[libvirt-users] Failed to launch libvirt 1.2.7
by Marina Danial
Hello,
I am currently working on Redhat 6 - Kernel 2.6.32-358.el6.x86_64. It has
by default libvirt 0.10.2.
I wanted version 1.2.7. So I downloaded this and libvirt-1.2.7.tar.gz and I
followed the following steps:
1. ./configure (with its default settings)
2. make
3. make install
Currently, the installation is in: /usr/local
and the source tree is in /export/home/libvirt.
I stopped the previously installed daemon so that the new one takes effect.
I launched the daemon from /export/home/libvirt/daemon/libvirtd -d.
However every time I launch the C++ code, this message appears:
libvir: XML-RPC error : Failed to connect socket to
'/var/run/libvirt/libvirt-sock': No such file or directory
Failed to open connection to qemu:///system
My questions are:
1. How can I launch the daemon from the source tree? It does not behave as
it should when it is launched from /etc/init.d
2. How can any application e.g. virt-manager look at the new paths of the
newly installed libvirt?
3. How can I get libvirt to work from the source tree as if it was
originally installed in Redhat?
Thanks
Marina
8 years, 2 months
[libvirt-users] security BPC
by Michael Ströder
HI!
Disclaimer:
I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
Is there any documentation describing how to harden libvirt/qemu-kvm installations?
Escpecially how to improve isolation of VMs:
- secure time sync (with or without ntpd?)
- random number generation
- running VMs as different host OS users
I do not need general OS hardening advice.
Ciao, Michael.
8 years, 2 months
[libvirt-users] Passing "migratable=no" to qemu in domain's XML
by Žilvinas Žaltiena
Hi,
I want to use Invariant TSC with qemu, and to do that qemu must get the
following args: "-cpu host,migratable=no,+invtsc". invtsc works only if
migratable=no is passed too.
The "+invtsc" part is sucessfully handled by using
<feature name="invtsc"/>
inside domain's XML, however I don't how/where to put the
"migratable=no" there.
Is there an elegant way to pass "migratable=no" to qemu via domain's XML
without using <qemu:arg/> tags?
8 years, 2 months
[libvirt-users] Libvirt newer than 2.1.0 doesnt start up
by Rene Pasing
Hi all,
I have some problems with libvirt >2.1.0 (so 2.2.0 and 2.3.0): I have a
working environment using libvirt 2.1.0 with 1 domain (called "mail")
and one network (called "default6"), both are autostarted. I have no
problems with this environment using libvirt 2.1.0, everything works great.
But after (testwise) updating to libvirt 2.2.0 or 2.3.0, libvirt doesn't
start up anymore.
Some investigations showed that apparently my "default6" network is the
problem. Libvirt is starting correctly after disabling all autostarts.
When I then virsh' into the system daemon and type "net-start default6",
then nothing happens and that command just hangs infinitely.
Further information, relevant log entries and e.g. the used default6.xml
configuration file can be found here, as I first thought it would be a
configuration error from my side:
https://bbs.archlinux.org/viewtopic.php?pid=1653221
Do you maybe have an idea what could be going on? Or do you maybe need
more information, and if yes, which exactly?
Thanks in advance
Regards
Rene
8 years, 2 months
[libvirt-users] Fw: HELP
by zhunxun@gmail.com
zhunxun(a)gmail.com
From: zhunxun(a)gmail.com
Date: 2016-10-18 18:46
To: berrange
Subject: HELP
Now I want to get qemu:commandline XML content in Libvirt,and then do my own job,but I do not know how to do it.Can you help me??
thank you !
the xml content is follows:
<qemu:commandline>
<qemu:arg value='-enable-kvm'/>
<qemu:arg value='-drive'/>
<qemu:arg value='file=/root/nvram_2.0-jin.qcow2,if=none,id=nvram0-0-0,format=qcow2'/>
<qemu:arg value='-device'/>
<qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
<qemu:arg value='-tpmdev'/>
<qemu:arg value='libtpms,id=tpm-tpm0,nvram=nvram0-0-0,startup=clear'/>
<qemu:arg value='-bios'/>
<qemu:arg value='/root/xenSeabios/out/bios.bin'/>
</qemu:commandline>
Now I want to get third file path,how can I get it ??
