[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libvirt-users
Subject:    Re: how/where to configure access to libvirt-sock-ro
From:       Andrea Bolognani <abologna () redhat ! com>
Date:       2021-10-04 12:26:26
Message-ID: CABJz62NOhy4onbDgciK9hsuVb0E3ehPBJNQ=u0=jDSOmyEioqg () mail ! gmail ! com
[Download RAW message or body]

On Sun, Oct 03, 2021 at 10:05:10PM +0000, Marc wrote:
>
> I wanted to create a monitoring user that can do some reporting like this:
>
> runuser -u xxxxx  -- prometheus-libvirt-exporter -libvirt.uri /var/run/libvirt/libvirt-sock-ro

I assume you're using prometheus-libvirt-exporter from

  https://github.com/zhangjianweibj/prometheus-libvirt-exporter/

right?

If so, I don't think you need to pass the (poorly named) libvirt.uri
option explicitly, as /var/run/libvirt/libvirt-sock-ro is already the
default value.

> But I am getting the
> failed to connect: authentication required

What do the following commands return?

  $ runuser -u xxx -- virsh -c qemu:///system -r list --all
  $ runuser -u xxx -- virsh -c
qemu:///system?socket=/var/run/libvirt/libvirt-sock-ro list --all

What are the permissions on the socket? Is SELinux possibly getting
in the way?

Access to the read-only socket is usually not very restrictive, since
a read-only connection can only be used to collect data anyway.

-- 
Andrea Bolognani / Red Hat / Virtualization

[prev in list] [next in list] [prev in thread] [next in thread]