<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<STYLE>
BLOCKQUOTE {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
BODY {
LINE-HEIGHT: 1.5; FONT-FAMILY: 微软雅黑; COLOR: #000080; FONT-SIZE: 10.5pt
}
</STYLE>
<META name=GENERATOR content="MSHTML 8.00.7601.17744"></HEAD>
<BODY style="MARGIN: 10px">
<DIV>hi liron aravot</DIV>
<DIV> Thank you for your help </DIV>
<DIV>
<TABLE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; BORDER-COLLAPSE: collapse; FONT-SIZE: 10pt; BORDER-TOP: medium none; BORDER-RIGHT: medium none"
border=1 cellSpacing=0 borderColor=#000000 cellPadding=2 width="50%">
<TBODY>
<TR>
<TD
style="BORDER-BOTTOM: #000000 1px solid; BORDER-LEFT: #000000 1px solid; BORDER-TOP: #000000 1px solid; BORDER-RIGHT: #000000 1px solid"
width="100%" noWrap><FONT size=2 face=Verdana>
<DIV>
<DIV>[root@kvm1 libvirt]# cat libvirtd.conf </DIV>
<DIV># Master libvirt daemon configuration file</DIV>
<DIV>#</DIV>
<DIV># For further information consult http://libvirt.org/format.html</DIV>
<DIV>#</DIV>
<DIV># NOTE: the tests/daemon-conf regression test script requires</DIV>
<DIV># that each "PARAMETER = VALUE" line in this file have the parameter</DIV>
<DIV># name just after a leading "#".</DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># Network connectivity controls</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV># Flag listening for secure TLS connections on the public TCP/IP port.</DIV>
<DIV># NB, must pass the --listen flag to the libvirtd process for this to</DIV>
<DIV># have any effect.</DIV>
<DIV>#</DIV>
<DIV># It is necessary to setup a CA and issue server certificates before</DIV>
<DIV># using this capability.</DIV>
<DIV>#</DIV>
<DIV># This is enabled by default, uncomment this to disable it</DIV>
<DIV>#listen_tls = 0</DIV>
<DIV> </DIV>
<DIV># Listen for unencrypted TCP connections on the public TCP/IP port.</DIV>
<DIV># NB, must pass the --listen flag to the libvirtd process for this to</DIV>
<DIV># have any effect.</DIV>
<DIV>#</DIV>
<DIV># Using the TCP socket requires SASL authentication by default. Only</DIV>
<DIV># SASL mechanisms which support data encryption are allowed. This is</DIV>
<DIV># DIGEST_MD5 and GSSAPI (Kerberos5)</DIV>
<DIV>#</DIV>
<DIV># This is disabled by default, uncomment this to enable it.</DIV>
<DIV>#listen_tcp = 1</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># Override the port for accepting secure TLS connections</DIV>
<DIV># This can be a port number, or service name</DIV>
<DIV>#</DIV>
<DIV>#tls_port = "16514"</DIV>
<DIV> </DIV>
<DIV># Override the port for accepting insecure TCP connections</DIV>
<DIV># This can be a port number, or service name</DIV>
<DIV>#</DIV>
<DIV>#tcp_port = "16509"</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># Override the default configuration which binds to all network</DIV>
<DIV># interfaces. This can be a numeric IPv4/6 address, or hostname</DIV>
<DIV>#</DIV>
<DIV>#listen_addr = "192.168.0.1"</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># Flag toggling mDNS advertizement of the libvirt service.</DIV>
<DIV>#</DIV>
<DIV># Alternatively can disable for all services on a host by</DIV>
<DIV># stopping the Avahi daemon</DIV>
<DIV>#</DIV>
<DIV># This is enabled by default, uncomment this to disable it</DIV>
<DIV>#mdns_adv = 0</DIV>
<DIV> </DIV>
<DIV># Override the default mDNS advertizement name. This must be</DIV>
<DIV># unique on the immediate broadcast network.</DIV>
<DIV>#</DIV>
<DIV># The default is "Virtualization Host HOSTNAME", where HOSTNAME</DIV>
<DIV># is subsituted for the short hostname of the machine (without domain)</DIV>
<DIV>#</DIV>
<DIV>#mdns_name = "Virtualization Host Joe Demo"</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># UNIX socket access controls</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV># Set the UNIX domain socket group ownership. This can be used to</DIV>
<DIV># allow a 'trusted' set of users access to management capabilities</DIV>
<DIV># without becoming root.</DIV>
<DIV>#</DIV>
<DIV># This is restricted to 'root' by default.</DIV>
<DIV>#unix_sock_group = "libvirt"</DIV>
<DIV> </DIV>
<DIV># Set the UNIX socket permissions for the R/O socket. This is used</DIV>
<DIV># for monitoring VM status only</DIV>
<DIV>#</DIV>
<DIV># Default allows any user. If setting group ownership may want to</DIV>
<DIV># restrict this to:</DIV>
<DIV>#unix_sock_ro_perms = "0777"</DIV>
<DIV> </DIV>
<DIV># Set the UNIX socket permissions for the R/W socket. This is used</DIV>
<DIV># for full management of VMs</DIV>
<DIV>#</DIV>
<DIV># Default allows only root. If PolicyKit is enabled on the socket,</DIV>
<DIV># the default will change to allow everyone (eg, 0777)</DIV>
<DIV>#</DIV>
<DIV># If not using PolicyKit and setting group ownership for access</DIV>
<DIV># control then you may want to relax this to:</DIV>
<DIV>#unix_sock_rw_perms = "0770"</DIV>
<DIV> </DIV>
<DIV># Set the name of the directory in which sockets will be found/created.</DIV>
<DIV>#unix_sock_dir = "/var/run/libvirt"</DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># Authentication.</DIV>
<DIV>#</DIV>
<DIV># - none: do not perform auth checks. If you can connect to the</DIV>
<DIV># socket you are allowed. This is suitable if there are</DIV>
<DIV># restrictions on connecting to the socket (eg, UNIX</DIV>
<DIV># socket permissions), or if there is a lower layer in</DIV>
<DIV># the network providing auth (eg, TLS/x509 certificates)</DIV>
<DIV>#</DIV>
<DIV># - sasl: use SASL infrastructure. The actual auth scheme is then</DIV>
<DIV># controlled from /etc/sasl2/libvirt.conf. For the TCP</DIV>
<DIV># socket only GSSAPI & DIGEST-MD5 mechanisms will be used.</DIV>
<DIV># For non-TCP or TLS sockets, any scheme is allowed.</DIV>
<DIV>#</DIV>
<DIV># - polkit: use PolicyKit to authenticate. This is only suitable</DIV>
<DIV># for use on the UNIX sockets. The default policy will</DIV>
<DIV># require a user to supply their own password to gain</DIV>
<DIV># full read/write access (aka sudo like), while anyone</DIV>
<DIV># is allowed read/only access.</DIV>
<DIV>#</DIV>
<DIV># Set an authentication scheme for UNIX read-only sockets</DIV>
<DIV># By default socket permissions allow anyone to connect</DIV>
<DIV>#</DIV>
<DIV># To restrict monitoring of domains you may wish to enable</DIV>
<DIV># an authentication mechanism here</DIV>
<DIV>#auth_unix_ro = "none"</DIV>
<DIV> </DIV>
<DIV># Set an authentication scheme for UNIX read-write sockets</DIV>
<DIV># By default socket permissions only allow root. If PolicyKit</DIV>
<DIV># support was compiled into libvirt, the default will be to</DIV>
<DIV># use 'polkit' auth.</DIV>
<DIV>#</DIV>
<DIV># If the unix_sock_rw_perms are changed you may wish to enable</DIV>
<DIV># an authentication mechanism here</DIV>
<DIV>#auth_unix_rw = "none"</DIV>
<DIV> </DIV>
<DIV># Change the authentication scheme for TCP sockets.</DIV>
<DIV>#</DIV>
<DIV># If you don't enable SASL, then all TCP traffic is cleartext.</DIV>
<DIV># Don't do this outside of a dev/test scenario. For real world</DIV>
<DIV># use, always enable SASL and use the GSSAPI or DIGEST-MD5</DIV>
<DIV># mechanism in /etc/sasl2/libvirt.conf</DIV>
<DIV>#auth_tcp = "sasl"</DIV>
<DIV> </DIV>
<DIV># Change the authentication scheme for TLS sockets.</DIV>
<DIV>#</DIV>
<DIV># TLS sockets already have encryption provided by the TLS</DIV>
<DIV># layer, and limited authentication is done by certificates</DIV>
<DIV>#</DIV>
<DIV># It is possible to make use of any SASL authentication</DIV>
<DIV># mechanism as well, by using 'sasl' for this option</DIV>
<DIV>#auth_tls = "none"</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># TLS x509 certificate configuration</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># Override the default server key file path</DIV>
<DIV>#</DIV>
<DIV>#key_file = "/etc/pki/libvirt/private/serverkey.pem"</DIV>
<DIV> </DIV>
<DIV># Override the default server certificate file path</DIV>
<DIV>#</DIV>
<DIV>#cert_file = "/etc/pki/libvirt/servercert.pem"</DIV>
<DIV> </DIV>
<DIV># Override the default CA certificate path</DIV>
<DIV>#</DIV>
<DIV>#ca_file = "/etc/pki/CA/cacert.pem"</DIV>
<DIV> </DIV>
<DIV># Specify a certificate revocation list.</DIV>
