Hi I am still having problems connecting via SSL after resolving the apparmor.d problem with reading the key directory contents
I am not sure what the error is caused by, any help would be appreciated I can connect after commenting out the secure channel request There is no port restrictions or firewall, and the attempt to connect has been tried on both secure and unsecure ports (I think the secure port is passed so the unsecure port is used for the initial connection though, it isn't a passed argument issue) I have tried passing the ca file via the appropriate argument from remote-viewer Package and OS ------------------------------ Ubuntu 12.10 qemu-kvm-spice: Installed: 1.2.0-2012.09-0ubuntu1 Candidate: 1.2.0-2012.09-0ubuntu1 Version table: *** 1.2.0-2012.09-0ubuntu1 0 500 http://gb.archive.ubuntu.com/ubuntu/ quantal/universe amd64 Packages 100 /var/lib/dpkg/status /etc/hostname squealer /etc/hosts 127.0.0.1 localhost squealer squealer.maiakaat.co.uk maiakaat.co.uk www.maiakaat.co.uk 192.168.2.140 localhost squealer squealer.maiakaat.co.uk maiakaat.co.uk www.maiakaat.co.uk sudo usermod -a -G root,kvm jodic chmod 775 /var/lib/libvirt/qemu #temporary change #libvirt directory permissions are drwxr-xr-x sudo mkdir /var/lib/libvirt/pki sudo mkdir /var/lib/libvirt/pki/libvirt-spice sudo nano /etc/libvirt/qemu.conf spice_tls = 1 spice_tls_x509_cert_dir = "/var/lib/libvirt/pki/libvirt-spice" cd /var/lib/libvirt/pki/libvirt-spice sudo openssl genrsa -des3 -out ca-key.pem 1024 sudo openssl req -new -x509 -days 750 -key ca-key.pem -out ca-cert.pem -utf8 -subj "/CN=Self Signed" sudo openssl genrsa -out server-key.pem 1024 sudo openssl req -new -key server-key.pem -out server-key.csr -utf8 -subj "/CN=squealer" sudo openssl x509 req -days 750 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem sudo openssl rsa -in server-key.pem -out server-key.pem.insecure sudo mv server-key.pem server-key.pem.secure sudo mv server-key.pem.insecure server-key.pem sudo chown libvirt-qemu /var/lib/libvirt/pki sudo chown libvirt-qemu /var/lib/libvirt/pki/libvirt-spice sudo chown libvirt-qemu /var/lib/libvirt/pki/libvirt-spice/server-key.pem sudo chown libvirt-qemu /var/lib/libvirt/pki/libvirt-spice/server-cert.pem sudo chown libvirt-qemu /var/lib/libvirt/pki/libvirt-spice/ca-cert.pem #temporary change sudo chmod 775 /var/lib/libvirt/pki sudo chmod 775 /var/lib/libvirt/pki/libvirt-spice sudo chmod 775 /var/lib/libvirt/pki/libvirt-spice/server-key.pem sudo chmod 775 /var/lib/libvirt/pki/libvirt-spice/server-cert.pem sudo chmod 775 /var/lib/libvirt/pki/libvirt-spice/ca-cert.pem sudo virsh destroy VM11 sudo virsh undefine VM11 sudo shutdown -r now #don't know how to restart service for re-read of qemu.conf in Ubuntu #Ubuntu offering 28 updates - none related to virtualization at all sudo apt-get update sudo apt-get upgrade edit apparmor.d/libvirt-qemu and add the key directory after /etc/pki/libvirt-vnc** r, in an identical format within the apparmor.d config file, along with any iso directories needed sudo virsh define /var/lib/libvirt/local/xml/default-revision7.xml #defined VM11 sudo virsh start VM11 #started VM11 23:14 ish UK time #spice configuration <graphics type="spice" autoport="yes" keymap="en-gb"> <channel name="main" mode="secure" /> <channel name="record" mode="insecure" /> <channel name="display" mode="insecure" /> <channel name="inputs" mode="insecure" /> <channel name="cursor" mode="insecure" /> <channel name="playback" mode="insecure" /> <channel name="usbredir" mode="insecure" /> <image compression="auto_glz"/> <streaming mode="filter"/> <clipboard copypaste="yes"/> <mouse mode="client"/> <!-- enable connection from remote terminal --> <listen type="address" address="0.0.0.0" /> <disable-ticketing /> </graphics> On attempts to connect via virsh I am given this warning spice channels 1 should be encrypted, I'm guessing this is an authentication issue with my attempts to connect? sudo /var/log/libvirt/qemu/qemu.conf ((null):2230): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted 2012-11-13 07:28:43.081+0000: starting up LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=spice /usr/bin/kvm -name VM11 -S -M pc-1.2 -cpu Opteron_G3,+ibs,+osvw,+3dnowprefetch,+cr8legacy,+extapic,+cmp_legacy,+3dnow,+3dnowext,+pdpe1gb,+fxsr_opt,+mmxext,+ht,+vme -enable-kvm -m 2048 -smp 1,sockets=1,cores=1,threads=1 -uuid a5fa6af1-89e6-ff32-7d47-5fd28ab47a05 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/VM11.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/local/fixed-pool0/buildsvr-disk0,if=none,id=drive-virtio-disk0,format=raw,cache=writeback -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=3 -drive file=/var/lib/libvirt/local/dynamic-pool0/buildsvr-disk1,if=none,id=drive-virtio-disk1,format=raw,cache=writethrough -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=4 -drive if=none,id=drive-ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=2 -drive file=/var/lib/libvirt/local/fixed-pool0/buildsvr-media,if=none,id=drive-ide0-0-1,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=1 -netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=22 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3e:1a:b3:4c,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -spice port=5908,tls-port=5918,addr=0.0.0.0,agent-mouse=on,disable-ticketing,x509-dir=/var/lib/libvirt/pki/libvirt-spice,tls-channel=main,plaintext-channel=display,plaintext-channel=inputs,plaintext-channel=cursor,plaintext-channel=playback,plaintext-channel=record,plaintext-channel=usbredir,image-compression=auto_glz,streaming-video=filter -k en-gb -vga qxl -global qxl-vga.vram_size=33554432 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 char device redirected to /dev/pts/1 ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done: spice channels 1 should be encrypted
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel