Infrastructure and Cloud for Enthusiasts

Categories
< All Topics
Print

TCP Auth to Hypervisor

##### modify /etc/libvirt/libvirt.conf to accept tcp and port 16509 ###

– setup secure password to access libvirt on hypervisor
[root@kvm1 ~]# saslpasswd2 -a libvirt admin

– confim authenticated users for libvirt
[root@kvm1 ~]# sudo sasldblistusers2 -f /etc/libvirt/passwd.db
admin@kvm1.blah: userPassword

-set ip tables rule to allow connection on tcp 16509
[root@kvm1 ~]# iptables –insert INPUT 4 -p tcp –dport 16509 -j ACCEPT

-test
[root@kvm1 ~]# virsh -c qemu+tcp://192.168.167.201/system nodeinfo

#### diagnosis ######

# virsh -c qemu+tcp://host/system
error: unable to connect to server at 'host:16509': Connection refused
error: failed to connect to the hypervisor

The libvirt daemon is not listening on TCP ports even after changing configuration in /etc/libvirt/libvirtd.conf:

# grep listen_ /etc/libvirt/libvirtd.conf
listen_tls = 1
listen_tcp = 1
listen_addr = "0.0.0.0"

However, the TCP ports for libvirt are still not open after changing configuration:

# netstat -lntp | grep libvirtd
#

Investigation The libvirt daemon was started without the --listen option. Verify this by running this command:

# ps aux | grep libvirtd
root     27314  0.0  0.0 1000920 18304 ?       Sl   Feb16   1:19 libvirtd --daemon

The output does not contain the --listen option.

Solution Start the daemon with the --listen option. To do this, modify the /etc/sysconfig/libvirtd file and uncomment the following line:

#LIBVIRTD_ARGS="--listen"

Then restart the libvirtd service with this command:

# /etc/init.d/libvirtd restart

Next webvirtmgr install
Table of Contents