Issue:
Cloudstack KVM Host Labeled Unsecure
Cause:
CS partner documentation instructed us to enable TCP and disable TLS. We tried it and it changed the CloudStack host status to unsecure, just like thought it would.
Changing the settings back did not work with services restart.
WARNING:
This will stop your KVM libvirtd services for a few minutes.
Solution:
1. If not already performed, fix libvirtd.conf:
$ sudo vi /etc/libvirt/libvirtd.conf
...
listen_tcp=0
listen_tls=1
...
<esc>:wq (to save)
2. Stop libvirtd and unmask the secure socket services that were disabled:
$ sudo systemctl stop libvirtd
$ sudo systemctl unmask libvirtd-admin.socket
$ sudo systemctl unmask libvirtd-ro.socket
$ sudo systemctl unmask libvirtd-tcp.socket
$ sudo systemctl unmask libvirtd-tls.socket
$ sudo systemctl unmask libvirtd.socket
3. Start libvirtd back-up and restart the ACS (cloudstack-agent):
$ sudo systemctl start libvirtd-tls.socket
$ sudo systemctl restart cloudstack-agent
$ sudo systemctl enable libvirtd-tls.socket
Return to CloudStack UI and the hosts view, click Refresh, and the status will display Up.
previous page
|