Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
+++ This bug was initially created as a clone of Bug #524732 +++
Description of problem:
On RHEL 6, when I run virt-manager, and try to connect to a hypervisor, it asks me for the root password, resulting in the following message:
Unable to open connection to hypervisor URI 'qemu:///system':
authentication failed
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 456, in _try_open
None], flags)
File "/usr/lib64/python2.6/site-packages/libvirt.py", line 102, in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed
Version-Release number of selected component (if applicable):
virt-manager-0.8.0-4.fc12.noarch
polkit-gnome-0.96-3.el6.x86_64
How reproducible:
every time
Steps to Reproduce:
1.see above
2.
3.
Actual results:
Tells me it can't connect to libvirtd
Expected results:
Asks for authentication, then connects
Additional info:
virt-manager worked before a previous update.
Based on the cloned bug, I also tried
$> virsh -c qemu:///system list --all
with a similar error message. The libvirt wiki suggests a workaround that solves the problem for me, ref http://wiki.libvirt.org/page/SSHPolicyKitSetup
I created the following file
/etc/polkit-1/localauthority/50-local.d/50-org.example-libvirt-remote-access.pkla
with the following contents (slightly modified from the Wiki)
[Remote libvirt VM access]
Identity=unix-user:justme
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
Comment 2RHEL Program Management
2011-09-12 15:08:53 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
I installed it the normal way from RHEL 6 repos.
When I searched the error message associated with the problem, I found the Fedora 12 bug, which almost perfectly described the issue. I therefore cloned the bug.
I probably made an error in cloning, as I should have noted that the version number of virt-manager is from RHEL 6. I think you should be able to confirm that from my comment 6, which confirms with the "el6" that it is a RHEL 6 package.
Ok, then can you provide the correct version of virt-manager? We really need to know exactly what packages you're using so we can try to reproduce what you're seeing. Also, if you have a support contract, you should open a ticket with RH support.
I have just an "academic subscription," so I don't think I'm allowed to open a support ticket.
$ rpm -q virt-manager
virt-manager-0.8.6-4.el6.noarch
In addition, the KVM system worked quite well for me at the release of RHEL 6, back in the Nov '10 - May '11 timeframe I had up to four VMs going simultaneously. (I had no need for KVM between June - Sept '11; as I don't know the history of your updates, I don't know whether there are multiple revs in question.)
I only encountered the problem described with the update that I did just before I filed this bug.
FWIW, it's not urgent for me personally, as the workaround I noted in the description, with the code I added to the following file:
/etc/polkit-1/localauthority/50-local.d/50-org.example-libvirt-remote-access.pkla
It makes KVM work fine for the OS testing that I do.
Note that this problem does not appear on my RHEL6.2 beta system which is using libvirt-0.9.4-22.el6.x86_64
Mike - can you update your system as far as possible and check this again (it's a bit problematic for me to downgrade my test system that far). I actually think it's more likely you've got a problem in policykit rather than libvirt, but it would be best if we could both test with the same libvirt version.
Just tried with libvirt-0.8.7-18.el6_1.4.x86_64, without the "workaround" listed in comment 1, and I get the same error.
I don't see your version of libvirt; each beta channel that I checked seem to have "0" packages. If you can show me how to get access to your 6.2 beta version, I'm willing to test it.
Mike - can you confirm this is still a problem? (There should be a public beta of RHEL6.3 available somewhere, although looking from the inside, I'm not sure where it is).
If it is still a problem, can you tell me if other desktop applications using policykit also fail? (e.g. "system-config-firewall").
I'm marking this as CondNAK Reproducer. Mike, if you can upgrade to RHEL6.3 and see if this is still a problem, report it here as soon as possible. Since we are unable to reproduce, we'll otherwise have to close the bug as WORKSFORME