no useful errors if tls certs missing or unreadable
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libvirt (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic
# libvirtd --version
libvirtd (libvirt) 0.7.0
ii libvirt0 0.7.0-1ubuntu13.1
if listen_tls = 1 is set in libvirtd.conf, but the certs required aren't present in /etc/pki, libvirtd silently fails to launch, returning with error code 0 (success) and so confusing start-stop-daemon into thinking it launched.
libvirtd SHOULD:
- print an error mesage like "libvirtd: listen_tls set but /etc/pki/
- return a non-zero error code
- if listen_tls or listen_tcp are set but --listen is not specified on the command line, log/print a warning like "WARNING: listen_tls or listen_tcp enabled but --listen not specified on the command line. libvirtd will not listen on the network."
This probably qualifies as an upstream bug more than anything, BUT ubuntu's config file for libvirtd needs to at least mention the certificate paths in the comments for listen_tls.
| Craig Ringer (ringerc) wrote | #1 |
| Changed in libvirt (Ubuntu): | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
Also, Ubuntu's libvirt packages should probably provide a skeleton /etc/pki which has symlinks to the default certs generated by snakeoil .