Warning : Failed to set up UEFI / The Libvirt version does not support UEFI / Install options are limited...

Mario Marietto marietto2008 at gmail.com
Mon Aug 28 14:27:09 UTC 2023 

Thanks very much. You are very gentle and helpful.

I've fixed the PolicyKit problem in this way :

In :

/usr/share/polkit-1/actions/org.libvirt.unix.policy


I have changed this :

<action id="org.libvirt.unix.manage">
      <description>Manage local virtualized systems</description>
      <message>System policy prevents management of local virtualized
systems</message>
      <defaults>
        <!-- Any program can use libvirt in read/write mode if they
             provide the root password -->
        <allow_any>auth_admin_keep</allow_any>
        <allow_inactive>auth_admin_keep</allow_inactive>
        <allow_active>auth_admin_keep</allow_active>
      </defaults>
    </action>



to this :

<action id="org.libvirt.unix.manage">
      <description>Manage local virtualized systems</description>
      <message>System policy prevents management of local virtualized
systems</message>
      <defaults>
         <!-- Any program can use libvirt in read/write mode if they
              provide the root password -->
         <allow_any>yes</allow_any>
         <allow_inactive>yes</allow_inactive>
         <allow_active>yes</allow_active>
       </defaults>
      </action>


and boom : QEMU and KVM are connected now. Now,another problem has
emerged. When
I click on "File / New Virtual Machine",nothing happens. At this point,I
did :


sudo virsh net-info default

then :

sudo virsh net-start default


and a lot of shit came out from the manhole [image: :D]:

Error starting network 'default': internal error:
Failed to apply firewall rules /usr/sbin/iptables -w --table mangle
--list-rules: iptables v1.8.9 (legacy):
can't initialize iptables table `mangle': Table does not exist (do you
need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


Traceback (most recent call last):
File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 71,
in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb
callback(*args, **kwargs)
File "/usr/local/share/virt-manager/virtManager/object/libvirtobject.py",
line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/share/virt-manager/virtManager/object/network.py",
line 69, in start
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 3547, in create
raise libvirtError('virNetworkCreate() failed')
libvirt.libvirtError: internal error: Failed to apply firewall rules
/usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9
(legacy): can't initialize iptables table `mangle': Table does not
exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

and :

*marietto at chromarietto*:*~*$ sudo virsh net-info default

Name: default

UUID: 7c4408b7-5125-4c98-9d53-f1fe109371e3

Active: no

Persistent: yes

Autostart: yes

Bridge: virbr0

*marietto at chromarietto*:*~*$ sudo virsh net-start default

error: Failed to start network default

error: internal error: Failed to apply firewall rules /usr/sbin/iptables
 -w --table mangle --list-rules: iptables v1.8.9 (legacy): can't
initialize iptables table `mangle': Table does not exist (do you need to
 insmod?). Perhaps iptables or your kernel needs to be upgraded.


I tried to fix it with this :


$ modprobe iptable_mangle
modprobe: FATAL: Module iptable_mangle not found in directory
/lib/modules/5.4.244-stb-cbe


so,some options should be enabled inside the kernel,for sure.

I have configured the option "MANGLE" to yes when I have recompiled
the kernel the last time :

CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP6_NF_MANGLE=y


"unfortunately" I'd configured it correctly,so the error should depend on
something else.
It would have been too easy to fix the error so fast. Suggestions ?

On Mon, Aug 28, 2023 at 1:16 PM Pavel Hrdina <phrdina at redhat.com> wrote:

