Permissions problem trying to connect with libvirtd
Hello! I have an openSUSE machine running libvirtd which I would like to connect to with virt-manager. However, despite already being a member of the libvirt group and the libvirt-sock* sockets in /run/libvirt having the necessary permissions: glaubitz@XXX:/run/libvirt> ls -l *sock* srw------- 1 root root 0 Aug 21 14:20 libvirt-admin-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock-ro srw------- 1 root root 0 Aug 21 14:20 virtlockd-sock srw------- 1 root root 0 Aug 21 14:20 virtlogd-sock glaubitz@XXX:/run/libvirt> I'm still unable to connect, see below. Has anyone an idea what other permissions I have to fix? Do I also need access to the libvirt-admin-sock? Thanks, Adrian ================================================================================= Unable to connect to libvirt qemu+ssh://XXX/system. error from service: CheckAuthorization: Failed to activate service 'org.freedesktop.PolicyKit1': timed out (service_start_timeout=25000ms) Verify that the 'libvirtd' daemon is running on the remote host. Libvirt URI is: qemu+ssh://XXX/system Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 924, in _do_open self._backend.open(cb, data) File "/usr/share/virt-manager/virtinst/connection.py", line 153, in open conn = libvirt.openAuth(self._open_uri, File "/usr/lib64/python3.8/site-packages/libvirt.py", line 148, in openAuth raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: error from service: CheckAuthorization: Failed to activate service 'org.freedesktop.PolicyKit1': timed out (service_start_timeout=25000ms)
W dniu 18.10.2021 o 13:52, John Paul Adrian Glaubitz pisze:
glaubitz@XXX:/run/libvirt> ls -l *sock* srw------- 1 root root 0 Aug 21 14:20 libvirt-admin-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock-ro srw------- 1 root root 0 Aug 21 14:20 virtlockd-sock srw------- 1 root root 0 Aug 21 14:20 virtlogd-sock glaubitz@XXX:/run/libvirt>
On my systems the socket permissions look exactly the same and connection works correctly. So it seems it's not a problem with sockets.
On Monday, October 18, 2021 2:58:32 PM CEST Adam Mizerski wrote:
W dniu 18.10.2021 o 13:52, John Paul Adrian Glaubitz pisze:
glaubitz@XXX:/run/libvirt> ls -l *sock* srw------- 1 root root 0 Aug 21 14:20 libvirt-admin-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock-ro srw------- 1 root root 0 Aug 21 14:20 virtlockd-sock srw------- 1 root root 0 Aug 21 14:20 virtlogd-sock glaubitz@XXX:/run/libvirt>
On my systems the socket permissions look exactly the same and connection works correctly. So it seems it's not a problem with sockets.
IIRC you need to add the user into the libvirtd group. I think that YaST is doing that automatically. Also, IIRC this was documented in the openSUSE virtualization book, but I do not see that anymore. -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
Hi Alberto! On 10/18/21 15:03, Alberto Planas wrote:
IIRC you need to add the user into the libvirtd group. I think that YaST is doing that automatically.
Also, IIRC this was documented in the openSUSE virtualization book, but I do not see that anymore.
I found this:
https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtual...
I'll ask the server admin to try that. Adrian
On Monday, October 18, 2021 3:09:12 PM CEST John Paul Adrian Glaubitz wrote:
Also, IIRC this was documented in the openSUSE virtualization book, but I do not see that anymore.
I found this:
https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtu alization/cha-libvirt-connect.html#sec-libvirt-connect-auth-libvirt-tradit ional I'll ask the server admin to try that.
Ah confirmed. That is the one, and how I have my libvirtd running in my system. -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
Hi Adam! On 10/18/21 14:58, Adam Mizerski wrote:
W dniu 18.10.2021 o 13:52, John Paul Adrian Glaubitz pisze:
glaubitz@XXX:/run/libvirt> ls -l *sock* srw------- 1 root root 0 Aug 21 14:20 libvirt-admin-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock-ro srw------- 1 root root 0 Aug 21 14:20 virtlockd-sock srw------- 1 root root 0 Aug 21 14:20 virtlogd-sock glaubitz@XXX:/run/libvirt>
On my systems the socket permissions look exactly the same and connection works correctly. So it seems it's not a problem with sockets.
Thanks for the feedback. To be sure, do you connect as root or as a regular user? And which libvirt systemd services are running on your server? Thanks, Adrian
W dniu 18.10.2021 o 15:03, John Paul Adrian Glaubitz pisze:
Hi Adam!
On 10/18/21 14:58, Adam Mizerski wrote:
W dniu 18.10.2021 o 13:52, John Paul Adrian Glaubitz pisze:
glaubitz@XXX:/run/libvirt> ls -l *sock* srw------- 1 root root 0 Aug 21 14:20 libvirt-admin-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock srw-rw-rw- 1 root root 0 Aug 21 14:20 libvirt-sock-ro srw------- 1 root root 0 Aug 21 14:20 virtlockd-sock srw------- 1 root root 0 Aug 21 14:20 virtlogd-sock glaubitz@XXX:/run/libvirt>
On my systems the socket permissions look exactly the same and connection works correctly. So it seems it's not a problem with sockets.
Thanks for the feedback. To be sure, do you connect as root or as a regular user? And which libvirt systemd services are running on your server?
Thanks, Adrian
I connect as a regular user that belongs to libvirt group. All I did was "sudo systemctl enable --now libvirtd.service" - it automatically enables libvirtd.socket, libvirtd-ro.socket and libvirtd-admin.socket. Also, I did no changes to /etc/libvirtd.
participants (3)
-
Adam Mizerski -
Alberto Planas -
John Paul Adrian Glaubitz