Jean-Pierre Ribeauville
2016-Jan-08 13:30 UTC
Re: [libvirt-users] operation forbidden Read Only Access
Hi, I found an answer : Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). As my piece of code is running silently (without user connected) , by using virConnectOpenAuth() , is it possible to avoid to prompt user to get user /password ? Thx. J.P. -----Message d'origine----- De : libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] De la part de libvirt-users-request@redhat.com Envoyé : vendredi 8 janvier 2016 12:51 À : libvirt-users@redhat.com Objet : libvirt-users Digest, Vol 73, Issue 6 Send libvirt-users mailing list submissions to libvirt-users@redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/libvirt-users or, via email, send a message with subject or body 'help' to libvirt-users-request@redhat.com You can reach the person managing the list at libvirt-users-owner@redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of libvirt-users digest..." Today's Topics: 1. Unable to retrieve Guest IP Addresses via libvirt API (Jean-Pierre Ribeauville) 2. Re: Unable to retrieve Guest IP Addresses via libvirt API (Martin Kletzander) 3. Re: Unable to retrieve Guest IP Addresses via libvirt API (Jean-Pierre Ribeauville) 4. Re: libvirtd and polkit: internal error: No Unix Process ID (Daniel P. Berrange) 5. operation forbidden Read Only Access (Jean-Pierre Ribeauville) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 Jan 2016 19:31:57 +0000 From: Jean-Pierre Ribeauville <jpribeauville@axway.com> To: "libvirt-users@redhat.com" <libvirt-users@redhat.com> Subject: [libvirt-users] Unable to retrieve Guest IP Addresses via libvirt API Message-ID: <1051EFB4D3A1704680C38CCAAC5836D292F01EF8@WPTXMAIL2.ptx.axway.int> Content-Type: text/plain; charset="iso-8859-1" Hi , Despite the fact that my Guest has an IP address , by running this piece of code on a KVM host : ifaces_count = F_virDomainInterfaceAddresses(domain, &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL); ifaces_count = F_virDomainInterfaceAddresses(domain, &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL); I'm not able to get a ifaces_count different from -1 Additionnaly : - IP Addresses are not present within the xmldesc of this Guest.(not sure that they should appear there) I'm running libvirt-1.2.17-13.el7.x86_64 Did I misunderstood something ? As ovirt manager shows the address correctly , it should be possible to get it via libvirt ... Thanks for help. J.P. Ribeauville P: +33.(0).1.47.17.20.49 . Puteaux 3 Etage 5 Bureau 4 jpribeauville@axway.com<mailto:jpribeauville@axway.com> http://www.axway.com<http://www.axway.com/> P Pensez ? l'environnement avant d'imprimer. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/libvirt-users/attachments/20160107/0a13702c/attachment.html> ------------------------------ Message: 2 Date: Fri, 8 Jan 2016 10:36:05 +0100 From: Martin Kletzander <mkletzan@redhat.com> To: Jean-Pierre Ribeauville <jpribeauville@axway.com> Cc: "libvirt-users@redhat.com" <libvirt-users@redhat.com> Subject: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via libvirt API Message-ID: <20160108093605.GL22332@wheatley> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" On Thu, Jan 07, 2016 at 07:31:57PM +0000, Jean-Pierre Ribeauville wrote:>Hi , > >Despite the fact that my Guest has an IP address , by running this piece of code on a KVM host : > > ifaces_count = F_virDomainInterfaceAddresses(domain, &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL); > ifaces_count = F_virDomainInterfaceAddresses(domain, > &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL); > > >I'm not able to get a ifaces_count different from -1 > > >Additionnaly : >- IP Addresses are not present within the xmldesc of this Guest.(not >sure that they should appear there) > >I'm running libvirt-1.2.17-13.el7.x86_64 > >Did I misunderstood something ? > >As ovirt manager shows the address correctly , it should be possible to get it via libvirt ... >Can you get them using virsh domifaddr? If yes, look at the code virsh uses. If not, then it might be ovirt's workaround using their agent for older qemu/libvirt/something combinations.>Thanks for help. > > >J.P. Ribeauville > > >P: +33.(0).1.47.17.20.49 >. >Puteaux 3 Etage 5 Bureau 4 > >jpribeauville@axway.com<mailto:jpribeauville@axway.com> >http://www.axway.com<http://www.axway.com/> > > > >P Pensez ? l'environnement avant d'imprimer. > > >>_______________________________________________ >libvirt-users mailing list >libvirt-users@redhat.com >https://www.redhat.com/mailman/listinfo/libvirt-users-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <https://www.redhat.com/archives/libvirt-users/attachments/20160108/81e4c217/attachment.bin> ------------------------------ Message: 3 Date: Fri, 8 Jan 2016 09:47:35 +0000 From: Jean-Pierre Ribeauville <jpribeauville@axway.com> To: Martin Kletzander <mkletzan@redhat.com> Cc: "libvirt-users@redhat.com" <libvirt-users@redhat.com> Subject: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via libvirt API Message-ID: <1051EFB4D3A1704680C38CCAAC5836D292F01F48@WPTXMAIL2.ptx.axway.int> Content-Type: text/plain; charset="iso-8859-1" Hi, My piece of code is inspired from domifaddr one. Virsh domifaddr doesn't return anything. Then , it could be useful for me to have a look in ovirt sources to understand how it deals with that. As a workaround , it should be possible to combine a dumpxml to retrieve Guest MAC addresses and then issue an "arp -an" to retrieve IP adresses. Regards, J.P. -----Message d'origine----- De?: Martin Kletzander [mailto:mkletzan@redhat.com] Envoy??: vendredi 8 janvier 2016 10:36 ??: Jean-Pierre Ribeauville Cc?: libvirt-users@redhat.com Objet?: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via libvirt API On Thu, Jan 07, 2016 at 07:31:57PM +0000, Jean-Pierre Ribeauville wrote:>Hi , > >Despite the fact that my Guest has an IP address , by running this piece of code on a KVM host : > > ifaces_count = F_virDomainInterfaceAddresses(domain, &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL); > ifaces_count = F_virDomainInterfaceAddresses(domain, > &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL); > > >I'm not able to get a ifaces_count different from -1 > > >Additionnaly : >- IP Addresses are not present within the xmldesc of this Guest.