search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
2.11k stars 1.11k forks source link

bug: KVM agent installation removes pki certificates affecting libvirt #9653

Closed tampler closed 2 weeks ago

tampler commented 2 months ago
ISSUE TYPE
COMPONENT NAME
Core, Installation
CLOUDSTACK VERSION
4.20, 4.19
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 24.04.1
SUMMARY

When ACS agent is installed, it removes PKI certs from /etc/pki/CA, which causes libvirtd failure: 

Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
libvirtd.service: Main process exited, code=exited, status=6/NOTCONFIGURED
STEPS TO REPRODUCE
1. Install Ubuntu
2. Install libvirtd
3. Download and install ACS 4.20
4. Restart libvirtd
5. Find the error:  Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
EXPECTED RESULTS
KVM agent installed seamlessly
ACTUAL RESULTS
KVM agent is installed but libvirt fails to work without certs
weizhouapache commented 1 month ago

when you added the host to cloudstack, cloudstack agent automatically generated the certificates . the old certificate is not cloudstack-compatible I think. so you'd start libvirtd with listen_tcp=1, please refer to https://github.com/apache/cloudstack/issues/9562#issuecomment-2302208986