How do I list virsh networks without sudo?

permissions sudo virsh

I noticed a strange behavior on one machine using Debian that I can't reproduce on another machine running Ubuntu. When listing virsh networks as an ordinary user, it shows an empty list:

~$ virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------

When running the same command with sudo, it shows the default connection:

~$ sudo virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     no            yes

The permissions on the files themselves seem to be set correctly:

~$ ls -l /etc/libvirt/qemu/networks
total 8
drwxr-xr-x 2 root root 4096 Jul  1 18:19 autostart
-rw-r--r-- 1 root root  228 Jul  1 18:19 default.xml

The user belongs to kvm and libvirtd groups.

What is happening? Why can't I list the networks as an ordinary user?


Solution 1:

It appears that:

If not explicitly stated, the virsh binary uses the 'qemu:///session' URI (at least under debian).

Therefore, not only virsh net-list, but practically any command, including virsh list, behaved differently when running with sudo. In other words, virsh net-list was using user's scope instead of global ones.

This makes sense; trying to create the default connection and then starting it led to “Network is already in use by interface virbr0” error—without knowing it, I was starting a second connection named “default”, while one was already running.

The solution is straightforward:

virsh --connect qemu:///system net-list

does what I was expecting it to do, while:

virsh net-list

doesn't.

Why is Ubuntu machine not having the issue?

According to the documentation:

If virsh finds the environment variable VIRSH_DEFAULT_CONNECT_URI set, it will try this URI by default. Use of this environment variable is, however, deprecated now that libvirt supports LIBVIRT_DEFAULT_URI itself.

It appears, indeed, that on Ubuntu machine, the second variable was defined:

ubuntu:~$ echo $VIRSH_DEFAULT_CONNECT_URI

ubuntu:~$ echo $LIBVIRT_DEFAULT_URI
qemu:///system

On Debian machine, on the other hand, none of those variables are set:

debian:~$ echo $VIRSH_DEFAULT_CONNECT_URI

debian:~$ echo $LIBVIRT_DEFAULT_URI

Setting one of those variables to qemu:///system would probably work, but, well, it's easier to specify the connection string directly in virsh command (at least when writing a script).

Solution 2:

uncomment this line in file /etc/libvirt/libvirt.conf

uri_default = "qemu:///system"

was enough for me in fedora 29 .

Edit: as it says here https://libvirt.org/uri.html for non root users that file also needs to be in $XDG_CONFIG_HOME/libvirt/libvirt.conf

which in my case is: 

 ~/.config/libvirt/libvirt.conf

so i copy the file there (on my fresh install) and now virsh net-list works as a non-root user and no need to espicify --connect

Solution 3:

it is possible to setup virsh to work with local user. More information is here:

https://major.io/2015/04/11/run-virsh-and-access-libvirt-as-a-regular-user/

basically you need to setup polkit rule and connect to libvirtd daemon

Related

What can cause network packets consisting of PUU?
Git - post-receive hook with git pull "Failed to find a valid git directory"
Cannot access port 80 from remote location but works on local?
Moving primary domain controller to new server
Nmap: find free IPs from the range
Understanding the VMware ESXi limitations of the free Version
How to use the `$HOME` environment variable in systemd service files
Make a hard disk sleep and only wake up when needed
How do to uninstall windows updates, from a prompt or PS in Hyper-V server?
What is the point of staging?
IIS 8 on Windows Server 2008 R2
Starting a forever process in a Jenkins build step?