Can RHEL7 VM run remote libvirt commands to Fedora36 host?

Martin Kletzander mkletzan at redhat.com
Mon Aug 1 14:13:11 UTC 2022 

On Mon, Aug 01, 2022 at 07:11:20AM -0400, Carol Bouchard wrote:
>I've attached output from lsof & systemctl commands.  I enabled
>virtproxyd.service Friday which got
>me past my problem but it is curious how I got into this if the default is
>for proxy to be enabled.
>

Enabling virtproxyd.socket ought to be enough, no need for the service to run
when nobody is connected.  Looks like it is set up properly now, maybe it was
some misconfig or a stuck socket somewhere.

>On Mon, Aug 1, 2022 at 5:02 AM Martin Kletzander <mkletzan at redhat.com>
>wrote:
>
>> On Thu, Jul 28, 2022 at 02:14:30PM -0400, Carol Bouchard wrote:
>> >I have a test environment that use to work but no longer does. My
>> >laptop is Fedora36 (libvirt version 8.1.0.2) while the VMs it spawns are
>> >RHEL7 (max libvirt version is 4.5.0). The source of my problem
>> >seems to be that RHEL7 libvirt needs rw socket
>> /var/run/libvirt/libvirt-sock
>> >which no longer exists in fedora36.
>> >
>> >The following is successful from RHEL7 VM to laptop:
>> >virsh -d0 --connect
>> >'qemu+ssh://
>> 192.168.120.1/system?*socket*=/var/run/libvirt/libvirt-sock-ro'
>> >domstate beaker-test-vm1.beaker
>> >
>> >If I change the action from domstate to start, it fails on
>> >error: Failed to start domain beaker-test-vm1.beaker
>> >error: operation forbidden: read only access prevents virDomainCreate
>> >which made me realize ro stands for read-only; however, there is no
>> >libvirt-sock. I tried some of the other socket files without success.
>> >Is there a work-around?
>> >
>>
>> It is pretty weird that something is listening on the libvirt-sock-ro and
>> not on
>> libvirt-sock.  Could you run a quick lsof to figure out who's listening on
>> libvirt-sock?  If it is systemd, then you have socket activation set up
>> for the
>> read-only socket *only* and you need to also enable libvirtd.socket.
>> Something
>> along the lines of:
>>
>>      systemctl enable --now libvirtd.socket libvirtd-ro.socket
>>      systemctl stop libvirtd.service
>>
>> should suffice.
>>
>> You might also be running in the newer split daemon scenario and you have
>> virtqemud running instead.  The service listening to libvirt socket might
>> be for
>> virtproxyd[0] instead and you might need to do the following instead:
>>
>>      systemctl enable --now virtproxyd.socket virtproxyd-ro.socket
>>      systemctl stop virtproxyd.service
>>
>> To make sure try figuring out which systemd service/socket is associated
>> with
>> the socket, by running `systemctl status libvirtd virtproxyd`.
>>
>> Martin
>>
>> [0] https://libvirt.org/manpages/virtproxyd.html
>>



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220801/cd8049fe/attachment.sig>

More information about the libvir-list mailing list