<DIV>#</DIV>
<DIV># Defaults to not using a CRL, uncomment to enable it</DIV>
<DIV>#crl_file = "/etc/pki/CA/crl.pem"</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># Authorization controls</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># Flag to disable verification of our own server certificates</DIV>
<DIV>#</DIV>
<DIV># When libvirtd starts it performs some sanity checks against</DIV>
<DIV># its own certificates.</DIV>
<DIV>#</DIV>
<DIV># Default is to always run sanity checks. Uncommenting this</DIV>
<DIV># will disable sanity checks which is not a good idea</DIV>
<DIV>#tls_no_sanity_certificate = 1</DIV>
<DIV> </DIV>
<DIV># Flag to disable verification of client certificates</DIV>
<DIV>#</DIV>
<DIV># Client certificate verification is the primary authentication mechanism.</DIV>
<DIV># Any client which does not present a certificate signed by the CA</DIV>
<DIV># will be rejected.</DIV>
<DIV>#</DIV>
<DIV># Default is to always verify. Uncommenting this will disable</DIV>
<DIV># verification - make sure an IP whitelist is set</DIV>
<DIV>#tls_no_verify_certificate = 1</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># A whitelist of allowed x509 Distinguished Names</DIV>
<DIV># This list may contain wildcards such as</DIV>
<DIV>#</DIV>
<DIV># "C=GB,ST=London,L=London,O=Red Hat,CN=*"</DIV>
<DIV>#</DIV>
<DIV># See the POSIX fnmatch function for the format of the wildcards.</DIV>
<DIV>#</DIV>
<DIV># NB If this is an empty list, no client can connect, so comment out</DIV>
<DIV># entirely rather than using empty list to disable these checks</DIV>
<DIV>#</DIV>
<DIV># By default, no DN's are checked</DIV>
<DIV>#tls_allowed_dn_list = ["DN1", "DN2"]</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># A whitelist of allowed SASL usernames. The format for usernames</DIV>
<DIV># depends on the SASL authentication mechanism. Kerberos usernames</DIV>
<DIV># look like username@REALM</DIV>
<DIV>#</DIV>
<DIV># This list may contain wildcards such as</DIV>
<DIV>#</DIV>
<DIV># "*@EXAMPLE.COM"</DIV>
<DIV>#</DIV>
<DIV># See the POSIX fnmatch function for the format of the wildcards.</DIV>
<DIV>#</DIV>
<DIV># NB If this is an empty list, no client can connect, so comment out</DIV>
<DIV># entirely rather than using empty list to disable these checks</DIV>
<DIV>#</DIV>
<DIV># By default, no Username's are checked</DIV>
<DIV>#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># Processing controls</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV># The maximum number of concurrent client connections to allow</DIV>
<DIV># over all sockets combined.</DIV>
<DIV>#max_clients = 20</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># The minimum limit sets the number of workers to start up</DIV>
<DIV># initially. If the number of active clients exceeds this,</DIV>
<DIV># then more threads are spawned, upto max_workers limit.</DIV>
<DIV># Typically you'd want max_workers to equal maximum number</DIV>
<DIV># of clients allowed</DIV>
<DIV>#min_workers = 5</DIV>
<DIV>#max_workers = 20</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># The number of priority workers. If all workers from above</DIV>
<DIV># pool will stuck, some calls marked as high priority</DIV>
<DIV># (notably domainDestroy) can be executed in this pool.</DIV>
<DIV>#prio_workers = 5</DIV>
<DIV> </DIV>
<DIV># Total global limit on concurrent RPC calls. Should be</DIV>
<DIV># at least as large as max_workers. Beyond this, RPC requests</DIV>
<DIV># will be read into memory and queued. This directly impact</DIV>
<DIV># memory usage, currently each request requires 256 KB of</DIV>
<DIV># memory. So by default upto 5 MB of memory is used</DIV>
<DIV>#</DIV>
<DIV># XXX this isn't actually enforced yet, only the per-client</DIV>
<DIV># limit is used so far</DIV>
<DIV>#max_requests = 20</DIV>
<DIV> </DIV>
<DIV># Limit on concurrent requests from a single client</DIV>
<DIV># connection. To avoid one client monopolizing the server</DIV>
<DIV># this should be a small fraction of the global max_requests</DIV>
<DIV># and max_workers parameter</DIV>
