Thanks very much. You are very gentle and helpful.
I've fixed the PolicyKit problem in this way :
In :
/usr/share/polkit-1/actions/org.libvirt.unix.policy
/usr/share/polkit-1/actions/org.libvirt.unix.policy
I have changed this :
<action id="org.libvirt.unix.manage">
<description>Manage local virtualized systems</description>
<message>System policy prevents management of local virtualized systems</message>
<defaults>
<!-- Any program can use libvirt in read/write mode if they
provide the root password -->
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
to this :
<action id="org.libvirt.unix.manage">
<description>Manage local virtualized systems</description>
<message>System policy prevents management of local virtualized systems</message>
<defaults>
<!-- Any program can use libvirt in read/write mode if they
provide the root password -->
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
and boom : QEMU and KVM are connected now. Now,another problem has emerged. When I click on "File / New Virtual Machine",nothing happens. At this point,I did :
sudo virsh net-info default
then :
sudo virsh net-start default
and a lot of shit came out from the manhole :
Error starting network 'default': internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Traceback (most recent call last): File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb callback(*args, **kwargs) File "/usr/local/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn ret = fn(self, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/share/virt-manager/virtManager/object/network.py", line 69, in start self._backend.create() File "/usr/lib/python3/dist-packages/libvirt.py", line 3547, in create raise libvirtError('virNetworkCreate() failed') libvirt.libvirtError: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
marietto@chromarietto:~$ sudo virsh net-info default
and :
Name: default
UUID: 7c4408b7-5125-4c98-9d53-f1fe109371e3
Active: no
Persistent: yes
Autostart: yes
Bridge: virbr0
marietto@chromarietto:~$ sudo virsh net-start default
error: Failed to start network default
error: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?). Perhaps iptables or your kernel needs to be upgraded.
I tried to fix it with this :
$ modprobe iptable_mangle modprobe: FATAL: Module iptable_mangle not found in directory /lib/modules/5.4.244-stb-cbe
so,some options should be enabled inside the kernel,for sure.
I have configured the option "MANGLE" to yes when I have recompiled the kernel the last time :
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP6_NF_MANGLE=y
"unfortunately" I'd configured it correctly,so the error should depend on something else.
It would have
been too easy to fix the error so fast. Suggestions ?
On Mon, Aug 28, 2023 at 1:16 PM Pavel Hrdina <phrdina@xxxxxxxxxx> wrote:
On Sun, Aug 27, 2023 at 06:06:59PM +0200, Mario Marietto wrote:
> If I don't launch virtqemud,this is what I have :
Yeah you never want to run libvirtd and virtqemud at the same time, more
info here <https://libvirt.org/daemons.html>.
> marietto@chromarietto:~$ libvirtd &
This will not work as expected. If you want to use system connection you
need to run libvirtd as root user.
> [1] 2083
>
> marietto@chromarietto:~$ virt-manager
>
>
> A new error comes out :
>
> Unable to connect to libvirt qemu:///system.
>
> error from service: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed:
> Action org.libvirt.unix.manage is not registered
>
> Libvirt URI is: qemu:///system
>
> Traceback (most recent call last):
> File "/usr/local/share/virt-manager/virtManager/connection.py", line
> 923, in _do_open
> self._backend.open(cb, data)
> File "/usr/local/share/virt-manager/virtinst/connection.py", line 171, in open
> conn = libvirt.openAuth(self._open_uri,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/libvirt.py", line 147, in openAuth
> raise libvirtError('virConnectOpenAuth() failed')
> libvirt.libvirtError: error from service:
> GDBus.Error:org.freedesktop.PolicyKit1.
> Error.Failed: Action org.libvirt.unix.manage is not registered
This is polkit trying to authenticate that your user can connect to
system connection, libvirt running with root privileges, but you started
libvirtd as normal user.
The error that "org.libvirt.unix.manage is not registered" means there
is no process handling that polkit action as there is no libvirtd
running as root.
Pavel
> On Sun, Aug 27, 2023 at 1:00 AM Mario Marietto <marietto2008@xxxxxxxxx>
> wrote:
>
> > Is there someone that can help me ? thanks.
