On Thu, Mar 2, 2017 at 12:49 PM, Koen Vanoppen <vanoppen.koen@gmail.com> wrote:
[root@mercury1 ~]# saslpasswd2 -a libvirt koen Password: Again (for verification): [root@mercury1 ~]# virsh list --all Please enter your authentication name: koen Please enter your password: error: failed to connect to the hypervisor error: no valid connection error: authentication failed: authentication failed
I can only say that I just tested on my environment, with plain CentOS 7.3 in oVirt 4.1 and it works. In theory, your connection string should use unix domain sockets if I'm not wrong and should be the same as "-c qemu:///system" In fact, using that connection URI I get the same prompts as without anything (only thing I just get the login/pwd prompt before running any command). Possibly there is something SELinux related? Is it enabled? Strange enough I'm verifying in my 4.1 system that I can actually run this command below without any password..... (obviously all the caveat of running it out of oVirt are applicable...) [root@ovmsrv05 ~]# virsh -c qemu://ovmsrv05.mydomain/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # list Id Name State ---------------------------------------------------- 2 raclab1 running 10 c7testovn1 running virsh # This happens using the hostname used for the host when added to oVirt infra Instead if I use localhost I get [root@ovmsrv05 ~]# virsh -c qemu://localhost/system 2017-03-02 13:58:16.190+0000: 25221: info : libvirt version: 2.0.0, package: 10.el7_3.4 (CentOS BuildSystem <http://bugs.centos.org>, 2017-01-17-23:37:48, c1bm.rdu2.centos.org) 2017-03-02 13:58:16.190+0000: 25221: info : hostname: ovmsrv05.mydomain 2017-03-02 13:58:16.190+0000: 25221: warning : virNetTLSContextCheckCertificate:1125 : Certificate check failed Certificate [session] owner does not match the hostname localhost error: failed to connect to the hypervisor error: authentication failed: Failed to verify peer's certificate [root@ovmsrv05 ~]# Does this command work for you too in 4.0? Is it in general a bug or a feature? Or anything cached (I don't think so because I can execute the same on another host where I didn't run anything before and where I didn't use the saslpasswd2 command to add a local virsh user)? Gianluca