<DIV>#max_client_requests = 5</DIV>
<DIV> </DIV>
<DIV>#################################################################</DIV>
<DIV>#</DIV>
<DIV># Logging controls</DIV>
<DIV>#</DIV>
<DIV> </DIV>
<DIV># Logging level: 4 errors, 3 warnings, 2 information, 1 debug</DIV>
<DIV># basically 1 will log everything possible</DIV>
<DIV>#log_level = 3</DIV>
<DIV> </DIV>
<DIV># Logging filters:</DIV>
<DIV># A filter allows to select a different logging level for a given category</DIV>
<DIV># of logs</DIV>
<DIV># The format for a filter is:</DIV>
<DIV># x:name</DIV>
<DIV># where name is a match string e.g. remote or qemu</DIV>
<DIV># the x prefix is the minimal level where matching messages should be logged</DIV>
<DIV># 1: DEBUG</DIV>
<DIV># 2: INFO</DIV>
<DIV># 3: WARNING</DIV>
<DIV># 4: ERROR</DIV>
<DIV>#</DIV>
<DIV># Multiple filter can be defined in a single @filters, they just need to be</DIV>
<DIV># separated by spaces.</DIV>
<DIV>#</DIV>
<DIV># e.g:</DIV>
<DIV># log_filters="3:remote 4:event"</DIV>
<DIV># to only get warning or errors from the remote layer and only errors from</DIV>
<DIV># the event layer.</DIV>
<DIV> </DIV>
<DIV># Logging outputs:</DIV>
<DIV># An output is one of the places to save logging information</DIV>
<DIV># The format for an output can be:</DIV>
<DIV># x:stderr</DIV>
<DIV># output goes to stderr</DIV>
<DIV># x:syslog:name</DIV>
<DIV># use syslog for the output and use the given name as the ident</DIV>
<DIV># x:file:file_path</DIV>
<DIV># output to a file, with the given filepath</DIV>
<DIV># In all case the x prefix is the minimal level, acting as a filter</DIV>
<DIV># 1: DEBUG</DIV>
<DIV># 2: INFO</DIV>
<DIV># 3: WARNING</DIV>
<DIV># 4: ERROR</DIV>
<DIV>#</DIV>
<DIV># Multiple output can be defined, they just need to be separated by spaces.</DIV>
<DIV># e.g.:</DIV>
<DIV># log_outputs="3:syslog:libvirtd"</DIV>
<DIV># to log all warnings and errors to syslog under the libvirtd ident</DIV>
<DIV> </DIV>
<DIV># Log debug buffer size: default 64</DIV>
<DIV># The daemon keeps an internal debug log buffer which will be dumped in case</DIV>
<DIV># of crash or upon receiving a SIGUSR2 signal. This setting allows to override</DIV>
<DIV># the default buffer size in kilobytes.</DIV>
<DIV># If value is 0 or less the debug log buffer is deactivated</DIV>
<DIV>#log_buffer_size = 64</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>##################################################################</DIV>
<DIV>#</DIV>
<DIV># Auditing</DIV>
<DIV>#</DIV>
<DIV># This setting allows usage of the auditing subsystem to be altered:</DIV>
<DIV>#</DIV>
<DIV># audit_level == 0 -> disable all auditing</DIV>
<DIV># audit_level == 1 -> enable auditing, only if enabled on host (default)</DIV>
<DIV># audit_level == 2 -> enable auditing, and exit if disabled on host</DIV>
<DIV>#</DIV>
<DIV>#audit_level = 2</DIV>
<DIV>#</DIV>
<DIV># If set to 1, then audit messages will also be sent</DIV>
<DIV># via libvirt logging infrastructure. Defaults to 0</DIV>
<DIV>#</DIV>
<DIV>#audit_logging = 1</DIV>
<DIV> </DIV>
<DIV>###################################################################</DIV>
<DIV># UUID of the host:</DIV>
<DIV># Provide the UUID of the host here in case the command</DIV>
<DIV># 'dmidecode -s system-uuid' does not provide a valid uuid. In case</DIV>
<DIV># 'dmidecode' does not provide a valid UUID and none is provided here, a</DIV>
<DIV># temporary UUID will be generated.</DIV>
<DIV># Keep the format of the example UUID below. UUID must not have all digits</DIV>
<DIV># be the same.</DIV>
<DIV> </DIV>
<DIV># NB This default all-zeros UUID will not work. Replace</DIV>
<DIV># it with the output of the 'uuidgen' command and then</DIV>
<DIV># uncomment this entry</DIV>
<DIV>#host_uuid = "00000000-0000-0000-0000-000000000000"</DIV>
<DIV> </DIV>
<DIV>###################################################################</DIV>
<DIV># Keepalive protocol:</DIV>
<DIV># This allows libvirtd to detect broken client connections or even</DIV>
<DIV># dead client. A keepalive message is sent to a client after</DIV>
