Re: Can RHEL7 VM run remote libvirt commands to Fedora36 host?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 01, 2022 at 07:11:20AM -0400, Carol Bouchard wrote:

I've attached output from lsof & systemctl commands.  I enabled
virtproxyd.service Friday which got
me past my problem but it is curious how I got into this if the default is
for proxy to be enabled.



Enabling virtproxyd.socket ought to be enough, no need for the service to run
when nobody is connected.  Looks like it is set up properly now, maybe it was
some misconfig or a stuck socket somewhere.


On Mon, Aug 1, 2022 at 5:02 AM Martin Kletzander <mkletzan@xxxxxxxxxx>
wrote:


On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote:
>I have a test environment that use to work but no longer does. My
>laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are
>RHEL7 (max libvirt version is 4.5.0). The source of my problem
>seems to be that RHEL7 libvirt needs rw socket
/var/run/libvirt/libvirt-sock
>which no longer exists in fedora36.
>
>The following is successful from RHEL7 VM to laptop:
>virsh -d0 --connect
>'qemu+ssh://
192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro'
>domstate beaker-test-vm1.beaker
>
>If I change the action from domstate to start, it fails on
>error: Failed to start domain beaker-test-vm1.beaker
>error: operation forbidden: read only access prevents virDomainCreate
>which made me realize ro stands for read-only; however, there is no
>libvirt-sock. I tried some of the other socket files without success.
>Is there a work-around?
>

It is pretty weird that something is listening on the libvirt-sock-ro and
not on
libvirt-sock.  Could you run a quick lsof to figure out who's listening on
libvirt-sock?  If it is systemd, then you have socket activation set up
for the
read-only socket *only* and you need to also enable libvirtd.socket.
Something
along the lines of:

     systemctl enable --now libvirtd.socket libvirtd-ro.socket
     systemctl stop libvirtd.service

should suffice.

You might also be running in the newer split daemon scenario and you have
virtqemud running instead.  The service listening to libvirt socket might
be for
virtproxyd[0] instead and you might need to do the following instead:

     systemctl enable --now virtproxyd.socket virtproxyd-ro.socket
     systemctl stop virtproxyd.service

To make sure try figuring out which systemd service/socket is associated
with
the socket, by running `systemctl status libvirtd virtproxyd`.

Martin

[0] https://libvirt.org/manpages/virtproxyd.html

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux