[libvirt-users] unable to creating/list storage pools using non-root user
Hi all I have a Fedora release 17 (Beefy Miracle) with libvirt versions: libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch I have allowed non-root user to user libvirt by allowing the user through polkit cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes After doing the above i am able to connect to virt-manager as non-root user but unable to create storage pools. [juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below: cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt" But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ? Any pointers on above would be helpfu. Regards Niranjan
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok@gmail.com> wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user through
polkit
cat /etc/polkit-1/localauthority/50-local.d/cat
50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as non-root
user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
[juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions
Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users home
context=staff_u:staff_r:staff_t:s0 directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user virsh -c qemu:///system - Trey
On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock@gmail.com>wrote:
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok@gmail.com> wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user
through polkit
cat /etc/polkit-1/localauthority/50-local.d/cat
50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as non-root
user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
context=staff_u:staff_r:staff_t:s0
[juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions
Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user
virsh -c qemu:///system
- Trey
Yeah that worked. Thanks a lot trey
On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan < niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock@gmail.com>wrote:
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok@gmail.com> wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user
through polkit
cat /etc/polkit-1/localauthority/50-local.d/cat
50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as non-root
user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
[juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write
context=staff_u:staff_r:staff_t:s0 permissions
Also tried adding the permissions to unix socket in
/etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users
home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user
virsh -c qemu:///system
- Trey
Yeah that worked.
Thanks a lot trey
Hi How do i make the below work ? [juno@reserved virt-img]$ virsh -c qemu:///session error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused error: failed to connect to the hypervisor Regards Niranjan
On Fri, Jun 22, 2012 at 10:02 AM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock@gmail.com> wrote:
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok@gmail.com> wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user through polkit
cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as non-root user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions
Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user
virsh -c qemu:///system
- Trey
Yeah that worked.
Thanks a lot trey
Hi
How do i make the below work ?
[juno@reserved virt-img]$ virsh -c qemu:///session
error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused error: failed to connect to the hypervisor
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I'm not familiar with using "qemu:///session", to make an intial connection I always do something like this... # Local connection $ virsh -c qemu:///system # Remote $ virsh -c ssh+qemu:///treydock@host.tld/system What are you trying to achieve with "session" ? Also I noticed you mentioned using a path other than /var/lib/libvirt/images for the pool, be sure the SELinux contexts are correct. Should be virt_image_t, you can set that for a special path like so... $ semanage fcontext -a -t virt_image_t "/virt-img(/.*)?" $ restorecon -R /virt-img - Trey
On Sat, Jun 23, 2012 at 3:04 AM, Trey Dockendorf <treydock@gmail.com> wrote:
On Fri, Jun 22, 2012 at 10:02 AM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock@gmail.com> wrote:
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <
niranjan.ashok@gmail.com>
wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user through polkit
cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as
non-root
user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions
Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user
virsh -c qemu:///system
- Trey
Yeah that worked.
Thanks a lot trey
Hi
How do i make the below work ?
[juno@reserved virt-img]$ virsh -c qemu:///session
error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused error: failed to connect to the hypervisor
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I'm not familiar with using "qemu:///session", to make an intial connection I always do something like this...
# Local connection $ virsh -c qemu:///system
# Remote $ virsh -c ssh+qemu:///treydock@host.tld/system
What are you trying to achieve with "session" ?
I would like to use virt-manager/virsh using non-root user , qemu:///system , connect as root user , I would like to create images and run them using non-root user .
Also I noticed you mentioned using a path other than /var/lib/libvirt/images for the pool, be sure the SELinux contexts are correct. Should be virt_image_t, you can set that for a special path like so...
$ semanage fcontext -a -t virt_image_t "/virt-img(/.*)?" $ restorecon -R /virt-img
Yes, i have set the virt_image_t context set for /virt-img directory
- Trey
On Sat, Jun 23, 2012 at 7:29 AM, mallapadi niranjan < niranjan.ashok@gmail.com> wrote:
On Sat, Jun 23, 2012 at 3:04 AM, Trey Dockendorf <treydock@gmail.com>wrote:
On Fri, Jun 22, 2012 at 10:02 AM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan <niranjan.ashok@gmail.com> wrote:
On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock@gmail.com> wrote:
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <
niranjan.ashok@gmail.com>
wrote:
Hi all
I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch
I have allowed non-root user to user libvirt by allowing the user through polkit
cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes
After doing the above i am able to connect to virt-manager as
non-root
user but unable to create storage pools.
[juno@reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno@reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused
I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions
Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below:
cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt"
But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?
Any pointers on above would be helpfu.
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit authorized user
virsh -c qemu:///system
- Trey
Yeah that worked.
Thanks a lot trey
Hi
How do i make the below work ?
[juno@reserved virt-img]$ virsh -c qemu:///session
error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused error: failed to connect to the hypervisor
Regards Niranjan
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
I'm not familiar with using "qemu:///session", to make an intial connection I always do something like this...
# Local connection $ virsh -c qemu:///system
# Remote $ virsh -c ssh+qemu:///treydock@host.tld/system
What are you trying to achieve with "session" ?
I would like to use virt-manager/virsh using non-root user , qemu:///system , connect as root user , I would like to create images and run them using non-root user .
Also I noticed you mentioned using a path other than /var/lib/libvirt/images for the pool, be sure the SELinux contexts are correct. Should be virt_image_t, you can set that for a special path like so...
$ semanage fcontext -a -t virt_image_t "/virt-img(/.*)?" $ restorecon -R /virt-img
Yes, i have set the virt_image_t context set for /virt-img directory
- Trey
I apologize, I understood, whey qemu:///session would not work , I did not read the documentation prior, To run qemu:///session i.e , i have to have libvirtd instance running as non-root user. This will have images stored in users home directory , But will not be able to access host PCI devices if in case i decide to attach them to my guest. So i should be running qemu:///system and not session , Sourece: http://libvirt.org/drvqemu.html
participants (2)
-
mallapadi niranjan -
Trey Dockendorf