<DIV># keepalive_interval seconds of inactivity to check if the client is</DIV>
<DIV># still responding; keepalive_count is a maximum number of keepalive</DIV>
<DIV># messages that are allowed to be sent to the client without getting</DIV>
<DIV># any response before the connection is considered broken. In other</DIV>
<DIV># words, the connection is automatically closed approximately after</DIV>
<DIV># keepalive_interval * (keepalive_count + 1) seconds since the last</DIV>
<DIV># message received from the client. If keepalive_interval is set to</DIV>
<DIV># -1, libvirtd will never send keepalive requests; however clients</DIV>
<DIV># can still send them and the deamon will send responses. When</DIV>
<DIV># keepalive_count is set to 0, connections will be automatically</DIV>
<DIV># closed after keepalive_interval seconds of inactivity without</DIV>
<DIV># sending any keepalive messages. Disabled by default.</DIV>
<DIV>#</DIV>
<DIV>#keepalive_interval = 5</DIV>
<DIV>#keepalive_count = 5</DIV>
<DIV>#</DIV>
<DIV># If set to 1, libvirtd will refuse to talk to clients that do not</DIV>
<DIV># support keepalive protocol. Defaults to 0.</DIV>
<DIV>#</DIV>
<DIV>#keepalive_required = 1</DIV>
<DIV>## beginning of configuration section by vdsm-4.9.6</DIV>
<DIV>listen_addr="0.0.0.0"</DIV>
<DIV>unix_sock_group="kvm"</DIV>
<DIV>unix_sock_rw_perms="0770"</DIV>
<DIV>auth_unix_rw="sasl"</DIV>
<DIV>save_image_format="lzop"</DIV>
<DIV>log_outputs="1:file:/var/log/libvirtd.log"</DIV>
<DIV>log_filters="1:libvirt 3:event 3:json 1:util 1:qemu"</DIV>
<DIV>ca_file="/etc/pki/vdsm/certs/cacert.pem"</DIV>
<DIV>cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"</DIV>
<DIV>key_file="/etc/pki/vdsm/keys/vdsmkey.pem"</DIV>
<DIV>## end of configuration section by vdsm-4.9.6</DIV></DIV></FONT></TD></TR></TBODY></TABLE></DIV>
<DIV>
<TABLE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; BORDER-COLLAPSE: collapse; FONT-SIZE: 10pt; BORDER-TOP: medium none; BORDER-RIGHT: medium none"
border=1 cellSpacing=0 borderColor=#000000 cellPadding=2 width="50%">
<TBODY>
<TR>
<TD
style="BORDER-BOTTOM: #000000 1px solid; BORDER-LEFT: #000000 1px solid; BORDER-TOP: #000000 1px solid; BORDER-RIGHT: #000000 1px solid"
width="100%" noWrap><FONT size=2 face=Verdana>
<DIV>
<DIV>[root@kvm1 libvirt]# tail /var/log/libvirt/libvirtd.log -n 20</DIV>
<DIV>2013-02-26 06:33:27.063+0000: 2128: error : remoteDispatchAuthPolkit:2559 : Policy kit denied action org.libvirt.unix.manage from pid 4031, uid 36: exit status 2</DIV>
<DIV>2013-02-26 06:33:27.063+0000: 2128: error : remoteDispatchAuthPolkit:2588 : authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>2013-02-26 06:33:27.098+0000: 2119: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error</DIV>
<DIV>2013-02-26 06:33:27.333+0000: 2120: error : remoteDispatchAuthPolkit:2559 : Policy kit denied action org.libvirt.unix.manage from pid 4041, uid 36: exit status 2</DIV>
<DIV>2013-02-26 06:33:27.333+0000: 2120: error : remoteDispatchAuthPolkit:2588 : authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>2013-02-26 06:33:27.368+0000: 2119: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error</DIV>
<DIV>2013-02-26 06:33:27.603+0000: 2122: error : remoteDispatchAuthPolkit:2559 : Policy kit denied action org.libvirt.unix.manage from pid 4051, uid 36: exit status 2</DIV>
<DIV>2013-02-26 06:33:27.603+0000: 2122: error : remoteDispatchAuthPolkit:2588 : authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>2013-02-26 06:33:27.636+0000: 2119: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error</DIV>
<DIV>2013-02-26 06:33:27.871+0000: 2124: error : remoteDispatchAuthPolkit:2559 : Policy kit denied action org.libvirt.unix.manage from pid 4061, uid 36: exit status 2</DIV>
<DIV>2013-02-26 06:33:27.872+0000: 2124: error : remoteDispatchAuthPolkit:2588 : authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>2013-02-26 06:33:27.904+0000: 2119: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error</DIV>
<DIV>2013-02-26 06:33:28.142+0000: 2126: error : remoteDispatchAuthPolkit:2559 : Policy kit denied action org.libvirt.unix.manage from pid 4071, uid 36: exit status 2</DIV>
