Jean-Pierre Ribeauville
2016-Jan-08 13:30 UTC
Re: [libvirt-users] operation forbidden Read Only Access
Hi,
I found an answer :
Use virConnectOpenAuth() instead of virConnectOpenReadOnly().
As my piece of code is running silently (without user connected) , by using
virConnectOpenAuth() ,
is it possible to avoid to prompt user to get user /password ?
Thx.
J.P.
-----Message d'origine-----
De : libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com]
De la part de libvirt-users-request@redhat.com
Envoyé : vendredi 8 janvier 2016 12:51
À : libvirt-users@redhat.com
Objet : libvirt-users Digest, Vol 73, Issue 6
Send libvirt-users mailing list submissions to
libvirt-users@redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/libvirt-users
or, via email, send a message with subject or body 'help' to
libvirt-users-request@redhat.com
You can reach the person managing the list at
libvirt-users-owner@redhat.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of libvirt-users digest..."
Today's Topics:
1. Unable to retrieve Guest IP Addresses via libvirt API
(Jean-Pierre Ribeauville)
2. Re: Unable to retrieve Guest IP Addresses via libvirt API
(Martin Kletzander)
3. Re: Unable to retrieve Guest IP Addresses via libvirt API
(Jean-Pierre Ribeauville)
4. Re: libvirtd and polkit: internal error: No Unix Process ID
(Daniel P. Berrange)
5. operation forbidden Read Only Access (Jean-Pierre Ribeauville)
----------------------------------------------------------------------
Message: 1
Date: Thu, 7 Jan 2016 19:31:57 +0000
From: Jean-Pierre Ribeauville <jpribeauville@axway.com>
To: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: [libvirt-users] Unable to retrieve Guest IP Addresses via
libvirt API
Message-ID:
<1051EFB4D3A1704680C38CCAAC5836D292F01EF8@WPTXMAIL2.ptx.axway.int>
Content-Type: text/plain; charset="iso-8859-1"
Hi ,
Despite the fact that my Guest has an IP address , by running this piece of
code on a KVM host :
ifaces_count = F_virDomainInterfaceAddresses(domain,
&ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL);
ifaces_count = F_virDomainInterfaceAddresses(domain,
&ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL);
I'm not able to get a ifaces_count different from -1
Additionnaly :
- IP Addresses are not present within the xmldesc of this Guest.(not sure that
they should appear there)
I'm running libvirt-1.2.17-13.el7.x86_64
Did I misunderstood something ?
As ovirt manager shows the address correctly , it should be possible to get it
via libvirt ...
Thanks for help.
J.P. Ribeauville
P: +33.(0).1.47.17.20.49
.
Puteaux 3 Etage 5 Bureau 4
jpribeauville@axway.com<mailto:jpribeauville@axway.com>
http://www.axway.com<http://www.axway.com/>
P Pensez ? l'environnement avant d'imprimer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/libvirt-users/attachments/20160107/0a13702c/attachment.html>
------------------------------
Message: 2
Date: Fri, 8 Jan 2016 10:36:05 +0100
From: Martin Kletzander <mkletzan@redhat.com>
To: Jean-Pierre Ribeauville <jpribeauville@axway.com>
Cc: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via
libvirt API
Message-ID: <20160108093605.GL22332@wheatley>
Content-Type: text/plain; charset="iso-8859-1";
Format="flowed"
On Thu, Jan 07, 2016 at 07:31:57PM +0000, Jean-Pierre Ribeauville
wrote:>Hi ,
>
>Despite the fact that my Guest has an IP address , by running this piece of
code on a KVM host :
>
> ifaces_count = F_virDomainInterfaceAddresses(domain,
&ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL);
> ifaces_count = F_virDomainInterfaceAddresses(domain,
> &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL);
>
>
>I'm not able to get a ifaces_count different from -1
>
>
>Additionnaly :
>- IP Addresses are not present within the xmldesc of this Guest.(not
>sure that they should appear there)
>
>I'm running libvirt-1.2.17-13.el7.x86_64
>
>Did I misunderstood something ?
>
>As ovirt manager shows the address correctly , it should be possible to get
it via libvirt ...
>
Can you get them using virsh domifaddr? If yes, look at the code virsh uses.
If not, then it might be ovirt's workaround using their agent for older
qemu/libvirt/something combinations.
>Thanks for help.
>
>
>J.P. Ribeauville
>
>
>P: +33.(0).1.47.17.20.49
>.
>Puteaux 3 Etage 5 Bureau 4
>
>jpribeauville@axway.com<mailto:jpribeauville@axway.com>
>http://www.axway.com<http://www.axway.com/>
>
>
>
>P Pensez ? l'environnement avant d'imprimer.
>
>
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users@redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<https://www.redhat.com/archives/libvirt-users/attachments/20160108/81e4c217/attachment.bin>
------------------------------
Message: 3
Date: Fri, 8 Jan 2016 09:47:35 +0000
From: Jean-Pierre Ribeauville <jpribeauville@axway.com>
To: Martin Kletzander <mkletzan@redhat.com>
Cc: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via
libvirt API
Message-ID:
<1051EFB4D3A1704680C38CCAAC5836D292F01F48@WPTXMAIL2.ptx.axway.int>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
My piece of code is inspired from domifaddr one.
Virsh domifaddr doesn't return anything.
Then , it could be useful for me to have a look in ovirt sources to understand
how it deals with that.
As a workaround , it should be possible to combine a dumpxml to retrieve
Guest MAC addresses and then issue an "arp -an" to retrieve IP
adresses.
Regards,
J.P.
