Hi,
thank you for your report!
The config in /etc/default/libvirtd is pretty much there for compatibility
reasons with older setups and (on Debian) people using still sys-V init.
And even with systemd some other options than "-l" can still be sued that way
e.g. "-v" for extra verbosity.
If one sets that option the error message gladly is pretty clear:
libvirtd[2725397]: --listen parameter not permitted with systemd activation
sockets, see 'man libvirtd' for further guidance
In that man page it explains (as that isn't a Ubuntu only problem):
```
...
In socket activation mode, it will rely on systemd to create and listen
on the UNIX, and optionally TCP/IP, sockets and pass them as pre-opened file
descriptors. In this mode, it
is not permitted to pass the --listen parameter, and most of the socket
related config options in /etc/libvirt/libvirtd.conf will no longer have any
effect. To enable TCP or TLS
sockets use either
$ systemctl start libvirtd-tls.socket
Or
$ systemctl start libvirtd-tcp.socket
...
```
There is no need to change the .service file as you did, and in fact any
subsequent update would eliminate that change.
As a TL;DR and I hope IIRC it would be like:
$ sudo systemctl stop libvirtd
$ sudo systemctl start libvirtd-tcp.socket
# in any real setup you'd now setup SASL, but for this to
# be short I set auth_tcp = "none" in /etc/libvirt/libvirtd.conf
With that in place
$ virsh -c qemu+tcp://127.0.0.1/system list
Will start libvirtd and it accepts tcp connections.
In addition there also is TLS which is more complex there is:
#setup CA and issue/config certificates for libvirtd
# see TLS x509 certificate configuration and any entry related to
# *tls* and *certificates* in /etc/libvirt/libvirtd.conf
$ sudo systemctl stop libvirtd
$ sudo systemctl start libvirtd-tls.socket
What to do from here:
- I agree that a hint in /etc/default/libvirtd would be great to have as its
current
form is misleading.
- This bug demonstrates that it is unclear how to be used.
Therefore a documentation entry in the Ubuntu server guide would be very
helpful.
It should show how this can be done (for TCP) and also include an example of a
cert setup and end by accessing via TLS
Triaging the bug with that in mind, but please speak up for a discussion
on this if you want.
** Summary changed:
- Libvirtd on 20.04 does not listen on port 16509
+ Libvirtd conffiles should be less misleading and document tcp/tls usage
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1960937
Title:
Libvirtd conffiles should be less misleading and document tcp/tls
usage
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1960937/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