<DIV>2013-02-26 06:33:28.142+0000: 2126: error : remoteDispatchAuthPolkit:2588 : authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>2013-02-26 06:33:28.176+0000: 2119: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error</DIV></DIV></FONT></TD></TR></TBODY></TABLE></DIV>
<DIV>
<HR style="WIDTH: 210px; HEIGHT: 1px" align=left color=#b5c4df SIZE=1>
</DIV>
<DIV><SPAN>xianghuadu</SPAN></DIV>
<DIV> </DIV>
<DIV
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<DIV
style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px; BACKGROUND: #efefef; COLOR: #000000; FONT-SIZE: 12px; PADDING-TOP: 8px">
<DIV><B>From:</B> <A href="mailto:laravot@redhat.com">Liron
Aravot</A></DIV>
<DIV><B>Date:</B> 2013-02-27 16:01</DIV>
<DIV><B>To:</B> <A href="mailto:xianghuadu@gmail.com">xianghuadu</A></DIV>
<DIV><B>CC:</B> <A href="mailto:users@ovirt.org">users</A></DIV>
<DIV><B>Subject:</B> Re: [Users] ovirt Connection Storage
error</DIV></DIV></DIV>
<DIV>
<DIV>Hi, looking in the vdsm logs i see</DIV>
<DIV>libvirtError: authentication failed: Authorization requires authentication but no agent is available.</DIV>
<DIV> </DIV>
<DIV>can you please attach your libvirt configuration file and the libvirt log perhaps?</DIV>
<DIV> </DIV>
<DIV>----- Original Message -----</DIV>
<DIV>> From: "xianghuadu" <xianghuadu@gmail.com></DIV>
<DIV>> To: "Liron Aravot" <laravot@redhat.com></DIV>
<DIV>> Cc: "users" <users@ovirt.org></DIV>
<DIV>> Sent: Tuesday, February 26, 2013 10:21:57 AM</DIV>
<DIV>> Subject: Re: Re: [Users] ovirt Connection Storage error</DIV>
<DIV>> </DIV>
<DIV>> </DIV>
<DIV>> hi liron aravot</DIV>
<DIV>> attached is full vdsm log</DIV>
<DIV>> thx</DIV>
<DIV>> </DIV>
<DIV>> </DIV>
<DIV>> xianghuadu</DIV>
<DIV>> </DIV>
<DIV>> </DIV>
<DIV>> </DIV>
<DIV>> From: Liron Aravot</DIV>
<DIV>> Date: 2013-02-26 15:50</DIV>
<DIV>> To: xianghuadu</DIV>
<DIV>> CC: users</DIV>
<DIV>> Subject: Re: [Users] ovirt Connection Storage error</DIV>
<DIV>> </DIV>
<DIV>> Hi,</DIV>
<DIV>> can you please attach the full vdsm log?</DIV>
<DIV>> </DIV>
<DIV>> ----- Original Message -----</DIV>
<DIV>> > From: "xianghuadu" <xianghuadu@gmail.com></DIV>
<DIV>> > To: "users" <users@ovirt.org></DIV>
<DIV>> > Sent: Tuesday, February 26, 2013 9:27:05 AM</DIV>
<DIV>> > Subject: [Users] ovirt Connection Storage error</DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > Hi all</DIV>
<DIV>> > Add iscsi storage, Error while executing action New SAN storage</DIV>
<DIV>> > Domain: Unexpected exception.</DIV>
<DIV>> > engine log</DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > 2013-02-26 15:09:08,211 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-1) [4952790e] HostName = 225</DIV>
<DIV>> > 2013-02-26 15:09:08,212 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.VDSCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-1) [4952790e] Command FormatStorageDomainVDS</DIV>
<DIV>> > execution failed. Exception: VDSErrorException:</DIV>
<DIV>> > VDSGenericException:</DIV>
<DIV>> > VDSErrorException: Failed to FormatStorageDomainVDS, error = Cannot</DIV>
<DIV>> > format attached storage domain:</DIV>
<DIV>> > ('378ef2e6-e12d-4eae-8c6c-9bc2b983d4ce',)</DIV>
<DIV>> > 2013-02-26 15:09:08,214 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.FormatStorageDomainVDSCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-1) [4952790e] FINISH,</DIV>
<DIV>> > FormatStorageDomainVDSCommand, log id: 1f498799</DIV>
<DIV>> > 2013-02-26 15:09:08,215 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.RemoveStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-1) [4952790e] Command</DIV>
<DIV>> > org.ovirt.engine.core.bll.storage.RemoveStorageDomainCommand throw</DIV>
<DIV>> > Vdc Bll exception. With error message VdcBLLException:</DIV>
<DIV>> > org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException:</DIV>
<DIV>> > VDSGenericException: VDSErrorException: Failed to</DIV>
<DIV>> > FormatStorageDomainVDS, error = Cannot format attached storage</DIV>
<DIV>> > domain: ('378ef2e6-e12d-4eae-8c6c-9bc2b983d4ce',)</DIV>