> On Sun, Aug 27, 2023 at 06:06:59PM +0200, Mario Marietto wrote:
> > If I don't launch virtqemud,this is what I have :
>
> Yeah you never want to run libvirtd and virtqemud at the same time, more
> info here <https://libvirt.org/daemons.html>.
>
> > marietto at chromarietto:~$ libvirtd &
>
> This will not work as expected. If you want to use system connection you
> need to run libvirtd as root user.
>
> > [1] 2083
> >
> > marietto at chromarietto:~$ virt-manager
> >
> >
> > A new error comes out :
> >
> > Unable to connect to libvirt qemu:///system.
> >
> > error from service: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed:
> > Action org.libvirt.unix.manage is not registered
> >
> > Libvirt URI is: qemu:///system
> >
> > Traceback (most recent call last):
> > File "/usr/local/share/virt-manager/virtManager/connection.py", line
> > 923, in _do_open
> > self._backend.open(cb, data)
> > File "/usr/local/share/virt-manager/virtinst/connection.py", line 171,
> in open
> > conn = libvirt.openAuth(self._open_uri,
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > File "/usr/lib/python3/dist-packages/libvirt.py", line 147, in openAuth
> > raise libvirtError('virConnectOpenAuth() failed')
> > libvirt.libvirtError: error from service:
> > GDBus.Error:org.freedesktop.PolicyKit1.
> > Error.Failed: Action org.libvirt.unix.manage is not registered
>
> This is polkit trying to authenticate that your user can connect to
> system connection, libvirt running with root privileges, but you started
> libvirtd as normal user.
>
> The error that "org.libvirt.unix.manage is not registered" means there
> is no process handling that polkit action as there is no libvirtd
> running as root.
>
> Pavel
>
> > On Sun, Aug 27, 2023 at 1:00 AM Mario Marietto <marietto2008 at gmail.com>
> > wrote:
> >
> > > Is there someone that can help me ? thanks.
> > >
> > > # sudo usermod -a -G libvirt root
> > > # sudo usermod -a -G libvirtd root
> > > # sudo usermod -a -G libvirt-qemu libvirt-qemu
> > > # sudo usermod -a -G libvirt marietto
> > > # sudo adduser libvirt-qemu
> > > # sudo groupadd --system libvirt
> > > # sudo groupadd --system libvirt-qemu
> > > # sudo newgrp libvirt-qemu
> > > # newgrp libvirt
> > >
> > > # /usr/local/sbin# libvirtd &
> > > [1] 2875
> > >
> > > # virtqemud &
> > > [2] 2906
> > >
> > > # /usr/local/sbin# 2023-08-26 22:53:10.190+0000: 2923: info : libvirt
> version: 9.7.0
> > >
> > > 2023-08-26 22:53:10.190+0000: 2923: info : hostname: chromarietto
> > > 2023-08-26 22:53:10.190+0000: 2923: error :
> virPidFileAcquirePathFull:409 :
> > > Failed to acquire pid file '/var/local/run/libvirt/qemu/driver.pid':
> > > Resource temporarily unavailable
> > > 2023-08-26 22:53:10.192+0000: 2923: error : virStateInitialize:672 :
> > > Initialization of QEMU state driver failed: Failed to acquire pid file
> > > '/var/local/run/libvirt/qemu/driver.pid': Resource temporarily
> unavailable
> > > 2023-08-26 22:53:10.192+0000: 2923: error : daemonRunStateInit:617 :
> > > Driver state initialization failed
> > >
> > > # /usr/local/sbin# ps ax | grep libvirt
> > >  2875 pts/0    Sl     0:00 libvirtd
> > >
> > > # /usr/local/sbin# ps ax | grep virtqemu
> > >
> > >
> > > On Fri, Aug 25, 2023 at 11:43 PM Mario Marietto <
> marietto2008 at gmail.com>
> > > wrote:
> > >
> > >> The real problem seems to be that the libvirtd process won't start :
> > >>
> > >> marietto at chromarietto:~$ systemctl enable libvirtd
> > >>
> > >> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files
> ====
> > >> Authentication is required to manage system service or unit files.
> > >> Multiple identities can be used for authentication:
> > >> 1.  linux
> > >> 2.  mario,,, (marietto)