> >
> > # sudo usermod -a -G libvirt root
> > # sudo usermod -a -G libvirtd root
> > # sudo usermod -a -G libvirt-qemu libvirt-qemu
> > # sudo usermod -a -G libvirt marietto
> > # sudo adduser libvirt-qemu
> > # sudo groupadd --system libvirt
> > # sudo groupadd --system libvirt-qemu
> > # sudo newgrp libvirt-qemu
> > # newgrp libvirt
> >
> > # /usr/local/sbin# libvirtd &
> > [1] 2875
> >
> > # virtqemud &
> > [2] 2906
> >
> > # /usr/local/sbin# 2023-08-26 22:53:10.190+0000: 2923: info : libvirt version: 9.7.0
> >
> > 2023-08-26 22:53:10.190+0000: 2923: info : hostname: chromarietto
> > 2023-08-26 22:53:10.190+0000: 2923: error : virPidFileAcquirePathFull:409 :
> > Failed to acquire pid file '/var/local/run/libvirt/qemu/driver.pid':
> > Resource temporarily unavailable
> > 2023-08-26 22:53:10.192+0000: 2923: error : virStateInitialize:672 :
> > Initialization of QEMU state driver failed: Failed to acquire pid file
> > '/var/local/run/libvirt/qemu/driver.pid': Resource temporarily unavailable
> > 2023-08-26 22:53:10.192+0000: 2923: error : daemonRunStateInit:617 :
> > Driver state initialization failed
> >
> > # /usr/local/sbin# ps ax | grep libvirt
> > 2875 pts/0 Sl 0:00 libvirtd
> >
> > # /usr/local/sbin# ps ax | grep virtqemu
> >
> >
> > On Fri, Aug 25, 2023 at 11:43 PM Mario Marietto <marietto2008@xxxxxxxxx>
> > wrote:
> >
> >> The real problem seems to be that the libvirtd process won't start :
> >>
> >> marietto@chromarietto:~$ systemctl enable libvirtd
> >>
> >> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
> >> Authentication is required to manage system service or unit files.
> >> Multiple identities can be used for authentication:
> >> 1. linux
> >> 2. mario,,, (marietto)
> >> Choose identity to authenticate as (1-2): 2
> >> Password:
> >> ==== AUTHENTICATION COMPLETE ====
> >>
> >> marietto@chromarietto:~$ systemctl start libvirtd
> >>
> >> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
> >> Authentication is required to start 'libvirtd.service'.
> >> Multiple identities can be used for authentication:
> >> 1. linux
> >> 2. mario,,, (marietto)
> >> Choose identity to authenticate as (1-2): 2
> >> Password:
> >> ==== AUTHENTICATION COMPLETE ====
> >>
> >> marietto@chromarietto:~$ systemctl status libvirtd
> >>
> >> ○ libvirtd.service - Virtualization daemon
> >> Loaded: loaded (/usr/local/lib/systemd/system/libvirtd.service;
> >> enabled; preset: enabled)
> >> Active: inactive (dead) since Fri 2023-08-25 21:04:37 UTC; 2s ago
> >> Duration: 88ms
> >> TriggeredBy: ● libvirtd-admin.socket
> >> ● libvirtd-ro.socket
> >> ● libvirtd.socket
> >> Docs: man:libvirtd(8)
> >> https://libvirt.org
> >> Process: 3488 ExecStart=/usr/local/sbin/libvirtd $LIBVIRTD_ARGS
> >> (code=exited, status=0/SUCCESS)
> >> Main PID: 3488 (code=exited, status=0/SUCCESS)
> >> CPU: 252ms
> >>
> >> As you can see,it says "inactive". This is the reason :
> >>
> >> Aug 25 21:22:59 chromarietto libvirtd[3663]: invalid argument: Failed to
> >> parse user 'libvirt-qemu'
> >> Aug 25 21:22:59 chromarietto libvirtd[3663]: Initialization of QEMU
> >> state driver failed: invalid argument: Failed to parse user 'libvirt-qemu'
> >> Aug 25 21:22:59 chromarietto libvirtd[3663]: Driver state initialization
> >> failed
> >> Aug 25 21:22:59 chromarietto systemd[1]: libvirtd.service: Deactivated
> >> successfully.
> >>
> >> On Fri, Aug 25, 2023 at 10:27 PM Mario Marietto <marietto2008@xxxxxxxxx>
> >> wrote:
> >>
> >>> I think that what I found is very interesting :
> >>>
> >>> marietto@chromarietto:~/Desktop/Dati/new/libvirt/build$ systemctl start
> >>> virtqemud
> >>>
> >>> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
> >>> Authentication is required to start 'virtqemud.service'.
> >>> Multiple identities can be used for authentication:
> >>> 1. linux
> >>> 2. mario,,, (marietto)
> >>> Choose identity to authenticate as (1-2): 2
> >>> Password:
> >>> ==== AUTHENTICATION COMPLETE ====
> >>>
> >>> marietto@chromarietto:~/Desktop/Dati/new/libvirt/build$ systemctl
> >>> enable virtqemud
> >>>
> >>> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
> >>> Authentication is required to manage system service or unit files.