<DIV>> > 2013-02-26 15:09:08,221 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.RemoveStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-1) [4952790e] Lock freed to object EngineLock</DIV>
<DIV>> > [exclusiveLocks= key: 378ef2e6-e12d-4eae-8c6c-9bc2b983d4ce value:</DIV>
<DIV>> > STORAGE</DIV>
<DIV>> > , sharedLocks= ]</DIV>
<DIV>> > 2013-02-26 15:09:42,067 WARN</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.UpdateStoragePoolCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-6) [a8c7727] CanDoAction of action</DIV>
<DIV>> > UpdateStoragePool failed.</DIV>
<DIV>> > Reasons:VAR__TYPE__STORAGE__POOL,ACTION_TYPE_FAILED_STORAGE_POOL_WITH_DEFAULT_VDS_GROUP_CANNOT_BE_LOCALFS,VAR__ACTION__UPDATE</DIV>
<DIV>> > 2013-02-26 15:09:59,224 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.UpdateStoragePoolCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-3) [3d8faa5f] Running command:</DIV>
<DIV>> > UpdateStoragePoolCommand internal: false. Entities affected : ID:</DIV>
<DIV>> > da5870e0-7aae-11e2-9da5-00188be4de29 Type: StoragePool</DIV>
<DIV>> > 2013-02-26 15:10:00,000 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.AutoRecoveryManager]</DIV>
<DIV>> > (QuartzScheduler_Worker-80) Autorecovering hosts is disabled,</DIV>
<DIV>> > skipping</DIV>
<DIV>> > 2013-02-26 15:10:00,001 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.AutoRecoveryManager]</DIV>
<DIV>> > (QuartzScheduler_Worker-80) Autorecovering storage domains is</DIV>
<DIV>> > disabled, skipping</DIV>
<DIV>> > 2013-02-26 15:10:23,814 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetDeviceListVDSCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-2) START, GetDeviceListVDSCommand(HostName =</DIV>
<DIV>> > 225, HostId = 342b111a-7fdf-11e2-a963-00188be4de29,</DIV>
<DIV>> > storageType=ISCSI), log id: 484eccef</DIV>
<DIV>> > 2013-02-26 15:10:24,119 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetDeviceListVDSCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-2) FINISH, GetDeviceListVDSCommand, return:</DIV>
<DIV>> > [org.ovirt.engine.core.common.businessentities.LUNs@b420cc6], log</DIV>
<DIV>> > id: 484eccef</DIV>
<DIV>> > 2013-02-26 15:10:32,523 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Running command:</DIV>
<DIV>> > AddSANStorageDomainCommand internal: false. Entities affected : ID:</DIV>
<DIV>> > aaa00000-0000-0000-0000-123456789aaa Type: System</DIV>
<DIV>> > 2013-02-26 15:10:32,539 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.CreateVGVDSCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] START,</DIV>
<DIV>> > CreateVGVDSCommand(HostName = 225, HostId =</DIV>
<DIV>> > 342b111a-7fdf-11e2-a963-00188be4de29,</DIV>
<DIV>> > storageDomainId=c13260c4-d1aa-455c-9031-0711a7a4cc8d,</DIV>
<DIV>> > deviceList=[1494554000000000078797a00000000000000000000000000],</DIV>
<DIV>> > force=false), log id: 4f1651f1</DIV>
<DIV>> > 2013-02-26 15:10:32,578 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Failed in CreateVGVDS method</DIV>
<DIV>> > 2013-02-26 15:10:32,579 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Error code unexpected and error</DIV>
<DIV>> > message VDSGenericException: VDSErrorException: Failed to</DIV>
<DIV>> > CreateVGVDS, error = Unexpected exception</DIV>
<DIV>> > 2013-02-26 15:10:32,581 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Command</DIV>
<DIV>> > org.ovirt.engine.core.vdsbroker.vdsbroker.CreateVGVDSCommand return</DIV>
<DIV>> > value</DIV>
<DIV>> > Class Name:</DIV>
<DIV>> > org.ovirt.engine.core.vdsbroker.irsbroker.OneUuidReturnForXmlRpc</DIV>
<DIV>> > mUuid Null</DIV>
<DIV>> > mStatus Class Name:</DIV>
<DIV>> > org.ovirt.engine.core.vdsbroker.vdsbroker.StatusForXmlRpc</DIV>
<DIV>> > mCode 16</DIV>
<DIV>> > mMessage Unexpected exception</DIV>
<DIV>> > </DIV>
<DIV>> > 2013-02-26 15:10:32,585 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] HostName = 225</DIV>
<DIV>> > 2013-02-26 15:10:32,586 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.VDSCommandBase]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Command CreateVGVDS execution</DIV>
