I installed Ovirt and want to add network interface for NAT. So I need to connect to hypervisor by virsh and add nic.

Ovirt installed on my local server, host (ovirt-engine.kvmserver.net) is on the same server.

I tried to connect in readable mode is ok

 # virsh -r Welcome to virsh, the virtualization interactive terminal.  Type:  'help' for help with commands        'quit' to quit  virsh > list  Id    Name                           State ----------------------------------------------------  10    CentOS_test                    running  12    CentOS_test2                   running  16    Windows1                       running  17    Windows2                       running 

In normal mode

# virsh Welcome to virsh, the virtualization interactive terminal.  Type:  'help' for help with commands        'quit' to quit  virsh # list Please enter your authentication name: Please enter your password: error: Failed to reconnect to the hypervisor error: no valid connection error: authentication failed: Failed to step SASL negotiation: -1 (SASL(-1): generic failure: All-whitespace username.) 

As I understand I need to connect with certificate. I tried on https

# virsh connect https://ovirt-engine.kvmserver.net 2013-05-12 13:21:30.004+0000: 25581: info : libvirt version: 0.10.2, package: 18.el6_4.4 (CentOS BuildSystem <http://bugs.centos.org>, 2013-04-18-16:13:45, c6b7.bsys.dev.centos.org) 2013-05-12 13:21:30.004+0000: 25581: warning : virNetTLSContextCheckCertificate:1102 : Certificate check failed Certificate [session] owner does not match the hostname ovirt-engine.kvmserver.net error: Failed to connect to the hypervisor error: authentication failed: Failed to verify peer's certificate 

I tried on port 80

# virsh connect http://ovirt-engine.kvmserver.net:80 error: Failed to connect to the hypervisor error: authentication failed: TLS handshake failed A TLS packet with unexpected length was received. 

How I should to connect to hypervisor?


I found the solution!

The problem was on "Remote management using SASL authentication". I didn't create special user for SASL. Create user command is

# saslpasswd2 -a libvirt USERNAME
Again (for verification):

That's all.

Certificates don't match. If virsh has an option to not check validity of cert then use that option. Otherwise, fix the cert to match the dns name or vice versa, fix dns to match the cert name. Whichever is more appropriate.

While you can probably google or ask for the username and password in [email protected], I would definitely advise against touching anything with virsh. The reason is that ovirt-engine manages the system, issuing commands to the underlying vdsm and libvirt daemons, and if you go directly to libvirt, bypassing the engine, any changes you make will not be accounted for and can potentially break things.

Moreover NAT configs are not natively supported by ovirt, the standard operational mode is bridged, which is what the ovirt logical networks really are under the hood.

