Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1443752

Summary: Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused.
Product: [oVirt] ovirt-node Reporter: Hermes Rodríguez <hejeroaz>
Component: Installation & UpdateAssignee: Yuval Turgeman <yturgema>
Status: CLOSED DUPLICATE QA Contact: Pavel Stehlik <pstehlik>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.1CC: bugs, cshao, hejeroaz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-23 05:33:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hermes Rodríguez 2017-04-19 22:11:03 UTC 
Description of problem:
SELinux is preventing from 'open' accesses on the file /etc/libvirt/virtlogd.conf


Version-Release number of selected component (if applicable):
RHVH 4.1

How reproducible:
Fresh install of RHVH 4.0 configure Red Hat Enterprise Virtualization Manager 4.0, add storage domains, networks, hosts (running a fresh install of RHVH 4.0) and all work fine: HA, guest machines works good, etc. The next step was upgrade RHVH to version 4.1. After this upgrade and reboot all physical hosts, the guest was unable to boot.

Steps to Reproduce:
1. Fresh install of RHVH 4.0
2. Upgrade RHVH to version 4.1
3. Guest machines unable to start

Actual results:
Non-operational Data Center

Expected results:
Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused.

Additional info:
Trying to found one solution, we read https://access.redhat.com/solutions/1443193

The reason for this problem is that the virtlog service is unable to start. Please see my notes:

the problem:
VM debian-demo is down with error. Exit message: Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused.

# rpm -q libvirt-daemon
libvirt-daemon-2.0.0-10.el7_3.5.x86_64
(libvirt was upgraded !!! and now the guest logs are driven by virtlogd as external service !!!)

# systemctl start libvirtd.service
# systemctl enable libvirtd
# systemctl status virtlogd -l

● virtlogd.service - Virtual machine log manager
   Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled)
   Active: failed (Result: start-limit) since mar 2017-04-18 09:21:44 -04; 16min ago
     Docs: man:virtlogd(8)
           http://libvirt.org
  Process: 11217 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=exited, status=1/FAILURE)
 Main PID: 11217 (code=exited, status=1/FAILURE)

abr 18 09:21:44 SERVER systemd[1]: Starting Virtual machine log manager...
abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: info : libvirt version: 2.0.0, package: 10.el7_3.5 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2017-02-10-03:02:29, x86-020.build.eng.bos.redhat.com)
abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: info : hostname: SERVER
abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: error : main:1033 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
abr 18 09:21:44 SERVER systemd[1]: virtlogd.service: main process exited, code=exited, status=1/FAILURE
abr 18 09:21:44 SERVER systemd[1]: Unit virtlogd.service entered failed state.
abr 18 09:21:44 SERVER systemd[1]: virtlogd.service failed.
abr 18 09:21:44 SERVER systemd[1]: start request repeated too quickly for virtlogd.service
abr 18 09:21:44 SERVER systemd[1]: Failed to start Virtual machine log manager.
abr 18 09:21:44 SERVER systemd[1]: virtlogd.service failed.

# ls -la /etc/libvirt/virtlogd.conf
-rw-r--r--.   1 root root  1997 feb 10 04:04 virtlogd.conf

uhm... all file perms are ok... may be selinux enforcing?

if I run /usr/sbin/virtlogd -d , restart libvirt, all it's ok...

given a try to selinux workaround....

# vi /etc/selinux/targeted/contexts/files/file_contexts
...
/etc/libvirt/[^/]*      --      system_u:object_r:virt_etc_t:s0
/etc/libvirt/[^/]*      -d      system_u:object_r:virt_etc_rw_t:s0
...

trying:
# semanage permissive -a virtlogd_t

reboot the host and now libvirtd and virtlogd start normally, the Data Center is operational again :(

correct solution? may be... :)
Comment 1 Yaniv Kaul 2017-04-20 06:41:38 UTC 
What version of selinux-policy-targeted do you have? There were selinux fixes there to allow virtlogd_t .
Comment 2 Sandro Bonazzola 2017-04-20 08:46:56 UTC 
(In reply to Hermes Rodríguez from comment #0)

> Version-Release number of selected component (if applicable):
> RHVH 4.1

Can you please detail version of the build?
In particular, rpm -qv imgbased
Comment 3 Yuval Turgeman 2017-04-20 10:35:23 UTC 
This was fixed in imgbased-0.9.23-0.1.el7ev that ships with 4.1-20170417.0 (bug 1434816).  What release of RHVH are you using ?
Comment 4 Yuval Turgeman 2017-04-23 05:33:28 UTC 

*** This bug has been marked as a duplicate of bug 1434816 ***