[ovirt-users] Virsh

Gianluca Cecchi gianluca.cecchi at gmail.com
Thu Mar 2 14:10:17 UTC 2017 

On Thu, Mar 2, 2017 at 12:49 PM, Koen Vanoppen <vanoppen.koen at gmail.com>
wrote:

> [root at mercury1 ~]# saslpasswd2 -a libvirt koen
> Password:
> Again (for verification):
> [root at mercury1 ~]# virsh list --all
> Please enter your authentication name: koen
> Please enter your password:
> error: failed to connect to the hypervisor
> error: no valid connection
> error: authentication failed: authentication failed
>
>
I can only say that I just tested on my environment, with plain CentOS 7.3
in oVirt 4.1 and it works.

In theory, your connection string should use unix domain sockets if I'm not
wrong and should be the same as "-c qemu:///system"
In fact, using that connection URI I get the same prompts as without
anything (only thing I just get the login/pwd prompt before running any
command).

Possibly there is something SELinux related? Is it enabled?

Strange enough I'm verifying in my 4.1 system that I can actually run this
command below without any password.....
(obviously all the caveat of running it out of oVirt are applicable...)

[root at ovmsrv05 ~]# virsh -c qemu://ovmsrv05.mydomain/system
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # list
 Id    Name                           State
----------------------------------------------------
 2     raclab1                        running
 10    c7testovn1                     running

virsh #

This happens using the hostname used for the host when added to oVirt infra
Instead if I use localhost I get

[root at ovmsrv05 ~]# virsh -c qemu://localhost/system
2017-03-02 13:58:16.190+0000: 25221: info : libvirt version: 2.0.0,
package: 10.el7_3.4 (CentOS BuildSystem <http://bugs.centos.org>,
2017-01-17-23:37:48, c1bm.rdu2.centos.org)
2017-03-02 13:58:16.190+0000: 25221: info : hostname: ovmsrv05.mydomain
2017-03-02 13:58:16.190+0000: 25221: warning :
virNetTLSContextCheckCertificate:1125 : Certificate check failed
Certificate [session] owner does not match the hostname localhost
error: failed to connect to the hypervisor
error: authentication failed: Failed to verify peer's certificate
[root at ovmsrv05 ~]#

Does this command work for you too in 4.0?
Is it in general a bug or a feature? Or anything cached (I don't think so
because I can execute the same on another host where I didn't run anything
before and where I didn't use the saslpasswd2 command to add a local virsh
user)?

Gianluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170302/08bc3fc6/attachment.html>

More information about the Users mailing list