[Libvir] trouble using ssh tunnel for remote hypervisor

Daniel P. Berrange berrange at redhat.com
Wed Sep 26 22:06:05 UTC 2007 

On Wed, Sep 26, 2007 at 11:47:40PM +0200, Guillaume Rousse wrote:
> Hello.
> 
> I'm trying to use ssh tunnel for remote hypervisor access. However, I'm
> can't make it working...
> 
> [guillaume at oberkampf ~]$ LC_ALL=C virsh --connect
> xen+ssh://root@acacia.futurs.inria.fr list --all

You are missing a trailing '/' on the URI - when strip the hostname to
make the remote uri, we end up with xen:// which is rejected by libxml's
URI parser. Simply add a '/' after the hostname and you should be fine.

It is rather annoying that libxml's parser rejects uris only ending in
two /, but not three. We should probably automatically add an extra
trailing / if we find we only have two, because its a common mistake.

> libvir: error : could not connect to xen://
> error: failed to connect to the hypervisor
> error: no valid connection
> 
> On the remote host:
> [root at acacia ~]# libvirtd --verbose
> libvir: error : could not connect to xen://
> 
> It seems the error lies between libvirtd and the local hypervisor. And
> indeed, local usage of virsh with xen:// URLs fail:
> [root at acacia ~]# LC_ALL=C virsh -c xen:// list

Yep, xen:// is not a valid URI for libxml parser.

> libvir: error : could not connect to xen://
> error: failed to connect to the hypervisor
> error: no valid connection
> 
> Using xen:///, instead of xen://, as explained at
> http://libvirt.org/uri.html, is OK, despite a few error messages:
> [root at acacia ~]# LC_ALL=C virsh -c xen:/// list
> libvir: Remote error : No such file or directory
> libvir: warning : Failed to find the network: Is the daemon running ?

That is harmless unless you want to use the networking APIs.

> From the documentation, it seems xen:// transport implies TLS, and
> requires an host name, so it is quite normal it fails here (I didn't
> generated any certificate). But how can I force libvirtd to use xen:///
> transport then ? I don't see anything related in libvirt configuration
> documentation at http://libvirt.org/remote.html ? Neither about how to
> configure it for listening on unix transport, as explained in svn+ssh
> transport requirements on the same page (but I presume it is the default) ?

The daemon libvirtd will always listen for UNIX socket connections. You
have to explicitly turn on TCP support, after having setup certificates.
If using SSH, then we simply tunnel to the UNIX socket over SSH so all
you need do is start the libvirtd daemon on the remote host.

> Also, from where does those error and warning come ?
> [root at acacia ~]# LC_ALL=C virsh -c xen:/// list
> libvir: Remote error : No such file or directory
> libvir: warning : Failed to find the network: Is the daemon running ?

That is a sign that the libvirtd daemon is notrunning on the host in
questions.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the libvir-list mailing list