A.19. Common libvirt errors and troubleshooting Red Hat Enterprise Linux 7 | Red Hat Customer Portal (2023)

Symptom

Loslibrarydaemon does not start automatically. starting thelibrarydaemon also fails manually:

#systemctl start libvirtd.service* Caching service dependencies... [ ok ]* Starting libvirtd .../usr/sbin/libvirtd: error: Could not initialize network sockets. See /var/log/messages or run without --daemon for more information.* start-stop-daemon: failed to start `/usr/sbin/libvirtd' [ !! ]* ERROR: libvirtd failed to start

there is also no'More information'about this error in/var/log/messages.

Search

Changeby libvirtlogging in/etc/libvirt/libvirtd.confactivating the line below. To activate line configuration, open the/etc/libvirt/libvirtd.conffile in a text editor, remove the hash (or#) from the beginning of the following line and save the change:

log_outputs="3:syslog:libvirtd"

To use

This line is commented out by default to avoidlibraryfrom producing excessive log messages. After diagnosing the problem, it is recommended to comment this line again in the/etc/libvirt/libvirtd.confoffice hour.

Restartlibraryto determine whether this resolved the issue.

Elibrarystill does not boot successfully, an error similar to the following will be printed:

#systemctl restart libvirtdThe task for libvirtd.service failed because the takeover process ended with an error code. See "systemctl status libvirtd.service" and "journalctl -xe" for more information. Sep 19 16:06:02 jsrh libvirtd[30708]: 2017-09-19 14:06:02.097+0000: 30708: info: libvirt version: 3.7.0, package: 1.el7 (Unknown, 2017-09 -06 -09:01:55, jsSep 19 16:06:02 jsrh libvirtd[30708]: 2017-09-19 14:06:02.097+0000:30708: info: hostname: jsrhSep 19 16:06:02 jsrh libvirtd[30708 ]: 2017-09-19 14:06:02.097+0000:30708: error: daemonSetupNetworking:502: unsupported configuration: no server certifSep 19 16:06:02 jsrh systemd[1]: libvirtd.service: main process terminated, code=exited, status=6/NOTCONFIGUREDSep 19 16:06:02 jsrh systemd[1]: Failed to start virtualization daemon-- Subject: Unit libvirtd service failed-- Defined by: systemd -- Support: http:// lists.freedesktop.org/mailman/listinfo/systemd-devel---- Unit libvirtd.service failed.---- The result is an error.

LoslibraryThe man page shows it's missingcacert.pemThe file is used as the TLS authority whenlibraryit runs onListen for TCP/IP connectionsmode. This means that-- listenthe parameter is passed.

Solution

configure thelibrarydaemon configuration with one of the following methods:

• Install a CA certificate.

  To use

  For more information about CA certificates and configuring system authentication, see the Managing Certificates and Certification Authorities chapter inRed Hat Enterprise Linux7 Identity, Authentication, and Domain Policy Guide.

• Do not use TLS; use pure TCP instead. Inside/etc/libvirt/libvirtd.confto establishlisten_tls = 0ylisten_tcp = 1🇧🇷 The standards arelisten_tls = 1ylisten_tcp = 0.

• don't pass the-- listenparameter. Inside/etc/sysconfig/libvirtd.confchange theLIBVIRTD_ARGSvariable.

Symptom

A guest virtual machine boots successfully but fails to acquire an IP address from DHCP, or boots using the PXE protocol, or both. There are two common causes of this error: having a long forward delay time set for the bridge and when theiptablesthe package and kernel do not support checksum manipulation rules.

Long advance delay time on bridge

Search

This is the most common cause of this error. If the guest network interface is connecting to a bridge device that has Spanning Tree Protocol (STP) enabled, as well as a long forward delay set, the bridge will not forward network packets from the guest virtual machine to the bridge until at least least that many seconds of forward delay have passed since the guest connected to the bridge. This delay gives the bridge time to observe the interface traffic and determine the MAC addresses behind it, and it also prevents forwarding loops in the network topology.

