<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>Hi Dennis,</div>
<div><br>
</div>
<div>Thanks for the response. I tried two options: Disabling TLS and recompiling libvirt with TLS enabled. Both scenarios result in the same error.</div>
<div><br>
</div>
<div>All,</div>
<div><br>
</div>
<div>Another thing I did not mention in the previous post: I am only using the client (virsh) from the compiled set of tools. Libvirtd used on the server is from the standard prebuilt RPMS, would that make any difference, Any other ideas, suggestions?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Shantan</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Lucida Grande; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Will Dennis <<a href="mailto:wdennis@nec-labs.com">wdennis@nec-labs.com</a>><br>
<span style="font-weight:bold">Date: </span>Tuesday, March 5, 2013 2:06 PM<br>
<span style="font-weight:bold">To: </span>Cisco Employee <<a href="mailto:shanredd@cisco.com">shanredd@cisco.com</a>>, "<a href="mailto:libvirt-users@redhat.com">libvirt-users@redhat.com</a>" <<a href="mailto:libvirt-users@redhat.com">libvirt-users@redhat.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [libvirt-users] Virsh+QEMU, SSH issue on compiled libvirt
<br>
</div>
<div><br>
</div>
<div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi Shantan,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I believe the problem may be that libvirt 1.x requires TLS by default on connections. I saw that same problem the 1<sup>st</sup> time I replaces a running libvirt 0.9.x with 1.0.0. I believe there may be a way to turn off this requirement
in libvirtd.conf, e.g.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Network connectivity controls<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Flag listening for secure TLS connections on the public TCP/IP port.<o:p></o:p></p>
<p class="MsoNormal"># NB, must pass the --listen flag to the libvirtd process for this to<o:p></o:p></p>
<p class="MsoNormal"># have any effect.<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># It is necessary to setup a CA and issue server certificates before<o:p></o:p></p>
<p class="MsoNormal"># using this capability.<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># This is enabled by default, uncomment this to disable it<o:p></o:p></p>
<p class="MsoNormal">#listen_tls = 0<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Listen for unencrypted TCP connections on the public TCP/IP port.<o:p></o:p></p>
<p class="MsoNormal"># NB, must pass the --listen flag to the libvirtd process for this to<o:p></o:p></p>
<p class="MsoNormal"># have any effect.<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Using the TCP socket requires SASL authentication by default. Only<o:p></o:p></p>
<p class="MsoNormal"># SASL mechanisms which support data encryption are allowed. This is<o:p></o:p></p>
<p class="MsoNormal"># DIGEST_MD5 and GSSAPI (Kerberos5)<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># This is disabled by default, uncomment this to enable it.<o:p></o:p></p>
<p class="MsoNormal">#listen_tcp = 1 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On the two instances of libvirt 1.x I have deployed, I just configure and use TLS. Instructions on doing this may be found here:<o:p></o:p></p>
<p class="MsoNormal"><a href="http://wiki.libvirt.org/page/TLSSetup">http://wiki.libvirt.org/page/TLSSetup</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">HTH,<o:p></o:p></p>
<p class="MsoNormal">Will<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</span>
</body>
</html>