lost and found ( for me ? )

KVM : access to remote KVM hosts with virsh

[ CentOS 6.3 64bit : KVM remote host ]

# libvirtd --version
libvirtd (libvirt) 0.9.10

# uname -ri
2.6.32-279.14.1.el6.x86_64 x86_64

# cat /etc/centos-release
CentOS release 6.3 (Final)

edit /etc/sysconfig/libvirtd
uncomment listen_tcp , tcp_port , auth_tcp.
# egrep -i '(^listen_tcp|^tcp_port|^auth_tcp)' /etc/libvirt/libvirtd.conf
listen_tcp = 1
tcp_port = "16509"
auth_tcp = "sasl"

restart libvirtd to reflect on it
# /etc/init.d/libvirtd restart

check libvirtd is listening TCP 16509.
nnn , not listening
# lsof -ni:16509

oh , I forgot configuring one more option.
edit /etc/sysconfig/libvirtd and uncomment LIBVIRTD_ARGS="--listen"
# egrep -i ^libvirtd_args /etc/sysconfig/libvirtd

restart libvirtd.
# /etc/init.d/libvirtd restart
Stopping libvirtd daemon:                                  [FAILED]
Starting libvirtd daemon: libvirtd: error: Unable to initialize network sockets. Check /var/log/messages or run without --daemon for more info.

check the libvird.log
# less /var/log/libvirt/libvirtd.log
2012-11-09 02:38:21.353+0000: 13306: info : libvirt version: 0.9.10, package: 21.el6_3.5 (CentOS BuildSystem <http://bugs.centos.org>, 2012-10-11-13:57:12, c6b9.bsys.dev.centos.org)
2012-11-09 02:38:21.353+0000: 13306: error : virNetTLSContextCheckCertFile:92 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

disable tls. It seems that TLS is enabled by default.
# egrep –I ^listen_tls /etc/libvirt/libvirtd.conf
listen_tls = 0

restart libvirtd
# /etc/init.d/libvirtd restart
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]

# lsof -ni:16509
libvirtd 13587 root   14u  IPv4  37328      0t0  TCP *:16509 (LISTEN)
libvirtd 13587 root   15u  IPv6  37329      0t0  TCP *:16509 (LISTEN)

add a user
# saslpasswd2 -a libvirt username
Again (for verification):

This username is not related to Linux account.
This account is for connecting to the KVM.

you can check the account you created by checking libvirt DB.
# sasldblistusers2 -f /etc/libvirt/passwd.db
zzz@zzz.localdomain: userPassword

connect to the CentOS KVM from a remote host.
# virsh -c qemu+tcp://x.x.x.x/system
Please enter your authentication name: foo
Please enter your password:
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
      'quit' to quit

virsh # list --all
Id Name                 State
 - centos6-64-1         shut off

virsh # quit

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.