Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#510235: libvirt-bin: virt-manager unable to connect to libvirtd as r/w (full VM management) on a local connection

381 views
Skip to first unread message

Miguel Enrique Cobá Martínez

unread,
Dec 30, 2008, 1:30:10 PM12/30/08
to
Package: libvirt-bin
Version: 0.4.6-10
Severity: grave
Justification: renders package unusable

*** Please type your report below this line ***

After the upgrade of libvirt-bin from 0.4.6-9 to 0.4.6-10 virt-manager
cannot connect to libvirtd using the r/w socket on a local connection.

The changelog date is:

-- Guido Günther <a...@sigxcpu.org> Thu, 18 Dec 2008 16:59:45 +0100

With the previous version it had no problems. I have tested with my
previous config and as a fresh install of libvirt-bin and kvm. Same error:

The error shown is:

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/engine.py", line 472, in
run_domain
vm.startup()
File "/usr/share/virt-manager/virtManager/domain.py", line 379, in
startup
self.vm.create()
File "/usr/lib/python2.5/site-packages/libvirt.py", line 262, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: operation virDomainCreate forbidden for read only access

My libvirtd.conf is the default from package install, the only enabled
options are (all the other are in their default state):

unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

/etc/group:
libvirt:x:113:miguel

My groups:
miguel@laptop:~$ groups
miguel dialout cdrom floppy audio video plugdev netdev powerdev libvirt

I'm not using tls, tcp, sals or policykit. Just the normal socket
connection with group authentication for normal users. The user I'm
trying to connect with is part of the libvirt group.

How to reproduce:
Install kvm and virt-manager, with all its dependencies:

# aptitude install kvm virt-manager

Verify that the libvirtd daemon is running with the default config:

# ps ax| grep libvirtd

Add a normal user to the libvirtd group (miguel in this case):

# adduser miguel libvirtd

As the normal user run virt-manager (from command line or from menu):

# virt-manager

You can only see the VMs (R/O mode: monitoring VM status only). That is,
you cannot start/stop/pause the VM (R/W mode: full VM management). In
the previous version you could.

Now, as root, and using virsh you can start and stop the VM:

laptop:~# virsh start WindowsXP
Domain WindowsXP started

laptop:~# virsh shutdown WindowsXP
Domain WindowsXP is being shutdown

The VM start and stop correctly and I can view it and use it with
virt-manager (in R/O mode)

But as normal user you can't start it:

miguel@laptop:~$ virsh start WindowsXP
Cannot set group when not running as root
libvir: QEMU error : Domain not found
libvir: QEMU error : Domain not found
error: failed to get domain 'WindowsXP'

Another thing I noticed, the previous version used to start the dnsmasq
automatically (I had ENABLED=0 in /etc/default/dnsmasq). This versión
doesn't start dnsmasq and therefore denies network capabilities to the VMs.

Workaround:

Kind of workaround. You can start the VM as root when you need them.
Also you can mark them for autostart in Details|Hardware|Boot
Options|Autostart VM.
But there will be no network unless you can start properly dnsmasq to
handle it.


-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_MX.UTF-8, LC_CTYPE=es_MX.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libvirt-bin depends on:
ii adduser 3.110 add and remove users and groups
ii libavahi-client3 0.6.22-3 Avahi client library
ii libavahi-common3 0.6.22-3 Avahi common library
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.1-4 simple interprocess
messaging syst
ii libgcrypt11 1.4.1-1 LGPL Crypto library -
runtime libr
ii libgnutls26 2.4.2-4 the GNU TLS library -
runtime libr
ii libgpg-error0 1.4-2 library for common error
values an
ii libpolkit-dbus2 0.8-2 library for accessing
PolicyKit vi
ii libpolkit2 0.8-2 library for accessing PolicyKit
ii libreadline5 5.2-3 GNU readline and history
libraries
ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication
abstra
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libtasn1-3 1.4-1 Manage ASN.1 structures
(runtime)
ii libvirt0 0.4.6-10 library for interfacing
with diffe
ii libxenstore3.0 3.2.1-2 Xenstore communications
library fo
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii logrotate 3.7.1-5 Log rotation utility
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages libvirt-bin recommends:
ii bridge-utils 1.4-5 Utilities for configuring
the Linu
ii dnsmasq 2.45-1 A small caching DNS proxy
and DHCP
ii iptables 1.4.1.1-3 administration tools for
packet fi
ii netcat-openbsd 1.89-3 TCP/IP swiss army knife
ii qemu 0.9.1-8 fast processor emulator

