Sorry, I should have mentioned that. Yes, I did setup the x509/TLS certificates based on the instructions provided by the libvirt documentation. The setup with the certificates work flawlessly with 0.4.6. Here is a successful run of the virsh command using libvirt 0.4.6 with the certificates:
# LIBVIRT_DEBUG=6 virsh -d 5 -c xen://node3/ list
command: "list "
DEBUG: libvirt.c: virInitialize (register drivers)
DEBUG: xen_internal.c: xenHypervisorInit (Using new hypervisor call: 30003
)
DEBUG: xen_internal.c: xenHypervisorInit (Using hypervisor call v2, sys ver6 dom ver5
)
DEBUG: libvirt.c: virConnectOpenAuth (name=xen://node3/, auth=0x675b9c, flags=0)
DEBUG: libvirt.c: do_open (name "xen://node3/" to URI components:
scheme xen
opaque (null)
authority (null)
server node3
user (null)
port 0
path /
)
DEBUG: libvirt.c: do_open (trying driver 0 (Test) ...)
DEBUG: libvirt.c: do_open (driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 1 (QEMU) ...)
DEBUG: libvirt.c: do_open (driver 1 QEMU returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 2 (Xen) ...)
DEBUG: libvirt.c: do_open (driver 2 Xen returned DECLINED)
DEBUG: libvirt.c: do_open (trying driver 3 (remote) ...)
DEBUG: remote_internal.c: doRemoteOpen (proceeding with name = xen:///)
DEBUG: remote_internal.c: initialise_gnutls (loading CA file /etc/pki/CA/cacert.pem)
DEBUG: remote_internal.c: initialise_gnutls (loading client cert and key from files /etc/pki/libvirt/clientcert.pem and /etc/pki/libvirt/private/clientkey.pem)
DEBUG: libvirt.c: do_open (driver 3 remote returned SUCCESS)
DEBUG: libvirt.c: do_open (network driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (network driver 1 QEMU returned DECLINED)
DEBUG: libvirt.c: do_open (network driver 2 remote returned SUCCESS)
DEBUG: libvirt.c: do_open (storage driver 0 Test returned DECLINED)
DEBUG: libvirt.c: do_open (storage driver 1 storage returned DECLINED)
DEBUG: libvirt.c: do_open (storage driver 2 remote returned SUCCESS)
DEBUG: libvirt.c: virConnectNumOfDomains (conn=0x8e681f0)
DEBUG: libvirt.c: virConnectListDomains (conn=0x8e681f0, ids=0x8e76f58, maxids=1)
Id Name State
----------------------------------
DEBUG: libvirt.c: virDomainLookupByID (conn=0x8e681f0, id=0)
DEBUG: hash.c: __virGetDomain (New hash entry 0x8e8e330)
DEBUG: libvirt.c: virDomainGetInfo (domain=0x8e8e330, info=0xbfce7cc4)
DEBUG: libvirt.c: virDomainGetName (domain=0x8e8e330)
DEBUG: libvirt.c: virDomainGetID (domain=0x8e8e330)
0 Domain-0 running
DEBUG: libvirt.c: virDomainFree (domain=0x8e8e330)
DEBUG: hash.c: virUnrefDomain (unref domain 0x8e8e330 Domain-0 1)
DEBUG: hash.c: virReleaseDomain (release domain 0x8e8e330 Domain-0)
DEBUG: hash.c: virReleaseDomain (unref connection 0x8e681f0 xen://node3/ 2)
DEBUG: libvirt.c: virConnectClose (conn=0x8e681f0)
DEBUG: hash.c: virUnrefConnect (unref connection 0x8e681f0 xen://node3/ 1)
DEBUG: hash.c: virReleaseConnect (release connection 0x8e681f0 xen://node3/)
Hany
On Mon, Jun 8, 2009 at 12:34 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
On Mon, Jun 08, 2009 at 12:20:12PM -0400, Hany Fahim wrote:Have you configured the neccessary x509/TLS certificates on the client side ?
> Hey Daniel,
> Thanks for the reply. The strange thing is, libvirt isn't even attempting to
> establish a connection with the remote server. I've performed tcpdumps to
> verify this; no traffic is exchanged between the two hosts when executing
> the virsh command. If I switch back to a version of libvirt below 0.5.0 such
> as 0.4.6, it works like a charm.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list