[Pkg-libvirt-maintainers] Bug#640135: libvirt-bin: configuration file broken: paths for key_file and cert_file swapped

Wolfgang Walkowiak walkowiak at hep.physik.uni-siegen.de
Fri Sep 2 18:32:27 UTC 2011 

Package: libvirt-bin
Version: 0.9.3-5
Severity: important


When starting /etc/init.d/libvirt-bin after upgrading to libvirt-bin 0.9.3-5
we experience the following issue: (from debug = 1)

20:25:20.034: 10262: debug : virNetTLSContextNew:190 :
cacert=/etc/pki/CA/cacert.pem cacrl=(null)
cert=/etc/pki/libvirt/private/miro_serverkey.pem
key=/etc/pki/libvirt/miro_servercert.pem requireValid=1 isServer=1
20:25:20.035: 10262: debug : virNetTLSContextLoadCredentials:112 : loading
CA cert from /etc/pki/CA/cacert.pem
20:25:20.036: 10262: debug : virNetTLSContextLoadCredentials:154 : loading
cert and key from /etc/pki/libvirt/private/miro_serverkey.pem and
/etc/pki/libvirt/miro_servercert.pem
20:25:20.036: 10262: error : virNetTLSContextLoadCredentials:162 : Unable to
 set x509 key and certificate: /etc/pki/libvirt/miro_servercert.pem,
 etc/pki/libvirt/private/miro_serverkey.pem: Base64 unexpected header error.

And libvirtd won't start.

However, when we swap the strings for key_file and cert_file libvirtd 
starts.

Differences for /etc/libvirt/libvirtd.conf attched show the working version 
of the configuration file.  Especially:
  key_file = "/etc/pki/libvirt/miro_servercert.pem"
  cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
Here the key_file entry needs to point to the servercert.pem
while cert_file needs to point to the serverkey.pem 
to get the init script /etc/init.d/libvirt-bin working.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libvirt-bin depends on:
ii  adduser 3.113                            add and remove users and groups
ii  gettext 0.18.1.1-4                       GNU Internationalization utilities
ii  libavah 0.6.30-5                         Avahi client library
ii  libavah 0.6.30-5                         Avahi common library
ii  libc6   2.13-16                          Embedded GNU C Library: Shared lib
ii  libcap- 0.6.6-1                          An alternate POSIX capabilities li
ii  libdevm 2:1.02.63-3.1                    The Linux Kernel Device Mapper use
ii  libgcry 1.4.6-9                          LGPL Crypto library - runtime libr
ii  libgnut 2.12.7-8                         GNU TLS library - runtime library
ii  libnl1  1.1-7                            library for dealing with netlink s
ii  libpart 2.3-8                            disk partition manipulator - share
ii  libpcia 0.12.1-1                         Generic PCI access library for X
ii  libread 6.2-2                            GNU readline and history libraries
ii  libsasl 2.1.24~rc1.dfsg1+cvs2011-05-23-4 Cyrus SASL - authentication abstra
ii  libudev 172-1                            libudev shared library
ii  libuuid 2.19.1-5                         Universally Unique ID library
ii  libvirt 0.9.3-5                          library for interfacing with diffe
ii  libxens 4.1.1-2                          Xenstore communications library fo
ii  libxml2 2.7.8.dfsg-4                     GNOME XML library
ii  logrota 3.7.8-6                          Log rotation utility

Versions of packages libvirt-bin recommends:
ii  bridge-utils            1.5-2            Utilities for configuring the Linu
ii  dmidecode               2.9-1.2          Dump Desktop Management Interface 
ii  dnsmasq-base            2.57-1           A small caching DNS proxy and DHCP
ii  ebtables                2.0.9.2-2        Ethernet bridge frame table admini
ii  gawk                    1:3.1.8+dfsg-0.1 GNU awk, a pattern scanning and pr
ii  iproute                 20110629-1       networking and traffic control too
ii  iptables                1.4.12-1         administration tools for packet fi
ii  libxml2-utils           2.7.8.dfsg-4     XML utilities
ii  netcat-openbsd          1.89-4           TCP/IP swiss army knife
ii  qemu                    0.14.1+dfsg-3    fast processor emulator
ii  qemu-kvm                0.14.1+dfsg-4    Full virtualization on x86 hardwar

Versions of packages libvirt-bin suggests:
ii  policykit-1                   0.102-1    framework for managing administrat
pn  radvd                         <none>     (no description available)

-- Configuration Files:
/etc/default/libvirt-bin changed:
start_libvirtd="yes"
libvirtd_opts="--listen"

/etc/libvirt/libvirtd.conf changed:
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
key_file = "/etc/pki/libvirt/miro_servercert.pem"
cert_file = "/etc/pki/libvirt/private/miro_serverkey.pem"
ca_file = "/etc/pki/CA/cacert.pem"
log_level = 1

/etc/libvirt/qemu.conf changed:
vnc_listen = "0.0.0.0"
vnc_tls = 1
user = "libvirt-qemu"
group = "kvm"
dynamic_ownership = 0


-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list