
Id Name State
----------------------------------
DEBUG: libvirt.c: virDomainLookupByID (conn=0x8e681f0, id=0)
DEBUG: hash.c: __virGetDomain (New hash entry 0x8e8e330)
DEBUG: libvirt.c: virDomainGetInfo (domain=0x8e8e330, info=0xbfce7cc4)
DEBUG: libvirt.c: virDomainGetName (domain=0x8e8e330)
DEBUG: libvirt.c: virDomainGetID (domain=0x8e8e330)
0 Domain-0 running
DEBUG: libvirt.c: virDomainFree (domain=0x8e8e330)
DEBUG: hash.c: virUnrefDomain (unref domain 0x8e8e330 Domain-0 1)
DEBUG: hash.c: virReleaseDomain (release domain 0x8e8e330 Domain-0)
DEBUG: hash.c: virReleaseDomain (unref connection 0x8e681f0 xen://node3/ 2)
DEBUG: libvirt.c: virConnectClose (conn=0x8e681f0)
DEBUG: hash.c: virUnrefConnect (unref connection 0x8e681f0 xen://node3/ 1)
DEBUG: hash.c: virReleaseConnect (release connection 0x8e681f0 xen://node3/)
Hany
On Mon, Jun 8, 2009 at 12:34 PM, Daniel P. Berrange <berrange(a)redhat.com>wrote:
On Mon, Jun 08, 2009 at 12:20:12PM -0400, Hany Fahim wrote:
> Hey Daniel,
> Thanks for the reply. The strange thing is, libvirt isn't even attempting
to
> establish a connection with the remote server. I've performed tcpdumps to
> verify this; no traffic is exchanged between the two hosts when executing
> the virsh command. If I switch back to a version of libvirt below 0.5.0
such
> as 0.4.6, it works like a charm.
Have you configured the neccessary x509/TLS certificates on the client side
?
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/:|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://ovirt.org:|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/:|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505
:|