If the forward delay is longer than the guest's PXE client or DHCP timeout, the client operation will fail and the guest will not boot (in the case of PXE) or fail to acquire an IP address (in the case of PXE ). from DHCP).

Solution

If this is the case, change the forward delay on the bridge to 0, disable STP on the bridge, or both.

To use

This solution applies only if the bridge is not used to connect multiple networks, but only to connect multiple endpoints to a single network (the most common use case for bridges used bylibrary).

If the guest has interfaces that connect to alibrarymanaged virtual network, edit the network definition and restart it. For example, edit the default network with the following command:

#default net-edit virsh

Add the following attributes to<puente>element:

<bridge_name='virbr0'delay='0' stp='on'/>

To use

delay = '0'ystp='um'These are the default settings for virtual networks, so this step is only necessary if the default settings have been changed.

If the guest interface is connected to a host bridge that has been configured outside oflibrary, change the delay setting.

Add or edit the following lines in/etc/sysconfig/network-scripts/ifcfg-bridge_namefile to enable STP with a delay of 0 seconds:

STP=em DELAY=0

After changing the configuration file, restart the bridge device:

/usr/sbin/ifabajobridge_name/usr/sbin/ifupbridge_name

To use

Ebridge_nameis not the root bridge on the network, the delay for that bridge will eventually be reset to the configured delay time for the root bridge. To prevent this from happening, disable STP in thebridge_name.

Losiptablespackage and kernel do not support checksum manipulation rules

Search

This message is a problem only if all four of the following conditions are true:

• The guest is usingvirtuenetwork devices.

  In that case, the configuration file will containtemplate type = 'virtio'

• The host hasvhost-netmodule loaded.

  This is true ifls /dev/vhost-netdoes not return an empty result.

• The guest is trying to obtain an IP address from a DHCP server running directly on the host.

• LosiptablesThe host version is older than 1.4.10.

  iptables1.4.10 was the first version to add thelibxt_CHECKSUMextension. This is the case if the following message appears on thelibraryrecords:

  Warning: Unable to add rule to correct DHCP response checksums on networkfailureWarning: It may be necessary to update the iptables package and the kernel to support the CHECKSUM rule.

  Important

  Unless the other three conditions in this list are also true, the warning message above can be ignored and is not an indicator of any other issues.

When these conditions occur, UDP packets sent from host to guest have uncomputed checksums. This makes UDP packets from the host appear invalid to the guest network stack.

Solution

To resolve this issue, replace any of the previous four points. The best solution is to update the host.iptablese núcleo aiptables-1.4.10or newer whenever possible. Otherwise, the most specific solution is to disable thevhost-netdriver for this particular guest. To do so, edit the guest's configuration with this command:

edit virshguest name

Change or add one<conductor>line for the<interface>section:

<interface type='network'> <model type='virtio'/> <driver name='qemu'/> ...</interface>

Save the changes, shut down the guest, and restart the guest.

If this issue is still not resolved, it may be caused by a conflict betweenfirewalland the patternlibraryThe net.

To fix this, stopfirewallwith himstop firewalld servicecommand and then rebootlibrarywith himrestart the libvirtd servicedomain.

To use

Furthermore, if the/etc/sysconfig/network-scripts/ifcfg-network nameis configured correctly, you can ensure that the guest acquires an IP address using thedhclientecommand as root in the guest.

(Video) trouble shooting RHEL Server

Symptom

A guest virtual machine can communicate with other guests, but cannot connect to the host machine once configured to use a macvtap (also known astype = 'direct') network interface.

Search

Even when not connected to a Virtual Ethernet Port Aggregator (VEPA) or VN-Link capable switch, macvtap interfaces can be useful. Set the mode of this interface toponteallows the guest to connect directly to the physical network very simply without the hassle of configuration (orNetwork Managerincompatibility) that can accompany the use of a traditional host bridge device.

