Carol Bouchard
2022-Jul-28 18:14 UTC
Can RHEL7 VM run remote libvirt commands to Fedora36 host?
I have a test environment that use to work but no longer does. My laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are RHEL7 (max libvirt version is 4.5.0). The source of my problem seems to be that RHEL7 libvirt needs rw socket /var/run/libvirt/libvirt-sock which no longer exists in fedora36. The following is successful from RHEL7 VM to laptop: virsh -d0 --connect 'qemu+ssh://192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro' domstate beaker-test-vm1.beaker If I change the action from domstate to start, it fails on error: Failed to start domain beaker-test-vm1.beaker error: operation forbidden: read only access prevents virDomainCreate which made me realize ro stands for read-only; however, there is no libvirt-sock. I tried some of the other socket files without success. Is there a work-around? Carol -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220728/e3b7d0b7/attachment.htm>
Martin Kletzander
2022-Aug-01 09:02 UTC
Can RHEL7 VM run remote libvirt commands to Fedora36 host?
On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote:>I have a test environment that use to work but no longer does. My >laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are >RHEL7 (max libvirt version is 4.5.0). The source of my problem >seems to be that RHEL7 libvirt needs rw socket /var/run/libvirt/libvirt-sock >which no longer exists in fedora36. > >The following is successful from RHEL7 VM to laptop: >virsh -d0 --connect >'qemu+ssh://192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro' >domstate beaker-test-vm1.beaker > >If I change the action from domstate to start, it fails on >error: Failed to start domain beaker-test-vm1.beaker >error: operation forbidden: read only access prevents virDomainCreate >which made me realize ro stands for read-only; however, there is no >libvirt-sock. I tried some of the other socket files without success. >Is there a work-around? >It is pretty weird that something is listening on the libvirt-sock-ro and not on libvirt-sock. Could you run a quick lsof to figure out who's listening on libvirt-sock? If it is systemd, then you have socket activation set up for the read-only socket *only* and you need to also enable libvirtd.socket. Something along the lines of: systemctl enable --now libvirtd.socket libvirtd-ro.socket systemctl stop libvirtd.service should suffice. You might also be running in the newer split daemon scenario and you have virtqemud running instead. The service listening to libvirt socket might be for virtproxyd[0] instead and you might need to do the following instead: systemctl enable --now virtproxyd.socket virtproxyd-ro.socket systemctl stop virtproxyd.service To make sure try figuring out which systemd service/socket is associated with the socket, by running `systemctl status libvirtd virtproxyd`. Martin [0] https://libvirt.org/manpages/virtproxyd.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220801/5ed38741/attachment.sig>