[libvirt-users] How to use PHP libvirt_connect?

Sun Jun 12 06:30:28 UTC 2016

On Sun, Jun 12, 2016 at 02:16:02PM +1000, Phill Edwards wrote:
>I'm having a go at writing some PHP scripts to do simple things like view
>the status of VMs running on my Ubuntu KVM host.
>
>I've installed php_libvirt_php but am failing at the first hurdle at the
>moment as I can't get the PHP script to connect.
>
>My normal way of connecting virsh from the command line is like this:
>
>$ virsh -c qemu+ssh://localhost/system
>This asks for a password which is fine as I'm doing it from the command
>line.
>

First things first, why are you connecting through ssh to localhost?
Why don't you just use the unix socket?  qemu:///system should work
perfectly fine.  If not, then you can tweak the policykit settings or
permissions for the unix socket in libvirtd.conf, based on your
preference and/or system.

>I can't get a connection when I use other protocols:
>
>$ virsh -c qemu+tcp://192.168.0.103/system
>error: failed to connect to the hypervisor
>error: unable to connect to server at '192.168.0.103:16509': Connection
>refused
>

Both TCP and TLS must be configured in order to be available, they are
not turned on by default.  TCP is not turned on by default because you
don't have users set up and without authentication it would be insecure;
TLS is not turned on by default because you don't have any certificates
to use.  Look at libvirtd.conf for more information.  Or our wiki.

>I've tried using various $uri values for libvirt_connect but I get
>connection errors:
>
>$uri="qemu+tcp://localhost/system";
>Connecting to libvirt (URI:qemu+tcp://localhost/system)
>*Warning*: libvirt_connect(): unable to connect to server at
>'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on
>line *8*
>Libvirt last error: unable to connect to server at 'localhost:16509':
>Connection refused
>
>$uri="qemu://localhost/system";
>Connecting to libvirt (URI:qemu://localhost/system)
>*Warning*: libvirt_connect(): Cannot read CA certificate
>'/etc/pki/CA/cacert.pem': No such file or directory in
>*/var/www/html/libvirt_test1.php* on line *8*
>Libvirt last error: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No
>such file or directory
>
>$uri="qemu+tcp://localhost/system";
>Connecting to libvirt (URI:qemu+tcp://localhost/system)
>*Warning*: libvirt_connect(): unable to connect to server at
>'localhost:16509': Connection refused in */var/www/html/libvirt_test1.php* on
>line *8*
>Libvirt last error: unable to connect to server at 'localhost:16509':
>Connection refused
>
>
>Presumably the answer is to 1) either allow connections that don't require
>SSH, or 2) somehow allow a password-less SSH connection from the www-data
>user that's running the PHP script. 2) sounds like it might be very
>difficult, and I don't know how to do 1) as I've only ever connected this
>way with SSH.
>

If you need local access, use qemu:///system and just tune the settings
for this to work; if you need remote setup, then either set up tls,
ideally with sasl or something; or just set up password-less SSH (key
without passphrase) for the user under with the script is running.  It
is as hard as running 'ssh-keygen && ssh-copy-id user at remote_hostname'
as the PHP script user.  the user in the command can be either root (not
recommended) or some other user who has access to the libvirt socket on
that remote host.  Anyhow, if the machine you are trying to connect to
is the same one on which the machines are running, just use
qemu:///system.

>Can anyone please provide some advise on getting this working.

>_______________________________________________
>libvirt-users mailing list
>libvirt-users at redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160612/2a3e176d/attachment.sig>