However, when a guest virtual machine is configured to use atype = 'direct'network interface like macvtap, despite having the ability to communicate with other guests and other external hosts on the network, the guest cannot communicate with its own host.

This situation is not really a bug, it is the defined behavior of macvtap. Due to the way the host's physical ethernet is connected to the macvtap bridge, traffic to that bridge from the guests that is forwarded to the physical interface cannot bounce back to the host's IP stack. Also, traffic from the host's IP stack that is sent to the physical interface cannot be returned to the macvtap bridge for forwarding to guests.

Solution

To uselibraryto create an isolated network and create a second interface for each guest virtual machine connected to this network. The host and guests can communicate directly over this isolated network, while maintaining compatibility withNetwork Manager.

ProcedureA.8.Creation of an isolated network withlibrary

1. Add and save the following XML in/tmp/aislado.xmlprocess. If the 192.168.254.0/24 network is already in use elsewhere on your network, you can choose a different network.

   ...<network> <name>isolar</name> <ip address='192.168.254.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.254.2' end='192.168.254.254' /> </dhcp> </ip></network>...

   Figure A.3. Isolated Network XML

2. Create the network with this command:virsh net-define /tmp/aislado.xml

3. Set the network to start automatically with thevirsh net autostart isolateddomain.

4. Start the network withisolated virsh network bootdomain.

5. Usingedit virshguest name, edit each guest's configuration using macvtap for your network connection and add a new one<interface>no<devices>section similar to the following (note the<model type='virtio'/>line is optional to include):

   ...<interface type='network' trustGuestRxFilters='yes'> <source network='isolated'/> <model type='virtio'/></interface>

   Figure A.4. XML interface device

6. Power off and restart each of these guests.

Guests can now communicate with the host at address 192.168.254.1, and the host will be able to communicate with guests at the IP address acquired from DHCP (alternatively, you can manually configure IP addresses for guests). Since this new network is isolated to just the host and guests, all other guest communication will use the macvtap interface. For more information, seeSection 23.17.8, “Network Interfaces”.

Symptom

This message appears:

Unable to add a rule to repair DHCP response checksums on the network'failure'

Search

Although this message appears to be evidence of an error, it is almost always harmless.

Solution

Unless the issue you are experiencing is that guest virtual machines cannot acquire IP addresses through DHCP, this message can be ignored.

If this is the case, seeSection A.19.3, “PXE (or DHCP) Boot Failure in Guest”for more details on this situation.

Symptom

The following error message appears:

Unable to add bridgebridge_namevnet0 port: no such device exists

For example, if the bridge name isbr0, the error message appears as:

Unable to add bridge br0 port vnet0: no such device exists

Insidelibraryversions 0.9.6 and earlier I get the same error as:

Unable to add touch interface to bridgebridge_name: there is such a device

Or, for example, if the bridge is calledbr0:

Unable to add touch interface to bridge'br0': there is such a device

Search

Both error messages reveal that the bridge device specified in the guest (or domain) account<interface>definition does not exist.

To verify that the bridge device listed in the error message does not exist, use the shell commandshow ip addressbr0.

A message similar to this confirms that the host does not have a bridge with that name:

br0: error getting interface info: device not found

If that's the case, continue with the solution.

However, if the resulting message looks like the following, the problem exists elsewhere:

br0Link encap:Ethernet HWaddr 00:00:5A:11:70:48 inet addr:10.22.1.5 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packages:249841 errors:0 dropped :0 overflows:0 frame:0 TX packets:281948 errors:0 discarded:0 overflows:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:106327234 (101.4 MiB) TX bytes:21182634 (20.2 MiB)

Solution

Edit the existing bridge or create a new bridge withvirsh

To usevirshto edit the configuration of an existing bridge or network, or to add the bridge device to the host system configuration.

Edit existing bridge settings usingvirsh

To useedit virshguest nameto change the<interface>setting to use a bridge or network that already exists.

For example, changetype = 'bridge'onetype = 'network', you<bridge source='br0'/>one<source network='default'/>.

