Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: KVM agent installation removes pki certificates affecting libvirt #9653

Closed
tampler opened this issue Sep 7, 2024 · 1 comment
Closed

bug: KVM agent installation removes pki certificates affecting libvirt #9653

tampler opened this issue Sep 7, 2024 · 1 comment

Comments

@tampler
Copy link

tampler commented Sep 7, 2024

ISSUE TYPE
  • Bug Report
COMPONENT NAME
Core, Installation
CLOUDSTACK VERSION
4.20, 4.19
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 24.04.1
SUMMARY

When ACS agent is installed, it removes PKI certs from /etc/pki/CA, which causes libvirtd failure:

Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
libvirtd.service: Main process exited, code=exited, status=6/NOTCONFIGURED
STEPS TO REPRODUCE
1. Install Ubuntu
2. Install libvirtd
3. Download and install ACS 4.20
4. Restart libvirtd
5. Find the error:  Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
EXPECTED RESULTS
KVM agent installed seamlessly
ACTUAL RESULTS
KVM agent is installed but libvirt fails to work without certs
@weizhouapache
Copy link
Member

when you added the host to cloudstack, cloudstack agent automatically generated the certificates .
the old certificate is not cloudstack-compatible I think.
so you'd start libvirtd with listen_tcp=1, please refer to
#9562 (comment)

@apache apache locked and limited conversation to collaborators Nov 8, 2024
@DaanHoogland DaanHoogland converted this issue into discussion #9909 Nov 8, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tampler @weizhouapache