10:51 a.m.
Hello Maciej,
On 2019-06-27 7:37 p.m., Maciej Delmanowski wrote:
Did you configure libvirt service with debops.libvirtd?
Yes.
Hmm, do you have to restart libvirtd service as well? Can you check
if only
a restart (or better yet reload) of polkit service works?
Job type reload is not applicable for unit polkit.service. Only a
restart of PolKit is necessary.
It would be interesting to reproduce your issue first. Can you tell
me more
about your environment? Is that Debian Stretch? Can you check the parameters
'auth_unix_rw' and 'auth_unix_ro' in /etc/libvirt/libvirtd.conf to see if
they
are active and their value?
Debian Stretch on a VPS, hosted by OVH, provisionned by cloud-init
package. I have exactly same PolKit packages as your node07 on my host.
#v+
$ grep ^#auth /etc/libvirt/libvirtd.conf
#auth_unix_ro = "none"
#auth_unix_rw = "none"
#auth_tcp = "sasl"
#auth_tls = "none"
#v-
Libvirt packages:
#v+
$ dpkg -l | grep libvirt
ii libsys-virt-perl 3.0.0-1
amd64 Perl module providing an extension for the
libvirt library
ii libvirt-clients 3.0.0-4+deb9u4
amd64 Programs for the libvirt library
ii libvirt-daemon 3.0.0-4+deb9u4
amd64 Virtualization daemon
ii libvirt-daemon-system 3.0.0-4+deb9u4
amd64 Libvirt daemon configuration files
ii libvirt-dev 3.0.0-4+deb9u4
amd64 development files for the libvirt library
ii libvirt0 3.0.0-4+deb9u4
amd64 library for interfacing with different
virtualization systems
ii python-libvirt 3.0.0-2
amd64 libvirt Python bindings
ii python3-libvirt 3.0.0-2
amd64 libvirt Python 3 bindings
ii ruby-fog-libvirt 0.3.0-1
all Module for the 'fog' gem to support libvirt
ii ruby-libvirt 0.7.0-1
amd64 Ruby bindings for libvirt
ii vagrant-libvirt 0.0.37-1
all Vagrant plugin that adds an Libvirt provider
to Vagrant
#v-
It would be interesting to find what are the differences between
your
environment and mine.
On my side, my host is part of [debops_service_libvirtd] and I only set
`libvirtd__admins` in inventory. Host was bootstrap with bootstrap
playbook and I use common playbook to configure it.
Sure, it might be useful to expand the 'debops.libvirtd' a
bit to handle more
authentication schemes. Adding PolicyKit support first sounds like a good
idea, although I think that the specific configuration file should be added by
the 'debops.gitlab_runner' role so that it is active when GitLab Runner is set
up on that host.
I agree.
--
Nicolas Quiniou-Briand
Jabber/XMPP : nqb(a)azyx.fr