Create a host bridge usingvirsh

Forlibraryversion 0.9.8 and later, you can create a bridge device with thevirsh iface-puentedomain. This creates a bridging device.br0swindlereth0, the physical network interface established as part of a bridge, attached:

virsh iface-puente eth0br0

Optional: If necessary, remove this jumper and restore the originaleth0configuration with this command:

virsh iface-unbridgebr0

Create a host bridge manually

For older versions oflibrary, you can manually create a bridge device on the host. For instructions, seeSection 6.4.3, “Bridged networks with libvirt”.

Symptom

QEMUguest migration fails and I get this error message:

#virsh migrar qemu qemu+tcp://192.168.122.12/sistemaerror: Unable to resolve addresshost nameservice '49155': unknown name or service

For example, if the target hostname isNew York, the error message appears as:

#virsh migrar qemu qemu+tcp://192.168.122.12/sistemaerror: Unable to resolve address'New York'service '49155': unknown name or service

However, this error looks strange since we don't useNew Yorkhostname anywhere.

Search

During migration,librarywhich runs on the destination host creates a URI of an address and port where it expects to receive migration data and sends it backlibraryrunning on the source host.

In this case, the destination host (192.168.122.12) has its name defined as'New York'🇧🇷 For some reason,libraryrunning on that host cannot resolve the name to an IP address that can be returned and still be useful. So he returned the'New York'hostname awaiting originlibraryyou would have more success with name resolution. This can happen if DNS is not configured correctly or/etc/hostshas the hostname associated with the local loopback address (127.0.0.1).

Note that the address used for migrating data cannot be automatically determined from the address used to connect to the destinationlibrary(for example, fromqemu+tcp://192.168.122.12/system🇧🇷 This is because, in order to communicate with the destinationlibrary, the sourcelibraryYou may need to use a different network infrastructure than the type youvirsh(possibly running on a separate machine) requires.

(Video) RHEL-based Home Labs | Red Hat Enterprise Linux Presents 34

Solution

The best solution is to configure DNS correctly so that all hosts involved in the migration can resolve all hostnames.

If DNS cannot be configured to do this, a list of each host used for migration can be manually added to the/etc/hostsfile on each of the hosts. However, it is difficult to maintain the consistency of such lists in a dynamic environment.

If the hostnames cannot be resolved in any way,virsh migrarsupport migration host specification:

#virsh migrar qemu qemu+tcp://192.168.122.12/sistema tcp://192.168.122.12

Destinylibrarywill take thetcp://192.168.122.12URI and add an automatically generated port number. If this is not desirable (due to firewall settings, for example), the port number can be specified in this command:

#virsh migre qemu qemu+tcp://192.168.122.12/system tcp://192.168.122.12:12345

Another option is to use tunnel migration. Tunneling does not create a separate connection for the migration data, but instead pipes the data through the connection used to communicate with the target.library(for example,qemu+tcp://192.168.122.12/system):

#virsh migre qemu qemu+tcp://192.168.122.12/system --p2p --tunelizado

Symptom

A guest virtual machine (or domain) cannot be migrated becauselibrarycannot access disk image(s):

#virsh migrar qemu qemu+tcp://host name/systemerror: Unable to allow access to disk path /var/lib/libvirt/images/qemu.img: No such file or directory

For example, if the target hostname isNew York, the error message appears as:

#virsh migrar qemu qemu+tcp://New York/systemerror: Unable to allow access to disk path /var/lib/libvirt/images/qemu.img: No such file or directory

Search

By default, migration transfers only the in-memory state of a running guest (such as memory or CPU state). Although disk images are not transferred during migration, both hosts must remain accessible on the same path.

Solution

Configure and mount shared storage in the same location on both hosts. The easiest way to do this is to use NFS:

ProcedureA.9.Shared storage configuration

1. Configure an NFS server on a host to serve as shared storage. The NFS server can be one of the hosts involved in the migration, as long as all hosts involved access the shared storage via NFS.