thanks very much!!
zhunxun(a)gmail.com
8 years, 2 months
[libvirt-users] Fwd: Libvirt adds extra parameters in domain XML
by Marina Danial
I have a predetermined set of commands that I want to launch qemu with:
sudo `which qemu-system-x86_64` -m 4G $(IMAGE) -enable-kvm \
-nographic \
-net nic,model=virtio,netdev=net0,macaddr=$(MAC),vlan=0 \
-netdev tap,id=net0,ifname=tap01,vhost=on,script=no,downscript=no \
-net nic,model=virtio,netdev=net1,macaddr=$(MANAGE_MAC),vlan=1 \
-netdev tap,id=net1,ifname=tap02,vhost=on,script=no,downscript=no \
I dont need any extra configuration from libvirt. is this possible? Or can
anyone help with a possible xml configuration ?
On Thu, Oct 13, 2016 at 1:13 PM, Martin Kletzander <mkletzan(a)redhat.com>
wrote:
> On Thu, Oct 13, 2016 at 11:49:44AM +0200, Marina Danial wrote:
>
>> Hello,
>>
>> In my C++ code, I generate my own domain XML file and I
>> use virDomainCreateXML or virDomainDefineXML to launch my qemu VM.
>> However,
>> when I get to check which commands are sent to the qemu commandline, I
>> find
>> that libvirt has added so many extra parameters to the ones I have already
>> set. How can I prevent libvirt from adding any extra parameters to the
>> ones
>> I originally defined in the domain XML?
>>
>>
> What problems are you having with those? What specific ones are
> problematic for you? Libvirt adds a lot of things so that the domain is
> predictable, it can talk to it later on and so on. Some of them are
> adding the same things you would have there without -no-defconfig and
> similar. Just so we can guarantee some compatibility etc.
>
> Help will be highly appreciated.
>>
>>
>> Thanks
>>
>
> _______________________________________________
>> libvirt-users mailing list
>> libvirt-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>
>
8 years, 2 months
[libvirt-users] How to tell spicy client to use SASL authentication?
by mordenkainen
I'm using libvirt in desktop environment. Single host machine, pair of users, a few guest machines. The first thought was that unix socket restricted to specific group is just enough for authentication. But virsh has the power like sudo: you could define pool on real device and write anything on it. So I decided to authenticate with password for each virsh use. I'm using SASL + saslauthd + PAM for that case.
/etc/sasl2/libvirt.conf:
mech_list: PLAIN
pwcheck_method: saslauthd
/etc/sasl2/qemu.conf:
mech_list: PLAIN
pwcheck_method: saslauthd
/etc/pam.d/libvirt:
auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
auth required pam_tally2.so onerr=succeed
auth required pam_nologin.so
auth required pam_unix.so try_first_pass likeauth nullok
account requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
account required pam_nologin.so
account required pam_unix.so
/etc/pam.d/qemu:
auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
auth required pam_tally2.so onerr=succeed
auth required pam_nologin.so
auth required pam_unix.so try_first_pass likeauth nullok
account requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
account required pam_nologin.so
account required pam_unix.so
They are two identical configs for libvirt and for qemu. The first works flawlessly. virsh prompts for user and password and then login me to the shell.
But spicy fails. It prompts only for the password and fails after receiving it leaving error message in syslog:
Oct 13 23:24:21 paladin spicy[9001]: GSSAPI client step 1
What are the supposed actions I should perform to get further debug informations?
8 years, 2 months
[libvirt-users] Fwd: Problems connecting to the libvirtd server
by Stefano Ricci
---------- Forwarded message ----------
From: Stefano Ricci <sfn.rcc(a)gmail.com>
Date: 2016-10-11 12:35 GMT+02:00
Subject: Re: [libvirt-users] Problems connecting to the libvirtd server
To: Michal Privoznik <mprivozn(a)redhat.com>
There is not AppArmor and SElinux is disabled.
The permits of the sock are as follows:
libvirt-sock-admin 0700 (rwx) root: root
libvirt-sock 0700 (rwx) root: root
libvirt-sock-ro 0777 (rwxrwxrwx) root: root
The libvirtd process runs with the root user.