(not >sure that they should appear there) > >I'm running libvirt-1.2.17-13.el7.x86_64 > >Did I misunderstood something ? > >As ovirt manager shows the address correctly , it should be possible to get it via libvirt ... >Can you get them using virsh domifaddr? If yes, look at the code virsh uses. If not, then it might be ovirt's workaround using their agent for older qemu/libvirt/something combinations.>Thanks for help. > > >J.P. Ribeauville > > >P: +33.(0).1.47.17.20.49 >. >Puteaux 3 Etage 5 Bureau 4 > >jpribeauville@axway.com<mailto:jpribeauville@axway.com> >http://www.axway.com<http://www.axway.com/> > > > >P Pensez ? l'environnement avant d'imprimer. > > >>_______________________________________________ >libvirt-users mailing list >libvirt-users@redhat.com >https://www.redhat.com/mailman/listinfo/libvirt-users------------------------------ Message: 4 Date: Fri, 8 Jan 2016 10:52:39 +0000 From: "Daniel P. Berrange" <berrange@redhat.com> To: Benedikt Heine <benedikt@heine.rocks> Cc: libvirt-users@redhat.com Subject: Re: [libvirt-users] libvirtd and polkit: internal error: No Unix Process ID Message-ID: <20160108105239.GA14764@redhat.com> Content-Type: text/plain; charset=utf-8 On Mon, Jan 04, 2016 at 03:44:10PM +0100, Benedikt Heine wrote:> Hi all, > > I want to use libvirtd and polkit to create simple access > restricitions for incoming TLS connections.This is sadly not possible. polkit will only authenticate against unix users. I filed an RFE long ago requesting for polkit to be generalized so that we could use it against virtual (ie non-UNIX system) identities but it was rejected. So effectively the libvirt polkit access control driver is only useful if you're connecting to libvirt over UNIX sockets :-( I really ought to get around to writing a custom libvirt access control driver that works in all cases..... Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ------------------------------ Message: 5 Date: Fri, 8 Jan 2016 11:51:24 +0000 From: Jean-Pierre Ribeauville <jpribeauville@axway.com> To: "libvirt-users@redhat.com" <libvirt-users@redhat.com> Subject: [libvirt-users] operation forbidden Read Only Access Message-ID: <1051EFB4D3A1704680C38CCAAC5836D292F01F6A@WPTXMAIL2.ptx.axway.int> Content-Type: text/plain; charset="iso-8859-1" Hi, When issuing virDomainInterfaceAddresses() libvirt C language API, I got following error: libvirt: Domain Config error : operation forbidden: read only access prevents virDomainInterfaceAddresses How may I ask for a non-readonly connexion ? ( looks like to be RO by default) Thx for help. Regards, J.P. Ribeauville P: +33.(0).1.47.17.20.49 . Puteaux 3 Etage 5 Bureau 4 jpribeauville@axway.com<mailto:jpribeauville@axway.com> http://www.axway.com<http://www.axway.com/> P Pensez ? l'environnement avant d'imprimer. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/libvirt-users/attachments/20160108/96fce101/attachment.html> ------------------------------ _______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users End of libvirt-users Digest, Vol 73, Issue 6 ********************************************
Michal Privoznik
2016-Jan-11 12:07 UTC
Re: [libvirt-users] operation forbidden Read Only Access
On 08.01.2016 14:30, Jean-Pierre Ribeauville wrote:> Hi, > > I found an answer : > > Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). > > As my piece of code is running silently (without user connected) , by using virConnectOpenAuth() , > is it possible to avoid to prompt user to get user /password ?Yes it is. You basically need just to pass a callback that will supply credentials to libvirt. Does not matter how it gets it. You may want to read documentation: http://libvirt.org/html/libvirt-libvirt-host.html#virConnectOpenAuth or see the code for examples. Michal
Jean-Pierre Ribeauville
2016-Jan-11 12:16 UTC
Re: [libvirt-users] operation forbidden Read Only Access
Hi, Great if I'm able to avoid prompting the user. Thanks a lot. J.P. -----Message d'origine----- De : Michal Privoznik [mailto:mprivozn@redhat.com] Envoyé : lundi 11 janvier 2016 13:07 À : Jean-Pierre Ribeauville; libvirt-users@redhat.com Objet : Re: [libvirt-users] operation forbidden Read Only Access On 08.01.2016 14:30, Jean-Pierre Ribeauville wrote:> Hi, > > I found an answer : > > Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). > > As my piece of code is running silently (without user connected) , by > using virConnectOpenAuth() , is it possible to avoid to prompt user to get user /password ?Yes it is. You basically need just to pass a callback that will supply credentials to libvirt. Does not matter how it gets it. You may want to read documentation: http://libvirt.org/html/libvirt-libvirt-host.html#virConnectOpenAuth or see the code for examples. Michal
Possibly Parallel Threads
- Unable to retrieve Guest IP Addresses via libvirt API
- Re: Unable to retrieve Guest IP Addresses via libvirt API
- Re: libvirt-users Digest, Vol 73, Issue 12 ] Failure when attaching a device
- operation forbidden Read Only Access
- Re: On which /dev/pts/x is channel source