No agent is available

Community Support
1

i think its monday…

I’m just install new dom0 using our pxe (the same allways) but today i can’t add to opennebula.

su - oneadmin
[oneadmin@c12-1 ~]$ /var/tmp/one/im/run_probes kvm /var/lib/one//datastores 4124 20 86 c12-1
error: authentication failed: Authorization requires authentication but no agent is available.

error: failed to connect to the hypervisor
ERROR MESSAGE --8<------
Error executing kvm.rb
ERROR MESSAGE ------>8--
ERROR MESSAGE --8<------
Error executing collectd-client_control.sh
ERROR MESSAGE ------>8--
ARCH=x86_64
MODELNAME="Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz"



root@c12-1 ~]# cat /etc/libvirt/qemu.conf  | grep -v "#"

user = "oneadmin"

group = "kvm"

dynamic_ownership = 0

any idea? because same config in other dom0 is working…

pd: updating the libvird.conf with that config:

unix_sock_group = "qemu"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

id oneadmin
uid=3000(oneadmin) gid=3000(cloud) grupos=3000(cloud),36(kvm),107(qemu),1046(gaussian)

2

Hola Alex,

Yes, it is Monday and luckily for people living in Madrid, I think it is bank holiday there :slight_smile: … hehe

What do you get if you execute for a example a virsh list command on this node? does it work?

Was opennebula-node-kvm package installed correctly on this node? I would also check if the sudoers file is ok and that selinux is disabled

I hope it helps :smile:

3

Hi Estaban… lucky people who live in Madrid hehe.

virsh list work ok, opennebula installed through pxe as others…

have no idea, now one installed work, other installed using same template (pxe) not work…

fucking crazy world :smiley:

4

It seems to be related with libvirtd configuration. Check these lines in /etc/libvirt/libvirtd.conf:

auth_unix_ro = "none"
auth_unix_rw = "none"

By default they come commented and let anyone with right unix permissions to connect to the sockets. It may be different in your distribution or libvirt version:

#################################################################
#
# Authentication.
#
#  - none: do not perform auth checks. If you can connect to the
#          socket you are allowed. This is suitable if there are
#          restrictions on connecting to the socket (eg, UNIX
#          socket permissions), or if there is a lower layer in
#          the network providing auth (eg, TLS/x509 certificates)
#
#  - sasl: use SASL infrastructure. The actual auth scheme is then
#          controlled from /etc/sasl2/libvirt.conf. For the TCP
#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
#          For non-TCP or TLS sockets,  any scheme is allowed.
#
#  - polkit: use PolicyKit to authenticate. This is only suitable
#            for use on the UNIX sockets. The default policy will
#            require a user to supply their own password to gain
#            full read/write access (aka sudo like), while anyone
#            is allowed read/only access.
#
# Set an authentication scheme for UNIX read-only sockets
# By default socket permissions allow anyone to connect
#
# To restrict monitoring of domains you may wish to enable
# an authentication mechanism here
#auth_unix_ro = "none"

# Set an authentication scheme for UNIX read-write sockets
# By default socket permissions only allow root. If PolicyKit
# support was compiled into libvirt, the default will be to
# use 'polkit' auth.
#
# If the unix_sock_rw_perms are changed you may wish to enable
# an authentication mechanism here
#auth_unix_rw = "none"