On Tue, Feb 27, 2024 at 08:09:17AM -0800, Andrea Bolognani wrote:
On Tue, Feb 27, 2024 at 09:49:23AM -0500, Chuck Lever wrote:
> On Tue, Feb 27, 2024 at 01:20:46AM -0800, Andrea Bolognani wrote:
> > Note that you shouldn't enable both the monolithic daemon (libvirtd)
> > and the modular daemons (virtnetworkd, virtqemud) at the same time.
> > If your version of libvirt is recent enough (>= 9.9.0) the situation
> > should be handled cleanly, but in general it's not a supported
> > configuration.
>
> This Ansible code dates from before 2020, so it's legacy, I suppose.
The change in default from monolithic daemon to modular daemons feels
like forever ago to me, but in reality it only happened[1] with
Fedora 35 in late 2021. So it's understandable that there would be
code out there that is not prepared to cope with this scenario.
> Perhaps, if it can figure out which version of libvirt is available,
> Ansible needn't start libvirtd at all? It would be a nicer fix, that
> I can subsequently contribute to kdevops, if Ansible would start a
> supported libvirt configuration.
Looking at the Fedora-specific part of enabling libvirt in
kdevops[2], I'm pretty sure that what it attempts to do is not right.
Specifically, it starts libvirtd, then starts virtnetworkd. As I
mentioned earlier, mixing the monolithic daemon with the modular ones
is very much an unsupported configuration. Fedora 39 has libvirt
9.7.0, which doesn't contain the systemd cleanups I talked about
above, so the consequences of doing this are likely going to be even
more nasty.
I don't understand why starting virtnetworkd would be needed in the
first place. The only difference between a monolithic deployment and
a modular one should be in which process each of the drivers is
running. If a running virtnetworkd allows you to do what you need,
networking wise, so should running libvirtd.
I will admit that I have never tried the "split" setup that you seem
to be aiming for, e.g. libvirtd/virtqemud running as an unprivileged
user but getting access to the host's networking via a privileged
virtnetworkd instance or other setuid trickery.
Looking at the libvirt-specific configuration knobs in kdevops[2],
it seems that qemu:///session is used by default on Fedora, and on
Fedora only. That honestly feels like a questionable choice to me...
Everywhere else, qemu:///system is used instead, so I'm not surprised
that issues would show up when you're exercising the odd path out.
I confess I don't understand the libvirt_user role well enough
to effect any changes here except to add an action to enable
virtnetworkd.
> > Moreover, Fedora has defaulted to modular daemons for a
long time
> > now, so really you shouldn't need to do anything special to ensure
> > that they are enabled. Just install the package, then either start
> > the various services/sockets manually or simply reboot. That should
> > do the trick.
>
> I too expected that simply installing libvirt on my new Fedora 39
> system would have created a working environment, so there's clearly
> something I missed during set-up.
One thing that people often miss, because it's admittedly not so
obvious, is that it's not enough to install the libvirt package to
start using libvirt: you also need to start the corresponding
services, or at least their sockets.
This is not something that's specific to libvirt, but rather the
consequence of a more general policy adopted by RHEL-derived distros,
where services are not automatically started after installation.
Debian-derived distros have the opposite policy, so you get a
smoother out of the box experience there.
Unfortunately, this being a distro-wide policy, there's not much we
can do about it.
That must be it: enabling libvirtd.service appears to add in
the socket services too:
root@boudin:~# systemctl enable libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service →
/usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket →
/usr/lib/systemd/system/virtlockd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/virtlogd.socket →
/usr/lib/systemd/system/virtlogd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket →
/usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket →
/usr/lib/systemd/system/libvirtd-ro.socket.
root@boudin:~#
--
Chuck Lever