> >>> Multiple identities can be used for authentication:
> >>> 1. linux
> >>> 2. mario,,, (marietto)
> >>> Choose identity to authenticate as (1-2): 2
> >>> Password:
> >>> ==== AUTHENTICATION COMPLETE ====
> >>>
> >>> marietto@chromarietto:~/Desktop/Dati/new/libvirt/build$ ls
> >>> /var/local/run/libvirt/virtqemud-sock
> >>> /var/local/run/libvirt/virtqemud-sock
> >>>
> >>> but when I launch virt-manager :
> >>>
> >>> marietto@chromarietto:~/Desktop/Dati/new/libvirt/build$
> >>> /usr/local/bin/./virt-manager
> >>>
> >>> It tries to connect,but it gets disconnected after a couple of seconds
> >>> and the error "Failed to connect socket to
> >>> '/var/run/libvirt/virtqemud-sock': No such file or directory' is shown
> >>> again.
> >>>
> >>> In addition,virtqemud-sock is deleted :
> >>>
> >>> marietto@chromarietto:~/Desktop/Dati/new/libvirt/build$ ls
> >>> /var/local/run/libvirt/virtqemud-sock
> >>> ls: cannot access '/var/local/run/libvirt/virtqemud-sock': No such file
> >>> or directory
> >>>
> >>>
> >>> The same problem I have has been found here and solved :
> >>>
> >>>
> >>> https://unix.stackexchange.com/questions/715726/virsh-list-throw-error-failed-to-connect-socket-to-var-run-libvirt-virtqemud
> >>>
> >>> On Fri, Aug 25, 2023 at 8:34 PM Mario Marietto <marietto2008@xxxxxxxxx>
> >>> wrote:
> >>>
> >>>> I don't agree with some of your assumptions,for example :
> >>>>
> >>>> 1) to send a screenshot is most of the time more informative than copy
> >>>> and paste text,because it contains more information. To describe
> >>>> complicated situations using only words takes a LOT of time,sometimes.
> >>>> Especially for the newbies,that aren't so skilled and they may have some
> >>>> difficulty in including or not some information. And even for the lack of a
> >>>> technical language.
> >>>>
> >>>> 2) From my experience, going to irc to ask for help can be a problem
> >>>> for the time zone. Every time I tried to go to an IRC channel,I've always
> >>>> found bots and not talking users.
> >>>>
> >>>> 3) The rejection of emails happens even if I don't attach any
> >>>> screenshots (a thing that I do rarely),and my messages are also rejected
> >>>> because when I hit reply also all the story is attached. I think that it's
> >>>> important to attach the story because it may contains important details
> >>>> that could be missed
> >>>>
> >>>> On Fri, Aug 25, 2023 at 8:24 PM Eric Blake <eblake@xxxxxxxxxx> wrote:
> >>>>
> >>>>> On Fri, Aug 25, 2023 at 07:13:26PM +0200, Mario Marietto wrote:
> >>>>> > I've sent you an email on your personal email address because the ML
> >>>>> does
> >>>>> > not accept pictures,but I need to show you a picture to help you to
> >>>>> > understand well. I don't approve this rule of the ML,it does not
> >>>>> help those
> >>>>> > who want to learn and for this reason need to be exhaustive when
> >>>>> there is a
> >>>>> > strong need to explain well.
> >>>>>
> >>>>> The list has a cap at 300k for a reason. Sending larger attachments
> >>>>> to the list then multiplies out to gigabytes of network data when
> >>>>> counting the number of subscribers, even though many of those
> >>>>> subscribers are not actively participating in the thread. Sending a
> >>>>> URL to an image hosted externally uses much less bandwidth. Also, if
> >>>>> the problem is something that happens in a terminal window, it is less
> >>>>> bandwidth-intensive to just copy/paste the contents of the terminal
> >>>>> (as text) instead of attaching a screenshot to your email, and no less
> >>>>> informative.
> >>>>>
> >>>>> You may also try IRC; there, you can probably get faster turnaround
> >>>>> times than waiting for emails to bounce back and forth.
> >>>>> https://libvirt.org/contact.html#irc
> >>>>>
> >>>>> although at the end of the day, email is more persistent and reaches a
> >>>>> larger audience whereas IRC only reaches whoever is online at the time.
> >>>>>
> >>>>> --
> >>>>> Eric Blake, Principal Software Engineer
> >>>>> Red Hat, Inc.
> >>>>> Virtualization: qemu.org | libguestfs.org
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> Mario.
> >>>>
> >>>
> >>>
> >>> --
> >>> Mario.
> >>>
> >>
> >>
> >> --
> >> Mario.
> >>
> >
> >
> > --
> > Mario.
> >
>
>
> --
> Mario.
--
Mario.