Can RHEL7 VM run remote libvirt commands to Fedora36 host?

Carol Bouchard cbouchar at redhat.com
Mon Aug 1 11:11:20 UTC 2022 

I've attached output from lsof & systemctl commands.  I enabled
virtproxyd.service Friday which got
me past my problem but it is curious how I got into this if the default is
for proxy to be enabled.

On Mon, Aug 1, 2022 at 5:02 AM Martin Kletzander <mkletzan at redhat.com>
wrote:

> On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote:
> >I have a test environment that use to work but no longer does. My
> >laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are
> >RHEL7 (max libvirt version is 4.5.0). The source of my problem
> >seems to be that RHEL7 libvirt needs rw socket
> /var/run/libvirt/libvirt-sock
> >which no longer exists in fedora36.
> >
> >The following is successful from RHEL7 VM to laptop:
> >virsh -d0 --connect
> >'qemu+ssh://
> 192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro'
> >domstate beaker-test-vm1.beaker
> >
> >If I change the action from domstate to start, it fails on
> >error: Failed to start domain beaker-test-vm1.beaker
> >error: operation forbidden: read only access prevents virDomainCreate
> >which made me realize ro stands for read-only; however, there is no
> >libvirt-sock. I tried some of the other socket files without success.
> >Is there a work-around?
> >
>
> It is pretty weird that something is listening on the libvirt-sock-ro and
> not on
> libvirt-sock.  Could you run a quick lsof to figure out who's listening on
> libvirt-sock?  If it is systemd, then you have socket activation set up
> for the
> read-only socket *only* and you need to also enable libvirtd.socket.
> Something
> along the lines of:
>
>      systemctl enable --now libvirtd.socket libvirtd-ro.socket
>      systemctl stop libvirtd.service
>
> should suffice.
>
> You might also be running in the newer split daemon scenario and you have
> virtqemud running instead.  The service listening to libvirt socket might
> be for
> virtproxyd[0] instead and you might need to do the following instead:
>
>      systemctl enable --now virtproxyd.socket virtproxyd-ro.socket
>      systemctl stop virtproxyd.service
>
> To make sure try figuring out which systemd service/socket is associated
> with
> the socket, by running `systemctl status libvirtd virtproxyd`.
>
> Martin
>
> [0] https://libvirt.org/manpages/virtproxyd.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220801/2a2159fd/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: virt_lsof.out
Type: application/octet-stream
Size: 5836 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220801/2a2159fd/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: virt_systemctl.out
Type: application/octet-stream
Size: 2515 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220801/2a2159fd/attachment-0003.obj>

More information about the libvir-list mailing list