<DIV>> > failed. Exception: VDSErrorException: VDSGenericException:</DIV>
<DIV>> > VDSErrorException: Failed to CreateVGVDS, error = Unexpected</DIV>
<DIV>> > exception</DIV>
<DIV>> > 2013-02-26 15:10:32,588 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.vdsbroker.vdsbroker.CreateVGVDSCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] FINISH, CreateVGVDSCommand, log</DIV>
<DIV>> > id: 4f1651f1</DIV>
<DIV>> > 2013-02-26 15:10:32,589 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Command</DIV>
<DIV>> > org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand throw</DIV>
<DIV>> > Vdc Bll exception. With error message VdcBLLException:</DIV>
<DIV>> > org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException:</DIV>
<DIV>> > VDSGenericException: VDSErrorException: Failed to CreateVGVDS,</DIV>
<DIV>> > error</DIV>
<DIV>> > = Unexpected exception</DIV>
<DIV>> > 2013-02-26 15:10:32,600 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Command</DIV>
<DIV>> > [id=62567c07-e736-4909-a501-ee8663d71eac]: Compensating</DIV>
<DIV>> > NEW_ENTITY_ID of</DIV>
<DIV>> > org.ovirt.engine.core.common.businessentities.storage_domain_dynamic;</DIV>
<DIV>> > snapshot: c13260c4-d1aa-455c-9031-0711a7a4cc8d.</DIV>
<DIV>> > 2013-02-26 15:10:32,607 INFO</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Command</DIV>
<DIV>> > [id=62567c07-e736-4909-a501-ee8663d71eac]: Compensating</DIV>
<DIV>> > NEW_ENTITY_ID of</DIV>
<DIV>> > org.ovirt.engine.core.common.businessentities.storage_domain_static;</DIV>
<DIV>> > snapshot: c13260c4-d1aa-455c-9031-0711a7a4cc8d.</DIV>
<DIV>> > 2013-02-26 15:10:32,617 ERROR</DIV>
<DIV>> > [org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand]</DIV>
<DIV>> > (ajp--127.0.0.1-8702-4) [66fa978c] Transaction rolled-back for</DIV>
<DIV>> > command:</DIV>
<DIV>> > org.ovirt.engine.core.bll.storage.AddSANStorageDomainCommand.</DIV>
<DIV>> > vdsm log</DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > </DIV>
<DIV>> > Thread-1296::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:23,200::resourceManager::844::ResourceManager.Owner::(cancelAll)</DIV>
<DIV>> > Owner.cancelAll requests {}</DIV>
<DIV>> > Thread-1296::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:23,200::task::978::TaskManager.Task::(_decref)</DIV>
<DIV>> > Task=`d9716eca-da88-472d-8fdd-19b8be8a02ab`::ref 0 aborting False</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,367::task::588::TaskManager.Task::(_updateState)</DIV>
<DIV>> > Task=`30352e65-67be-4cea-a094-9830c5bda21f`::moving from state init</DIV>
<DIV>> > -> state preparing</DIV>
<DIV>> > Thread-1302::INFO::2013-02-26</DIV>
<DIV>> > 15:19:33,367::logUtils::37::dispatcher::(wrapper) Run and protect:</DIV>
<DIV>> > repoStats(options=None)</DIV>
<DIV>> > Thread-1302::INFO::2013-02-26</DIV>
<DIV>> > 15:19:33,368::logUtils::39::dispatcher::(wrapper) Run and protect:</DIV>
<DIV>> > repoStats, Return response: {}</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,368::task::1172::TaskManager.Task::(prepare)</DIV>
<DIV>> > Task=`30352e65-67be-4cea-a094-9830c5bda21f`::finished: {}</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,368::task::588::TaskManager.Task::(_updateState)</DIV>
<DIV>> > Task=`30352e65-67be-4cea-a094-9830c5bda21f`::moving from state</DIV>
<DIV>> > preparing -> state finished</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,368::resourceManager::809::ResourceManager.Owner::(releaseAll)</DIV>
<DIV>> > Owner.releaseAll requests {} resources {}</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,368::resourceManager::844::ResourceManager.Owner::(cancelAll)</DIV>
<DIV>> > Owner.cancelAll requests {}</DIV>
<DIV>> > Thread-1302::DEBUG::2013-02-26</DIV>
<DIV>> > 15:19:33,368::task::978::TaskManager.Task::(_decref)</DIV>
<DIV>> > Task=`30352e65-67be-4cea-a094-9830c5bda21f`::ref 0 aborting False</DIV>
<DIV>> > _______________________________________________</DIV>
<DIV>> > Users mailing list</DIV>
<DIV>> > Users@ovirt.org</DIV>
<DIV>> > http://lists.ovirt.org/mailman/listinfo/users</DIV>
<DIV>> ></DIV></DIV></BODY></HTML>