Martin Kletzander
2022-Aug-01 09:02 UTC
Can RHEL7 VM run remote libvirt commands to Fedora36 host?
On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote:>I have a test environment that use to work but no longer does. My >laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are >RHEL7 (max libvirt version is 4.5.0). The source of my problem >seems to be that RHEL7 libvirt needs rw socket /var/run/libvirt/libvirt-sock >which no longer exists in fedora36. > >The following is successful from RHEL7 VM to laptop: >virsh -d0 --connect >'qemu+ssh://192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro' >domstate beaker-test-vm1.beaker > >If I change the action from domstate to start, it fails on >error: Failed to start domain beaker-test-vm1.beaker >error: operation forbidden: read only access prevents virDomainCreate >which made me realize ro stands for read-only; however, there is no >libvirt-sock. I tried some of the other socket files without success. >Is there a work-around? >It is pretty weird that something is listening on the libvirt-sock-ro and not on libvirt-sock. Could you run a quick lsof to figure out who's listening on libvirt-sock? If it is systemd, then you have socket activation set up for the read-only socket *only* and you need to also enable libvirtd.socket. Something along the lines of: systemctl enable --now libvirtd.socket libvirtd-ro.socket systemctl stop libvirtd.service should suffice. You might also be running in the newer split daemon scenario and you have virtqemud running instead. The service listening to libvirt socket might be for virtproxyd[0] instead and you might need to do the following instead: systemctl enable --now virtproxyd.socket virtproxyd-ro.socket systemctl stop virtproxyd.service To make sure try figuring out which systemd service/socket is associated with the socket, by running `systemctl status libvirtd virtproxyd`. Martin [0] https://libvirt.org/manpages/virtproxyd.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220801/5ed38741/attachment.sig>
Carol Bouchard
2022-Aug-01 11:11 UTC
Can RHEL7 VM run remote libvirt commands to Fedora36 host?
I've attached output from lsof & systemctl commands. I enabled virtproxyd.service Friday which got me past my problem but it is curious how I got into this if the default is for proxy to be enabled. On Mon, Aug 1, 2022 at 5:02 AM Martin Kletzander <mkletzan at redhat.com> wrote:> On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote: > >I have a test environment that use to work but no longer does. My > >laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are > >RHEL7 (max libvirt version is 4.5.0). The source of my problem > >seems to be that RHEL7 libvirt needs rw socket > /var/run/libvirt/libvirt-sock > >which no longer exists in fedora36. > > > >The following is successful from RHEL7 VM to laptop: > >virsh -d0 --connect > >'qemu+ssh:// > 192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro' > >domstate beaker-test-vm1.beaker > > > >If I change the action from domstate to start, it fails on > >error: Failed to start domain beaker-test-vm1.beaker > >error: operation forbidden: read only access prevents virDomainCreate > >which made me realize ro stands for read-only; however, there is no > >libvirt-sock. I tried some of the other socket files without success. > >Is there a work-around? > > > > It is pretty weird that something is listening on the libvirt-sock-ro and > not on > libvirt-sock. Could you run a quick lsof to figure out who's listening on > libvirt-sock? If it is systemd, then you have socket activation set up > for the > read-only socket *only* and you need to also enable libvirtd.socket. > Something > along the lines of: > > systemctl enable --now libvirtd.socket libvirtd-ro.socket > systemctl stop libvirtd.service > > should suffice. > > You might also be running in the newer split daemon scenario and you have > virtqemud running instead. The service listening to libvirt socket might > be for > virtproxyd[0] instead and you might need to do the following instead: > > systemctl enable --now virtproxyd.socket virtproxyd-ro.socket > systemctl stop virtproxyd.service > > To make sure try figuring out which systemd service/socket is associated > with > the socket, by running `systemctl status libvirtd virtproxyd`. > > Martin > > [0] https://libvirt.org/manpages/virtproxyd.html >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220801/2a2159fd/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: virt_lsof.out Type: application/octet-stream Size: 5836 bytes Desc: not available URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220801/2a2159fd/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: virt_systemctl.out Type: application/octet-stream Size: 2515 bytes Desc: not available URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220801/2a2159fd/attachment-0001.obj>