KB10025 KVM ExternalAPIException: Failed to execute remote command: [LANG=en_US.UTF-8 sudo virsh list --all]
KB ID: 10025
Product: vProtect
Version: 4.0.0 +
Published: 2021-02-26
Last modified: 2021-02-26
Problem
vProtect cannot perform the inventory synchronization task on the KVM host as a non-root user
example:
part of vprotect_daemon.log:
[ebf783ee-0550-4d01-b7e3-14b9ab5f94d7] VM synchronization task failed:
com.dell.vprotect.engine.exception.ExternalAPIException: Failed to execute remote command: [LANG=en_US.UTF-8 sudo virsh list --all], return code: 1, error: [
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
]
at com.dell.vprotect.engine.hypervisor.libvirt.LibvirtHypervisor.listVMs(LibvirtHypervisor.java:152) ~[engine.jar:?]
at com.dell.vprotect.engine.task.InventorySyncTask.lambda$getVMs$15(InventorySyncTask.java:423) ~[engine.jar:?]
at java.util.Optional.orElseGet(Optional.java:369) ~[?:?]
at com.dell.vprotect.engine.task.InventorySyncTask.getVMs(InventorySyncTask.java:423) ~[engine.jar:?]
at com.dell.vprotect.engine.task.InventorySyncTask.syncAndUpdateProgress(InventorySyncTask.java:170) ~[engine.jar:?]
at com.dell.vprotect.engine.task.InventorySyncTask.lambda$updateProgress$1(InventorySyncTask.java:165) ~[engine.jar:?]
at java.util.stream.ReduceOps$1ReducingSink.accept(ReduceOps.java:80) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.reduce(ReferencePipeline.java:563) ~[?:?]
at com.dell.vprotect.engine.task.InventorySyncTask.updateProgress(InventorySyncTask.java:165) ~[engine.jar:?]
at com.dell.vprotect.engine.task.InventorySyncTask.syncHypervisor(InventorySyncTask.java:151) ~[engine.jar:?]
at com.dell.vprotect.engine.task.InventorySyncTask.run(InventorySyncTask.java:88) [engine.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Solution
Follow the steps below on KVM host:
Add non-root user to KVM host:
[root@kvm-host ~]# echo "non-root-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
[root@kvm-host ~]# egrep non-root-user /etc/sudoers
non-root-user ALL=(ALL) NOPASSWD: ALL
Add: non-root user to qemu and libvirt group in /etc/group
[root@kvm-host ~]# egrep 'non-root-user' /etc/group
qemu:x:107:non-root-user
libvirt:x:990:non-root-user
Uncomment: unix_sock_group = "libvirt" in /etc/libvirt/libvirtd.conf
[root@kvm-host ~]# egrep unix_sock_group /etc/libvirt/libvirtd.conf
unix_sock_group = "libvirt"
Uncomment and set:
user = "qemu"
group = "qemu"
in /etc/libvirt/qemu.conf
[root@kvm-host ~]# egrep -e 'user =' -e 'group =' /etc/libvirt/qemu.conf
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
# user = "100" # A user named "100" or a user with uid=100
user = "qemu"
group = "qemu"
Change permissions and owner:
[root@kvm-host ~]# chown qemu:qemu /var/lib/libvirt/images
[root@kvm-host ~]# chmod 771 /var/lib/libvirt/images
[root@kvm-host ~]# ls -ld /var/lib/libvirt/images/
drwxrwx--x 2 qemu qemu 4096 Feb 25 16:59 /var/lib/libvirt/images/
Make sure that your VM has qemu:qemu owner
[root@kvm-host ~]# ls -la /var/lib/libvirt/images/alpine_linux.qcow2
-rw-rw---- 1 qemu qemu 2148073472 Feb 25 07:40 /var/lib/libvirt/images/alpine_linux.qcow2
Reboot kvm host.
Use non-root-user by adding KVM to vProtect
Related articles