Hi Richard, That works great, I also found while playing around with SASL and libvirt that I can turn off SASL for read only access - which also fixes the issue.
Thanks! Dan -----Original Message----- From: Richard W.M. Jones [mailto:[email protected]] Sent: Thursday, November 13, 2014 8:52 AM To: Dan Ryder (daryder) Cc: [email protected]; [email protected] Subject: Re: [Libguestfs] libguestfs-tools with libvirt SASL authentication On Fri, Nov 07, 2014 at 02:37:06PM +0000, Dan Ryder (daryder) wrote: > Thanks for the info, Richard. > > Hi Dan, > > Any additional information on this? I don't know if Dan B wants to chime in here, but can you try out the following patch? diff --git a/df/domains.c b/df/domains.c index b2d9537..6cbc0f9 100644 --- a/df/domains.c +++ b/df/domains.c @@ -77,7 +77,8 @@ get_all_libvirt_domains (const char *libvirt_uri) size_t i; /* Get the list of all domains. */ - conn = virConnectOpenReadOnly (libvirt_uri); + conn = virConnectOpenAuth (libvirt_uri, virConnectAuthPtrDefault, + VIR_CONNECT_RO); if (!conn) { err = virGetLastError (); fprintf (stderr, Rich. > > -----Original Message----- > From: Richard W.M. Jones [mailto:[email protected]] > Sent: Wednesday, November 05, 2014 8:46 AM > To: Dan Ryder (daryder); [email protected] > Cc: [email protected] > Subject: Re: [Libguestfs] libguestfs-tools with libvirt SASL > authentication > > On Tue, Nov 04, 2014 at 06:47:04PM +0000, Dan Ryder (daryder) wrote: > > Hello, > > > > I'm running into an issue using the 'virt-df' command when SASL is enabled > > in libvirt. I'm running version 1.26.5 of libguestfs on an Ubuntu 14.04 OS. > > > > I'm running 'virt-df' for all guests at one time, not specifying a domain > > or image to use. I was expecting a SASL authentication prompt but to no > > avail. Below is a sample run: > > > > root@all-in-one:~# virt-df -P 15 > > libvirt: XML-RPC error : authentication failed: Failed to start SASL > > negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs > > found) > > virt-df: could not connect to libvirt (code 45, domain 7): > > authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): > > no mechanism available: No worthy mechs found) > > > > However, if I do specify a domain to run on, I am prompted for SASL > > authentication: > > > > root@all-in-one:~# virt-df -d instance-0000004d libvirt needs > > authentication to connect to libvirt URI NULL (see also: > > http://libvirt.org/auth.html http://libvirt.org/uri.html) Please > > enter your authentication name: nova@all-in-one Please enter your password: > > Filesystem 1K-blocks Used Available Use% > > instance-0000004d:/dev/sdb 458 458 0 100% > > instance-0000004d:/dev/sda1 22773 12223 9322 54% > > > > Is there any way to successfully run 'virt-df' for all instances at once > > while SASL is enabled in libvirt? > > I think this may be a bug. > > virt-df has potentially 3(!) places where it can make a libvirt connection, > although only 2 of them are being used on Ubuntu. > > (1) If you don't supply a list of domain names on the command line, > then virt-df will call libvirt to get them. That happens in > df/domains.c:get_all_libvirt_domains: > > > https://github.com/libguestfs/libguestfs/blob/master/df/domains.c#L72 > > If you supply a domain name, then this is not used. > > (2) Secondly, virt-df calls into libguestfs (the C library) call > guestfs_add_domain() with a domain name parameter as a literal string, either > one fetched from (1) or one you passed on the command line. > Libguestfs then looks that up with libvirt to check it exists and to > get the list of disks. That happens in > src/libvirt-auth.c:guestfs___open_libvirt_connection: > > > https://github.com/libguestfs/libguestfs/blob/master/src/libvirt-auth. > c#L192 > > (3) Finally if you are using the libvirt backend (which you are not on > Ubuntu) then there would be a third connection to run the appliance, although > it uses the same code as (2). > > I believe the problem here is that (1) does not pass an auth handler. > ie. it calls virConnectOpenReadonly, not virConnectOpenAuth. It's my > understanding that virConnectOpenReadonly bypasses the policy kit and SASL > stuff, but Dan Berrange (CC'd) will be able to tell me if I'm correct about > that. > > If that was the case then you would see an error when virt-df tries to get a > list of domains. > > Anyway, if it turns out to be a bug, please file it using the method > outlined on the front page of the website (or submit a patch!) > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-top is 'top' for virtual machines. Tiny program with many powerful > monitoring features, net stats, disk stats, logging, etc. > http://people.redhat.com/~rjones/virt-top -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