> > >> Choose identity to authenticate as (1-2): 2
> > >> Password:
> > >> ==== AUTHENTICATION COMPLETE ====
> > >>
> > >> marietto at chromarietto:~$ systemctl start libvirtd
> > >>
> > >> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
> > >> Authentication is required to start 'libvirtd.service'.
> > >> Multiple identities can be used for authentication:
> > >> 1.  linux
> > >> 2.  mario,,, (marietto)
> > >> Choose identity to authenticate as (1-2): 2
> > >> Password:
> > >> ==== AUTHENTICATION COMPLETE ====
> > >>
> > >> marietto at chromarietto:~$ systemctl status libvirtd
> > >>
> > >> ○ libvirtd.service - Virtualization daemon
> > >>     Loaded: loaded (/usr/local/lib/systemd/system/libvirtd.service;
> > >> enabled; preset: enabled)
> > >>     Active: inactive (dead) since Fri 2023-08-25 21:04:37 UTC; 2s ago
> > >>   Duration: 88ms
> > >> TriggeredBy: ● libvirtd-admin.socket
> > >>             ● libvirtd-ro.socket
> > >>             ● libvirtd.socket
> > >>       Docs: man:libvirtd(8)
> > >>             https://libvirt.org
> > >>    Process: 3488 ExecStart=/usr/local/sbin/libvirtd $LIBVIRTD_ARGS
> > >> (code=exited, status=0/SUCCESS)
> > >>   Main PID: 3488 (code=exited, status=0/SUCCESS)
> > >>        CPU: 252ms
> > >>
> > >> As you can see,it says "inactive". This is the reason :
> > >>
> > >> Aug 25 21:22:59 chromarietto libvirtd[3663]: invalid argument: Failed
> to
> > >> parse user 'libvirt-qemu'
> > >> Aug 25 21:22:59 chromarietto libvirtd[3663]: Initialization of QEMU
> > >> state driver failed: invalid argument: Failed to parse user
> 'libvirt-qemu'
> > >> Aug 25 21:22:59 chromarietto libvirtd[3663]: Driver state
> initialization
> > >> failed
> > >> Aug 25 21:22:59 chromarietto systemd[1]: libvirtd.service: Deactivated
> > >> successfully.
> > >>
> > >> On Fri, Aug 25, 2023 at 10:27 PM Mario Marietto <
> marietto2008 at gmail.com>
> > >> wrote:
> > >>
> > >>> I think that what I found is very interesting :
> > >>>
> > >>> marietto at chromarietto:~/Desktop/Dati/new/libvirt/build$ systemctl
> start
> > >>> virtqemud
> > >>>
> > >>> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
> > >>> Authentication is required to start 'virtqemud.service'.
> > >>> Multiple identities can be used for authentication:
> > >>> 1.  linux
> > >>> 2.  mario,,, (marietto)
> > >>> Choose identity to authenticate as (1-2): 2
> > >>> Password:
> > >>> ==== AUTHENTICATION COMPLETE ====
> > >>>
> > >>> marietto at chromarietto:~/Desktop/Dati/new/libvirt/build$ systemctl
> > >>> enable virtqemud
> > >>>
> > >>> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files
> ====
> > >>> Authentication is required to manage system service or unit files.
> > >>> Multiple identities can be used for authentication:
> > >>> 1.  linux
> > >>> 2.  mario,,, (marietto)
> > >>> Choose identity to authenticate as (1-2): 2
> > >>> Password:
> > >>> ==== AUTHENTICATION COMPLETE ====
> > >>>
> > >>> marietto at chromarietto:~/Desktop/Dati/new/libvirt/build$ ls
> > >>> /var/local/run/libvirt/virtqemud-sock
> > >>> /var/local/run/libvirt/virtqemud-sock
> > >>>
> > >>> but when I launch virt-manager :
> > >>>
> > >>> marietto at chromarietto:~/Desktop/Dati/new/libvirt/build$
> > >>> /usr/local/bin/./virt-manager
> > >>>
> > >>> It tries to connect,but it gets disconnected after a couple of
> seconds
> > >>> and the error "Failed to connect socket to
> > >>> '/var/run/libvirt/virtqemud-sock': No such file or directory' is
> shown
> > >>> again.
> > >>>
> > >>> In addition,virtqemud-sock is deleted :
> > >>>
> > >>> marietto at chromarietto:~/Desktop/Dati/new/libvirt/build$ ls
> > >>> /var/local/run/libvirt/virtqemud-sock
> > >>> ls: cannot access '/var/local/run/libvirt/virtqemud-sock': No such
