Using Virtual Machine Manager to remote to another VMM failing



  • Server
    • OS: CentOS 7.3.1611
    Description

    Two identically configured CentOS 7.3.1611 servers except for name and IP.
    Joined to an AD Domain.
    Logged into using AD credentials.

    Using Virtual Machine Manager to remote connect from ServerA to ServerB, I can tell the authentication is working, according to:

     systemctl status sshd
    

    But I’m getting:

    Unable to connect to libvirt.
    
    authentication unavailable: no polkit agent
    available to authenticate action
    `org.libvirt.unix.manage'
    
    Verify that the 'libvirtd' deamon is running on the remote host.
    

    This is the same as according to:

    systemctl status libvirtd.service
    

    Full details on the failed connection as reported by VMM are:

    Unable to connect to libvirt.
    
    authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'
    
    Verify that the 'libvirtd' daemon is running
    on the remote host.
    
    Libvirt URI is: qemu+ssh://ADAccount@10.12.40.124/system
    
    Traceback (most recent call last):
      File "/usr/share/virt-manager/virtManager/connection.py", line 904, in _do_open
        self._backend.open(self._do_creds_password)
      File "/usr/share/virt-manager/virtinst/connection.py", line 148, in open
        open_flags)
      File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105, in openAuth
        if ret is None:raise libvirtError('virConnectOpenAuth() failed')
    libvirtError: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'
    

  • Moderator

    @sudburr I’m not sure what is going on or what you’re trying to do - but virt-manager typically only connects to hosting systems via SSH, not the guests. Virt-Manager provides direct console access to guests, but SSH to the guest is not involved in this, it’s via ssh to the host.



  • Okay, so I figured out that I need to allow a group to have remote libvirt SSH

    vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
    

    Entering the following:

    [Remote libvirt SSH access]
    Identity=unix-group:remote-libvirt
    Action=org.libvirt.unix.manage
    ResultAny=yes
    ResultInactive=yes
    ResultActive=yes
    

    The next problem is that I want to add the ADGroup to the local group “remote-libvirt”


Log in to reply
 

544
Online

39006
Users

10720
Topics

101778
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.