-----Message d'origine-----
De?: Martin Kletzander [mailto:mkletzan@redhat.com]
Envoy??: vendredi 8 janvier 2016 10:36
??: Jean-Pierre Ribeauville
Cc?: libvirt-users@redhat.com
Objet?: Re: [libvirt-users] Unable to retrieve Guest IP Addresses via libvirt
API
On Thu, Jan 07, 2016 at 07:31:57PM +0000, Jean-Pierre Ribeauville
wrote:>Hi ,
>
>Despite the fact that my Guest has an IP address , by running this piece of
code on a KVM host :
>
> ifaces_count = F_virDomainInterfaceAddresses(domain,
&ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE, NULL);
> ifaces_count = F_virDomainInterfaceAddresses(domain,
> &ifaces,VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT, NULL);
>
>
>I'm not able to get a ifaces_count different from -1
>
>
>Additionnaly :
>- IP Addresses are not present within the xmldesc of this Guest.(not
>sure that they should appear there)
>
>I'm running libvirt-1.2.17-13.el7.x86_64
>
>Did I misunderstood something ?
>
>As ovirt manager shows the address correctly , it should be possible to get
it via libvirt ...
>
Can you get them using virsh domifaddr? If yes, look at the code virsh uses.
If not, then it might be ovirt's workaround using their agent for older
qemu/libvirt/something combinations.
>Thanks for help.
>
>
>J.P. Ribeauville
>
>
>P: +33.(0).1.47.17.20.49
>.
>Puteaux 3 Etage 5 Bureau 4
>
>jpribeauville@axway.com<mailto:jpribeauville@axway.com>
>http://www.axway.com<http://www.axway.com/>
>
>
>
>P Pensez ? l'environnement avant d'imprimer.
>
>
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users@redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
------------------------------
Message: 4
Date: Fri, 8 Jan 2016 10:52:39 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
To: Benedikt Heine <benedikt@heine.rocks>
Cc: libvirt-users@redhat.com
Subject: Re: [libvirt-users] libvirtd and polkit: internal error: No
Unix Process ID
Message-ID: <20160108105239.GA14764@redhat.com>
Content-Type: text/plain; charset=utf-8
On Mon, Jan 04, 2016 at 03:44:10PM +0100, Benedikt Heine
wrote:> Hi all,
>
> I want to use libvirtd and polkit to create simple access
> restricitions for incoming TLS connections.
This is sadly not possible. polkit will only authenticate against unix users. I
filed an RFE long ago requesting for polkit to be generalized so that we could
use it against virtual (ie non-UNIX system) identities but it was rejected.
So effectively the libvirt polkit access control driver is only useful if
you're connecting to libvirt over UNIX sockets :-(
I really ought to get around to writing a custom libvirt access control driver
that works in all cases.....
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
------------------------------
Message: 5
Date: Fri, 8 Jan 2016 11:51:24 +0000
From: Jean-Pierre Ribeauville <jpribeauville@axway.com>
To: "libvirt-users@redhat.com" <libvirt-users@redhat.com>
Subject: [libvirt-users] operation forbidden Read Only Access
Message-ID:
<1051EFB4D3A1704680C38CCAAC5836D292F01F6A@WPTXMAIL2.ptx.axway.int>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
When issuing virDomainInterfaceAddresses() libvirt C language API, I got
following error:
libvirt: Domain Config error : operation forbidden: read only access prevents
virDomainInterfaceAddresses
How may I ask for a non-readonly connexion ? ( looks like to be RO by default)
Thx for help.
Regards,
J.P. Ribeauville
P: +33.(0).1.47.17.20.49
.
Puteaux 3 Etage 5 Bureau 4
jpribeauville@axway.com<mailto:jpribeauville@axway.com>
http://www.axway.com<http://www.axway.com/>
P Pensez ? l'environnement avant d'imprimer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/libvirt-users/attachments/20160108/96fce101/attachment.html>
------------------------------
_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
End of libvirt-users Digest, Vol 73, Issue 6
********************************************
Michal Privoznik
2016-Jan-11 12:07 UTC
Re: [libvirt-users] operation forbidden Read Only Access
On 08.01.2016 14:30, Jean-Pierre Ribeauville wrote:> Hi, > > I found an answer : > > Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). > > As my piece of code is running silently (without user connected) , by using virConnectOpenAuth() , > is it possible to avoid to prompt user to get user /password ?Yes it is. You basically need just to pass a callback that will supply credentials to libvirt. Does not matter how it gets it. You may want to read documentation: http://libvirt.org/html/libvirt-libvirt-host.html#virConnectOpenAuth or see the code for examples. Michal
Jean-Pierre Ribeauville
2016-Jan-11 12:16 UTC
Re: [libvirt-users] operation forbidden Read Only Access
Hi, Great if I'm able to avoid prompting the user. Thanks a lot. J.P. -----Message d'origine----- De : Michal Privoznik [mailto:mprivozn@redhat.com] Envoyé : lundi 11 janvier 2016 13:07 À : Jean-Pierre Ribeauville; libvirt-users@redhat.com Objet : Re: [libvirt-users] operation forbidden Read Only Access On 08.01.2016 14:30, Jean-Pierre Ribeauville wrote:> Hi, > > I found an answer : > > Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). > > As my piece of code is running silently (without user connected) , by > using virConnectOpenAuth() , is it possible to avoid to prompt user to get user /password ?Yes it is. You basically need just to pass a callback that will supply credentials to libvirt. Does not matter how it gets it. You may want to read documentation: http://libvirt.org/html/libvirt-libvirt-host.html#virConnectOpenAuth or see the code for examples. Michal