Versions of packages libvirt-bin suggests:
pn policykit <none> (no description available)

-- no debconf information

--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Miguel Enrique Cobá Martínez

unread,
Dec 30, 2008, 2:30:12 PM12/30/08
to
Guido Günther wrote:
> I'm using the same setup and it works fine here.

>
> On Tue, Dec 30, 2008 at 12:22:04PM -0600, Miguel Enrique Cobá Martínez wrote:
>> unix_sock_group = "libvirt"
>> unix_sock_rw_perms = "0770"
>> auth_unix_ro = "none"
>> auth_unix_rw = "none"
> It seems you can't access the rw socket.

Yep, that was my first idea too.

>
> You can also try:
> cat /var/run/libvirt/libvirt-sock
> It should give "cat: /var/run/libvirt/libvirt-sock-ro: No such device or
> address" not "permission denied".
>
Sorry, I had already test this, just not reported it. It appears ok:

miguel@laptop:~$ ls -alh /var/run/libvirt/libvirt-sock*
srwxrwx--- 1 root libvirt 0 dic 30 12:03 /var/run/libvirt/libvirt-sock
srwxrwxrwx 1 root libvirt 0 dic 30 12:03 /var/run/libvirt/libvirt-sock-ro
miguel@laptop:~$ cat /var/run/libvirt/libvirt-sock
cat: /var/run/libvirt/libvirt-sock: No existe el dispositivo o la dirección
miguel@laptop:~$ cat /var/run/libvirt/libvirt-sock-ro
cat: /var/run/libvirt/libvirt-sock-ro: No existe el dispositivo o la
dirección

That is equivalent to the message "No such device or address".


> [..snip..]

>> Verify that the libvirtd daemon is running with the default config:
>>
>> # ps ax| grep libvirtd

> No output here? This is wrong.

Here was my fault too. I forgot to paste the output. The daemon is
indeed running:

miguel@laptop:~$ ps ax|grep libvirtd
3452 ? S 0:01 /usr/sbin/libvirtd -d
4786 pts/0 R+ 0:00 grep libvirtd


>
> [..snip..]


>> You can only see the VMs (R/O mode: monitoring VM status only). That is,
>> you cannot start/stop/pause the VM (R/W mode: full VM management). In
>> the previous version you could.
>>
>> Now, as root, and using virsh you can start and stop the VM:
>>
>> laptop:~# virsh start WindowsXP
>> Domain WindowsXP started
>>
>> laptop:~# virsh shutdown WindowsXP
>> Domain WindowsXP is being shutdown
>>
>> The VM start and stop correctly and I can view it and use it with
>> virt-manager (in R/O mode)
>>
>> But as normal user you can't start it:
>>
>> miguel@laptop:~$ virsh start WindowsXP
>> Cannot set group when not running as root
>> libvir: QEMU error : Domain not found
>> libvir: QEMU error : Domain not found
>> error: failed to get domain 'WindowsXP'

> Try "virsh -c qemu:///system".

That worked!

Welcome to virsh, the virtualization interactive terminal.

Type: 'help' for help with commands
'quit' to quit

virsh # list
Id Name State
----------------------------------

virsh # start WindowsXP
Domain WindowsXP started

After that I can see the VM started using virt-manager. Regardless, the
problem remains, with virt-manager I can't start a VM or stop it. I must
use virsh. The buttons from the popup menu from virt-manager for
start/stop/pause are disabled.