> file
> > >>> or directory
> > >>>
> > >>>
> > >>> The same problem I have has been found here and solved :
> > >>>
> > >>>
> > >>>
> https://unix.stackexchange.com/questions/715726/virsh-list-throw-error-failed-to-connect-socket-to-var-run-libvirt-virtqemud
> > >>>
> > >>> On Fri, Aug 25, 2023 at 8:34 PM Mario Marietto <
> marietto2008 at gmail.com>
> > >>> wrote:
> > >>>
> > >>>> I don't agree with some of your assumptions,for example :
> > >>>>
> > >>>> 1) to send a screenshot is most of the time more informative than
> copy
> > >>>> and paste text,because it contains more information. To describe
> > >>>> complicated situations using only words takes a LOT of
> time,sometimes.
> > >>>> Especially for the newbies,that aren't so skilled and they may have
> some
> > >>>> difficulty in including or not some information. And even for the
> lack of a
> > >>>> technical language.
> > >>>>
> > >>>> 2) From my experience, going to irc to ask for help can be a problem
> > >>>> for the time zone. Every time I tried to go to an IRC channel,I've
> always
> > >>>> found bots and not talking users.
> > >>>>
> > >>>> 3) The rejection of emails happens even if I don't attach any
> > >>>> screenshots (a thing that I do rarely),and my messages are also
> rejected
> > >>>> because when I hit reply also all the story is attached. I think
> that it's
> > >>>> important to attach the story  because it may contains important
> details
> > >>>> that could be missed
> > >>>>
> > >>>> On Fri, Aug 25, 2023 at 8:24 PM Eric Blake <eblake at redhat.com>
> wrote:
> > >>>>
> > >>>>> On Fri, Aug 25, 2023 at 07:13:26PM +0200, Mario Marietto wrote:
> > >>>>> > I've sent you an email on your personal email address because
> the ML
> > >>>>> does
> > >>>>> > not accept pictures,but I need to show you a picture to help you
> to
> > >>>>> > understand well. I don't approve this rule of the ML,it does not
> > >>>>> help those
> > >>>>> > who want to learn and for this reason need to be exhaustive when
> > >>>>> there is a
> > >>>>> > strong need to explain well.
> > >>>>>
> > >>>>> The list has a cap at 300k for a reason.  Sending larger
> attachments
> > >>>>> to the list then multiplies out to gigabytes of network data when
> > >>>>> counting the number of subscribers, even though many of those
> > >>>>> subscribers are not actively participating in the thread.  Sending
> a
> > >>>>> URL to an image hosted externally uses much less bandwidth.  Also,
> if
> > >>>>> the problem is something that happens in a terminal window, it is
> less
> > >>>>> bandwidth-intensive to just copy/paste the contents of the terminal
> > >>>>> (as text) instead of attaching a screenshot to your email, and no
> less
> > >>>>> informative.
> > >>>>>
> > >>>>> You may also try IRC; there, you can probably get faster turnaround
> > >>>>> times than waiting for emails to bounce back and forth.
> > >>>>> https://libvirt.org/contact.html#irc
> > >>>>>
> > >>>>> although at the end of the day, email is more persistent and
> reaches a
> > >>>>> larger audience whereas IRC only reaches whoever is online at the
> time.
> > >>>>>
> > >>>>> --
> > >>>>> Eric Blake, Principal Software Engineer
> > >>>>> Red Hat, Inc.
> > >>>>> Virtualization:  qemu.org | libguestfs.org
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> --
> > >>>> Mario.
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>> Mario.
> > >>>
> > >>
> > >>
> > >> --
> > >> Mario.
> > >>
> > >
> > >
> > > --
> > > Mario.
> > >
> >
> >
> > --
> > Mario.
>


-- 
Mario.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20230828/35f37bd9/attachment.htm>

More information about the virt-tools-list mailing list