I'm having a go at writing some PHP scripts to do simple things like view the status of VMs running on my Ubuntu KVM host. I've installed php_libvirt_php but am failing at the first hurdle at the moment as I can't get the PHP script to connect. My normal way of connecting virsh from the command line is like this: $ virsh -c qemu+ssh://localhost/system This asks for a password which is fine as I'm doing it from the command line. I can't get a connection when I use other protocols: $ virsh -c qemu+tcp://192.168.0.103/system error: failed to connect to the hypervisor error: unable to connect to server at '192.168.0.103:16509': Connection refused I've tried using various $uri values for libvirt_connect but I get connection errors: $uri="qemu+tcp://localhost/system"; Connecting to libvirt (URI:qemu+tcp://localhost/system) *Warning*: libvirt_connect(): unable to connect to server at 'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on line *8* Libvirt last error: unable to connect to server at 'localhost:16509': Connection refused $uri="qemu://localhost/system"; Connecting to libvirt (URI:qemu://localhost/system) *Warning*: libvirt_connect(): Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory in */var/www/html/libvirt_test1.php* on line *8* Libvirt last error: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory $uri="qemu+tcp://localhost/system"; Connecting to libvirt (URI:qemu+tcp://localhost/system) *Warning*: libvirt_connect(): unable to connect to server at 'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on line *8* Libvirt last error: unable to connect to server at 'localhost:16509': Connection refused Presumably the answer is to 1) either allow connections that don't require SSH, or 2) somehow allow a password-less SSH connection from the www-data user that's running the PHP script. 2) sounds like it might be very difficult, and I don't know how to do 1) as I've only ever connected this way with SSH. Can anyone please provide some advise on getting this working.
Martin Kletzander
2016-Jun-12 06:30 UTC
Re: [libvirt-users] How to use PHP libvirt_connect?
On Sun, Jun 12, 2016 at 02:16:02PM +1000, Phill Edwards wrote:>I'm having a go at writing some PHP scripts to do simple things like view >the status of VMs running on my Ubuntu KVM host. > >I've installed php_libvirt_php but am failing at the first hurdle at the >moment as I can't get the PHP script to connect. > >My normal way of connecting virsh from the command line is like this: > >$ virsh -c qemu+ssh://localhost/system >This asks for a password which is fine as I'm doing it from the command >line. >First things first, why are you connecting through ssh to localhost? Why don't you just use the unix socket? qemu:///system should work perfectly fine. If not, then you can tweak the policykit settings or permissions for the unix socket in libvirtd.conf, based on your preference and/or system.>I can't get a connection when I use other protocols: > >$ virsh -c qemu+tcp://192.168.0.103/system >error: failed to connect to the hypervisor >error: unable to connect to server at '192.168.0.103:16509': Connection >refused >Both TCP and TLS must be configured in order to be available, they are not turned on by default. TCP is not turned on by default because you don't have users set up and without authentication it would be insecure; TLS is not turned on by default because you don't have any certificates to use. Look at libvirtd.conf for more information. Or our wiki.>I've tried using various $uri values for libvirt_connect but I get >connection errors: > >$uri="qemu+tcp://localhost/system"; >Connecting to libvirt (URI:qemu+tcp://localhost/system) >*Warning*: libvirt_connect(): unable to connect to server at >'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on >line *8* >Libvirt last error: unable to connect to server at 'localhost:16509': >Connection refused > >$uri="qemu://localhost/system"; >Connecting to libvirt (URI:qemu://localhost/system) >*Warning*: libvirt_connect(): Cannot read CA certificate >'/etc/pki/CA/cacert.pem': No such file or directory in >*/var/www/html/libvirt_test1.php* on line *8* >Libvirt last error: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No >such file or directory > >$uri="qemu+tcp://localhost/system"; >Connecting to libvirt (URI:qemu+tcp://localhost/system) >*Warning*: libvirt_connect(): unable to connect to server at >'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on >line *8* >Libvirt last error: unable to connect to server at 'localhost:16509': >Connection refused > > >Presumably the answer is to 1) either allow connections that don't require >SSH, or 2) somehow allow a password-less SSH connection from the www-data >user that's running the PHP script. 2) sounds like it might be very >difficult, and I don't know how to do 1) as I've only ever connected this >way with SSH. >If you need local access, use qemu:///system and just tune the settings for this to work; if you need remote setup, then either set up tls, ideally with sasl or something; or just set up password-less SSH (key without passphrase) for the user under with the script is running. It is as hard as running 'ssh-keygen && ssh-copy-id user@remote_hostname' as the PHP script user. the user in the command can be either root (not recommended) or some other user who has access to the libvirt socket on that remote host. Anyhow, if the machine you are trying to connect to is the same one on which the machines are running, just use qemu:///system.>Can anyone please provide some advise on getting this working.>_______________________________________________ >libvirt-users mailing list >libvirt-users@redhat.com >https://www.redhat.com/mailman/listinfo/libvirt-users