Below you will find the link to the requested log:
http://pastebin.com/0jtpWU0h (libvirt_client.log command LIBVIRT_DEBUG
= 1 virsh -c qemu: /// system list --all)
Stefano
2016-10-11 11:04 GMT+02:00 Michal Privoznik <mprivozn(a)redhat.com>:
>
> On 10.10.2016 18:36, Stefano Ricci wrote:
> > Hello everyone
> > I do not know if it is correct address this mailing lists but I can
> > not use libvirt.
> > I run compile libvirt version 2.2.0 into environment lfs stable with
> > qemu 2.7.0 and have not had any problems.
> > The program when it starts not report any errors in the log, with
> > activated debug level file.
> > Only when you try to connect with the following command virsh -c
> > qemu:///system remains hung without reporting any error either in the
> > logs that screen.
> > The command virsh -c test:///default list instead concludes on a regular basis.
> > I attach the file libvirt.log and libvirt.conf
>
> Interesting. Maybe something else is causing the problem? Is there an
> AppArmor running? What are the socket perms? Can you attach client debug
> logs? (well, maybe paste them somewhere to pastebin-like service)
>
> http://wiki.libvirt.org/page/DebugLogs
>
> Michal
8 years, 2 months
[libvirt-users] problem with disk virtio driver
by Andrei Perietanu
I just ran into a problem I can't make heads or tails of, so I'm hoping to
get some help here.
I have a custom built Embedded Linux running qemu-kvm 1.1.2 and libvirt
1.2.20
I'm creating a domain with the following config:
<domain type='kvm'>
<name>myVM</name>
<memory unit='KiB'>2097152</memory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='hd'/>
<boot dev='cdrom'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode='host-model'/>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdb' bus='ide'/>
<source file='custom.iso'/>
<readonly/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/path/to/vdisk.img'/>
<target dev='vda' bus='virtio'/>
</disk>
<controller type='pci' model='pci-root'/>
<controller type='usb'/>
<controller type='ide'/>
<interface type='bridge'>
<source bridge='virbr0'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1'/>
</video>
<watchdog model='i6300esb' action='reset'/>
<memballoon model='none'/>
</devices>
</domain>
Granted the OS I'm installing is again a custom Linux with some software
running on top ..so It's not a well known OS...but I'm hoping that does not
matter much.
After installation I get all sorts of kernel panics and errors about
services not being able to start.
So I tried the same thing on ubuntu 14.04.2 LTS which installed qemu-kvm
2.0.0 and libvirt 1.2.2
Same config xml, but this time it worked better -I was not getting the
kernel panics.
The OS I'm installing does not support IDE disks, it needs a virtio disk.
The obvious solution here would be to try and get a newer version of qemu,
but since we're talking about a custom built Linux I'd have to add the
package manually and compile from source...which cakes a long time to do.
So before attempting that....just wondering....is there a better way?
Anything I can try?
Thanks,
Andrei
--
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you receive
this in error please contact the sender and delete the material from any
computer immediately. It is the policy of Klas Limited to disavow the
sending of offensive material and should you consider that the material
contained in the message is offensive you should contact the sender
immediately and also your I.T. Manager.
Klas Telecom Inc., a Virginia Corporation with offices at 1101 30th St. NW,
Washington, DC 20007.
Klas Limited (Company Number 163303) trading as Klas Telecom, an Irish
Limited Liability Company, with its registered office at Fourth Floor, One
Kilmainham Square, Inchicore Road, Kilmainham, Dublin 8, Ireland.
8 years, 2 months
[libvirt-users] Libvirt adds extra parameters in domain XML
by Marina Danial
Hello,
In my C++ code, I generate my own domain XML file and I
use virDomainCreateXML or virDomainDefineXML to launch my qemu VM. However,
when I get to check which commands are sent to the qemu commandline, I find
that libvirt has added so many extra parameters to the ones I have already
set. How can I prevent libvirt from adding any extra parameters to the ones
I originally defined in the domain XML?
Help will be highly appreciated.
Thanks
8 years, 2 months