[virt-tools-list] Debugging TLS connection between virt-viewer and libvirt running on separate hosts

[Will Dennis]

Is the virt-tools list supposed to be devel only? (I did post this
question a month ago to libvirt-users, with no response (which I
supposed was because it was a virt-manager/virt-viewer type of
problem...)

Thanks,
Will

-----Original Message-----
From: Cole Robinson [mailto:crobinso at redhat.com] 
Sent: Wednesday, April 10, 2013 6:33 PM
To: Will Dennis
Cc: virt-tools-list at redhat.com; libvirt user
Subject: Re: [virt-tools-list] Debugging TLS connection between
virt-viewer and libvirt running on separate hosts

On 04/10/2013 10:47 AM, Will Dennis wrote:
> Hi all,
> 
> I'm running libvirt 1.0.4 on one host (Ubuntu 12.04), and 
> virt-manager/virt-viewer on another (FC18), and using TLS to secure 
> the comm's between the hosts. I was able to get virt-manager to 
> connect the the hypervisor host via qemu+tls method, but virt-viewer 
> will not connect (either invoked from the "Show the graphical console"

> option on virt-manager's VM window, or by invoking virt-viewer 
> directly.) Both fail with a generic error (virt-manager's view console

> says "viewer connection to hypervisor host got refused or 
> disconnected") but does not give a more explicit error. I did a 
> tcpdump, and the trace does show the client machine connecting to TCP 
> port
> 16514 on the hypervisor host, which is owned by the libvirtd daemon. 
> From what I can see in the packets from that dump, it looks like the 
> endpoints are exchanging certificate info, but of course the session 
> is encrypted, so can't really see what else is going on... Is there a 
> way someone can give me to debug the communications for either the 
> client or server side? (There's nothing being written to logs as far 
> as I can see.)


CCing libvirt-users

- Cole