   #mkdir -p /exports/images#cat >>/etc/exports <<EOF/exports/images 192.168.122.0/24(rw,no_root_squash)EOF

2. Mount the exported directory in a common location on all running hostslibrary🇧🇷 For example, if the IP address of the NFS server is 192.168.122.1, mount the directory with the following commands:

   #gato >>/etc/fstab <<EOF192.168.122.1:/exportaciones/imágenes/var/lib/libvirt/images nfs auto 0 0EOF#mount /var/lib/libvirt/images

To use

It is not possible to export a local directory from one host using NFS and mount it to the same path on another host: the directory used to store disk images must be mounted from shared storage on both hosts. If this is not configured correctly, the guest virtual machine may lose access to its disk images during the migration because the source hostlibrarydaemon can change ownership, permissions, and SELinux labels on disk images after successfully migrating the guest to its destination.

Elibrarydetects that disk images are mounted from a shared storage location, it will not make these changes.

Symptom

LoslibraryThe daemon started successfully, but there don't seem to be any guest virtual machines.

#list virsh --allId Name State----------------------------------------------- -----

Search

There are several possible causes for this problem. Performing these tests will help determine the cause of this situation:

Check KVM kernel modules

Check if the KVM kernel modules are inserted into the kernel:

#lsmod | agarrar m2kvm_intel 121346 0kvm 328927 1 kvm_intel

If you are using an AMD machine, check thekvm_amdKernel modules are inserted into the kernel, using the similar commandlsmod | grep kvm_amdin the root bark.

If modules are not present, insert them using theModprobe<module name>domain.

To use

Although rare, KVM virtualization support can be built into the kernel. In this case, no module is needed.

Check virtualization extensions

Check that virtualization extensions are supported and enabled on the host:

#egrep "(vmx|svm)" /proc/cpuinfobanderas: fpu vme de pse tsc ... svm ... skinit wdt npt lbrv svm_lock nrip_saveflags: fpu vme de pse tsc ... svm ... skinit wdt npt lbrv svm_lock nrip_save

Enable virtualization extensions in hardware firmware settings in BIOS setup. Consult your hardware documentation for more details on this.

Check client URI configuration

Verify that the client URI is configured as expected:

#virsh urivbox:///system

For example, this message shows that the URI is connected tovirtual boxhypervisor, noQEMUand reveals a configuration error for a URI that is configured to connect to aQEMUhypervisor If the URI was successfully connected toQEMU, the same message would be displayed as:

#virsh uriqemu:///sistema

This situation occurs when there are other hypervisors present, whichlibrarycan speak by default.

Solution

After running these tests, use the following command to view a list of guest virtual machines:

#list virsh --all

Although not recommended, it is sometimes necessary to manually edit the XML file of a guest virtual machine (or domain). To access the guest XML for editing, use the following command:

#edit virshhost_name.xml

This command opens the file in a text editor with the current definition of the guest virtual machine. After finishing edits and saving changes, the XML is reloaded and parsed bylibrary🇧🇷 If the XML is correct, the following message will be displayed:

#edit virshhost_name.xmlDomainhost_name.xmlEdited XML configuration.

After saving the XML file, use thexmlintcommand to validate that the XML is well-formed or thevirt-xml-validateCommand to check usage problems:

#xmllint --noout config.xml

#virt-xml-validar config.xml

If no errors are returned, the XML description is well-formed and matches thelibraryscheme. While the schema does not capture all restrictions, fixing the reported bugs will help with troubleshooting.

The XML parser detects syntax errors. The error message contains information to identify the problem.

This sample XML parser error message consists of three lines: the first line states the error message, and the next two lines contain the context and location of the XML containing the error. The third line contains a flag that shows approximately where the error is on the top line:

mistake: (host_name.xml):6: Start tag: invalid element name<vcpu>2</vcpu><------------------^

A well-formatted XML document may contain correct syntax errors, butlibrarycannot parse. Many of these errors exist, with two of the most common cases described below.