On Wed, Oct 10, 2012 at 04:16:21PM +0100, Daniel P. Berrange wrote:
On Wed, Oct 10, 2012 at 05:06:37PM +0200, Olaf Hering wrote:
> Signed-off-by: Olaf Hering <olaf(a)aepfle.de>
> ---
>
> Switching from attach-method "appliance" to "libvirt" has
surprising
> side effects, so show a hint how to resolve the "authentication failed"
> error from libvirt.
> Patch is not compile tested.
>
> src/libvirtdomain.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/libvirtdomain.c b/src/libvirtdomain.c
> index eecea26..110ee86 100644
> --- a/src/libvirtdomain.c
> +++ b/src/libvirtdomain.c
> @@ -104,6 +104,8 @@ guestfs__add_domain (guestfs_h *g, const char *domain_name,
> err = virGetLastError ();
> error (g, _("could not connect to libvirt (code %d, domain %d):
%s"),
> err->code, err->domain, err->message);
> + if (err->code == VIR_ERR_AUTH_FAILED)
> + error (g, _("Possible fix: 'polkit-auth --user <username>
--grant org.libvirt.unix.manage'"));
Hmm, libguestfs is using the qemu://session instance of libvirt, of which
one is launched per user. This should not require any authentication at
all, since it is only accessible to the current user. PolicyKit is only
relevant if connecting to the qemu:///system instance of libvirtd which
runs privileged and this is not something libguestfs would be using,
unless it was run as root. But if libguestfs ran as root, it would
already have permission to connect via policykit.
I don't think this is true.
libguestfs use of libvirt is a bit of a mess at the moment, since we
end up opening two connections if you use the -d option ... this is
something I'm intending to fix.
Nevertheless, it should be using NULL everywhere, so depending on
whether you run it as root or not, it will use qemu:///system
or qemu:///session.
It's somewhere on the to-do list to:
(1) Fix the utilities so they only need to open one connection
(this will matter in the remote case).
(2) Support authentication in libvirt by mapping libvirt auth
callbacks to libguestfs events.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages.
http://libguestfs.org