Bug 1450095
| Summary: | sasl errors in systemd journal at libvirtd startup | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jeff Needle <jneedle> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | Lili Zhu <lizhu> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | berrange, dyuan, jsuchane, lizhu, pkrempa, rbalakri, xuzhang, yafu, zpeng |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-3.2.0-9.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-02 00:08:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is a bug in the libvirtd startup code. It merely looks at whether the TCP or TLS sockets are configured for SASL auth, without bothering to check if the TCP or TLS sockets are actually turned on. As a result we try to initialize SASL despite not wanting it, and the administrator not having configured KRB5. We just need to make the SASL setup properly conditional to suppress this warning. Fixed upstream:
commit ed914284ba74afb7dd16dcb623073bb1a1d5cd21
Author: Peter Krempa <pkrempa>
Date: Wed May 31 09:12:09 2017 +0200
daemon: Don't initialize SASL context if not necessary
SASL context would be initialized even if the corresponding TCP or TLS
sockets are not enabled.
fe772f24a68 attempted to fix the symptom by commenting out the settings,
but that did not fix the root cause. 3c647ee4bbb later reverted those
changes so that the more secure algorithm is used.
Reproduce this bug with build libvirt-3.2.0-7.el7.x86_64
Keep /etc/libvirt/libvirtd.conf in the default status, where tcp sockets is turned down, and unix and tls sockets are not configured for SASL auth.
# systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-06-14 12:01:47 CST; 33s ago
Docs: man:libvirtd(8)
http://libvirt.org
Main PID: 19992 (libvirtd)
CGroup: /system.slice/libvirtd.service
├─ 2097 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
├─ 2098 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
└─19992 /usr/sbin/libvirtd
Jun 14 12:01:47 systemd[1]: Starting Virtualization daemon...
Jun 14 12:01:47 libvirtd[19992]: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory
Jun 14 12:01:47 libvirtd[19992]: gssapiv2_client_plug_init() failed in sasl_server_add_plugin(): generic failure
Jun 14 12:01:47 systemd[1]: Started Virtualization daemon.
Jun 14 12:01:47 libvirtd[19992]: _sasl_plugin_load failed on sasl_server_plug_init for plugin: gssapiv2
Jun 14 12:01:47 dnsmasq[2097]: read /etc/hosts - 2 addresses
Jun 14 12:01:47 dnsmasq[2097]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Jun 14 12:01:47 dnsmasq-dhcp[2097]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Verify this bug with libvirt-3.2.0-9.el7.x86_64
#yum update libvirt*
Also Keep /etc/libvirt/libvirtd.conf in the default status,
# systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-06-14 12:04:35 CST; 2s ago
Docs: man:libvirtd(8)
http://libvirt.org
Main PID: 21565 (libvirtd)
CGroup: /system.slice/libvirtd.service
├─ 2097 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
├─ 2098 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
└─21565 /usr/sbin/libvirtd
Jun 14 12:04:35 systemd[1]: Starting Virtualization daemon...
Jun 14 12:04:35 systemd[1]: Started Virtualization daemon.
Jun 14 12:04:36 dnsmasq[2097]: read /etc/hosts - 2 addresses
Jun 14 12:04:36 dnsmasq[2097]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Jun 14 12:04:36 dnsmasq-dhcp[2097]: read /var/lib/libvirt/dnsmasq/default.hostsfile
As the result match the expectation, mark this bug as verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 |
With libvirt-3.2.0-4.el7.x86_64 (RHEL 7.4 beta version), starting up libvirt logs some errors that we should either clean up or suppress: # systemctl status libvirtd -l ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2017-05-11 08:54:17 EDT; 1h 7min ago Docs: man:libvirtd(8) http://libvirt.org Main PID: 17943 (libvirtd) CGroup: /system.slice/libvirtd.service ├─14397 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper ├─14398 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper └─17943 /usr/sbin/libvirtd May 11 08:54:17 <> systemd[1]: Starting Virtualization daemon... May 11 08:54:17 <> libvirtd[17943]: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory May 11 08:54:17 <> libvirtd[17943]: gssapiv2_client_plug_init() failed in sasl_server_add_plugin(): generic failure May 11 08:54:17 <> systemd[1]: Started Virtualization daemon. May 11 08:54:17 <> libvirtd[17943]: _sasl_plugin_load failed on sasl_server_plug_init for plugin: gssapiv2 ...