I also have tried removing the connection to localhost from
virt-manager, but after rerunning virt-manager, the same problem happens.

>
>> Another thing I noticed, the previous version used to start the dnsmasq
>> automatically (I had ENABLED=0 in /etc/default/dnsmasq). This versión
>> doesn't start dnsmasq and therefore denies network capabilities to the VMs.

> This again is an indication that you're mixing access to qemu:///system
> and qemu:///session.
>
> Please make sure you use either --connect=qemu:///system (connect to
> daemon started via /etc/init.d/libvirt-bin) or --connect=qemu:///session
> (started as user) and retest with virsh and virt-manager.
>
> Which version of virt-manager is this? I'm using 0.6.0-6.


I'm in a clean lenny using virt-manager 0.5.4-4

> Cheers,
> -- Guido
>
>

As for the symptoms, it appears that the problem is not libvirtd (at
least refering the startup/shutdown of VM, the dnsmasq problem remains)
but the way that virt-manager connects to it.

Miguel Cobá

Guido Günther

unread,
Dec 31, 2008, 8:20:10 AM12/31/08
to
On Wed, Dec 31, 2008 at 01:50:09PM +0100, Guido Günther wrote:
> tags 510235 + patch
>
> On Wed, Dec 31, 2008 at 01:20:33PM +0100, Guido Günther wrote:
> > The check in virt-manager is bogus anyways since you don't use policykit
> > but that's a different issue. I'll fix that.
> Attached patch fixes the issue for me.
Attached now.
-- Guido
0001-update-policy-file-location.patch

Davis Yokana

unread,
Jan 3, 2009, 12:40:11 AM1/3/09
to
I am getting these msgs when I try to connect to localhost in
virt-manager:

Unable to open connection to hypervisor URI 'xen:///':
<class 'libvirt.libvirtError'> internal error failed to connect to xend


Traceback (most recent call last):

File "/usr/share/virt-manager/virtManager/connection.py", line 486, in
_open_thread
None], flags)
File "/usr/lib/python2.5/site-packages/libvirt.py", line 99, in
openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: internal error failed to connect to xend

I followed the instructions to connect to sid and upgrade,

aptitude update && aptitude install -t sid kvm virt-manager\
libvirt-bin libvirt0 virtinst dnsmasq dnsmasq-base

then set ENABLE=0 in /etc/default/dnsmasq. This does not solve this issue. I do not have kvm installed - does virt-manager require it?

These versions are installed:
virt-manager 0.6.0-6
virtinst 0.400.0-7

Sincerely,

-Davis Yokana

Guido Günther

unread,
Jan 3, 2009, 9:10:08 AM1/3/09
to
On Fri, Jan 02, 2009 at 09:32:58PM -0800, Davis Yokana wrote:
> I am getting these msgs when I try to connect to localhost in
> virt-manager:
>
> Unable to open connection to hypervisor URI 'xen:///':
> <class 'libvirt.libvirtError'> internal error failed to connect to xend
> Traceback (most recent call last):
This is unrelated to the issues in this bug. You don't have the
necessary permissions to connect to xend.

> File "/usr/share/virt-manager/virtManager/connection.py", line 486, in
> _open_thread
> None], flags)
> File "/usr/lib/python2.5/site-packages/libvirt.py", line 99, in
> openAuth
> if ret is None:raise libvirtError('virConnectOpenAuth() failed')
> libvirtError: internal error failed to connect to xend
>
> I followed the instructions to connect to sid and upgrade,

No need to, everything needed is in Lenny.

Have a look at /usr/share/doc/libvirt-bin/README.Debian and please make
sure you can connect via:

virsh -c xen:///

to you xen instances. If virt-manager then still fails, please report
back.
Cheers,
-- Guido

0 new messages