Bug 972735 - libvirt driver doesn't load: Connection to libvirt failed: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
libvirt driver doesn't load: Connection to libvirt failed: Failed to connect ...
Status: CLOSED NOTABUG
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
3.0
Unspecified Unspecified
high Severity high
: ---
: 4.0
Assigned To: Daniel Berrange
Ami Jeain
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-10 09:42 EDT by Daniel Paikov
Modified: 2016-04-26 14:54 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-13 07:04:36 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
nova logs (6.14 KB, application/x-gunzip)
2013-06-10 09:42 EDT, Daniel Paikov
no flags Details

  None (edit)
Description Daniel Paikov 2013-06-10 09:42:44 EDT
Created attachment 759208 [details]
nova logs

I see the following failure in nova's compute.log:

2013-06-10 16:10:01.346 15571 INFO nova.virt.driver [-] Loading compute driver 'libvirt.LibvirtDriver'
2013-06-10 16:10:01.512 INFO nova.openstack.common.rpc.impl_qpid [req-20f05b5d-2a04-42fb-bb6e-a3d0d651aed0 None None] Connected to AMQP server on 10.35.104.17:5672
2013-06-10 16:10:11.540 WARNING nova.conductor.api [req-20f05b5d-2a04-42fb-bb6e-a3d0d651aed0 None None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor?
2013-06-10 16:10:21.579 WARNING nova.conductor.api [req-20f05b5d-2a04-42fb-bb6e-a3d0d651aed0 None None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor?
2013-06-10 16:10:21.670 15571 AUDIT nova.service [-] Starting compute node (version 2013.1.1-4.el6ost)
2013-06-10 16:10:21.694 15571 ERROR nova.virt.libvirt.driver [-] Connection to libvirt failed: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver Traceback (most recent call last):
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver   File "/usr/lib/python2.6/site-packages/nova/virt/libvirt/driver.py", line 627, in _connect
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver     return libvirt.openAuth(uri, auth, 0)
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver   File "/usr/lib64/python2.6/site-packages/libvirt.py", line 102, in openAuth
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver     if ret is None:raise libvirtError('virConnectOpenAuth() failed')
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
2013-06-10 16:10:21.694 15571 TRACE nova.virt.libvirt.driver 
2013-06-10 16:10:21.699 15571 WARNING nova.virt.libvirt.driver [-] URI qemu:///system does not support events
2013-06-10 16:10:21.699 15571 ERROR nova.virt.libvirt.driver [-] Nova requires libvirt version 0.9.6 or greater.
2013-06-10 16:10:21.759 15571 ERROR nova.virt.libvirt.driver [-] Connection to libvirt failed: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver Traceback (most recent call last):
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver   File "/usr/lib/python2.6/site-packages/nova/virt/libvirt/driver.py", line 627, in _connect
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver     return libvirt.openAuth(uri, auth, 0)
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver   File "/usr/lib64/python2.6/site-packages/libvirt.py", line 102, in openAuth
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver     if ret is None:raise libvirtError('virConnectOpenAuth() failed')
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver 

This is what is possibly causes my instances to start in Error status:
2013-06-10 16:29:30.751 WARNING nova.scheduler.driver [req-634985dc-ea6a-40cc-87cc-928e1b038659 129602d8b6084ff1aaf05e9cd936ae9c 980bf3077b584643b992dc5dd554f326] [instance: 608ad7aa-c294-4570-b6d5-e351243b6b67] Setting instance to ERROR state.
Comment 3 Dave Allan 2013-12-05 14:04:15 EST
Dan, this looks like misconfiguration to me; what do you think?
Comment 4 Daniel Berrange 2013-12-13 07:04:36 EST
> None:raise libvirtError('virConnectOpenAuth() failed')
> 2013-06-10 16:10:21.759 15571 TRACE nova.virt.libvirt.driver libvirtError: 
> Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied

Yes, normally this socket is world-writable by any user, so you'd never see a permission denied error connecting. Authentication would instead be done by Policykit. Given this error it would appear that the user has re-configured libvirtd in some manner to block users from connecting

Note You need to log in before you can comment on or make changes to this bug.