Comments (15)
hi,
thanks for the report. havent used it with authfile since a long time.
Since i currently have no RHEV/OLVM setup, could you try with the following fix i pushed:
thanks
from virtnbdbackup.
should work with master checkout
from virtnbdbackup.
hi again,
i managed to get hands on some RHEV node. You can also use the remote backup functionality with the latest master version, so you dont have to install the backup utility on the hypervisor host itself (which can be a struggle if its the stripped down node installation).
Ive added something to README:
https://github.com/abbbi/virtnbdbackup?tab=readme-ov-file#ovirt-rhev-or-olvm
however, both the local auth via credential file and remote auth against libvirt using qemu+ssh and user/password combination should work now.
from virtnbdbackup.
Hi Abbbi,
thanks for your great work.
I applied both, fix 167 (52ffc6f) and master. First tested 52ffc6f, and after that master. In both cases I got different output than before:
[root@okvm2 virtnbdbackup-2.4]# virtnbdbackup -U qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf -d rocky92 -l full -o /tmp/backupset/rocky92
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
[2024-03-29 12:00:06] INFO lib common - printVersion [main]: Version: 2.4 Arguments: /bin/virtnbdbackup -U qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf -d rocky92 -l full -o /tmp/backupset/rocky92
[2024-03-29 12:00:06] INFO root virtnbdbackup - main [main]: Backup level: [full]
[2024-03-29 12:00:06] ERROR root virtnbdbackup - main [main]: Can't connect libvirt daemon: [authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)]
But as you can see it still doesn't work. In meanwhile I tried to check my virtual machines in my OLVM manager and I'm not able to access it anymore.
This is testing environment, and a lot of testing goes there (for example one host removed recently), so in this moment I'm not able to say what caused the "OLVM-VirtualMachines-NoDisplay" problem.
If I see correctly you didn't apply this 167 fix to 2.5 version - just to 52ffc6f and master branches, am I right? By change log I would say you will apply 167 in 2.6.
from virtnbdbackup.
[2024-03-29 12:00:06] ERROR root virtnbdbackup - main [main]: Can't connect libvirt daemon: [authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)]
it seems the libvirt daemon on OLVM needs some more authentication than just the authfile..
does it work with following command?:
[root@ovm-node1 ~]# virsh -c qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf
Welcome to virsh, the virtualization interactive terminal.
[..]
all fixes currently in master
from virtnbdbackup.
Yes, I tried this before, and just right now at your suggestion:
[root@okvm2 virtnbdbackup-2.4]# virsh -c qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf
Welcome to virsh, the virtualisation interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
from virtnbdbackup.
this is strange..
does it work using python directly?
python3
Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> libvirt.open('qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf')
the current master version should to exactly this.
if thats working for you, please run virtnbdbackup (master checkout) with -v option so i can see whats going on.
Unfortunately i dont have access to an olvm so i cant test ..
from virtnbdbackup.
It doesn't work, my python3 output:
[root@okvm2 virtnbdbackup-master]# python3
Python 3.6.8 (default, Jan 16 2024, 02:08:59)
[GCC 8.5.0 20210514 (Red Hat 8.5.0-20.0.1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import libvirt
>>>
>>>
>>> libvirt.open('qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf')
libvirt: XML-RPC error : authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.6/site-packages/libvirt.py", line 335, in open
raise libvirtError('virConnectOpen() failed')
libvirt.libvirtError: authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)
>>>
from virtnbdbackup.
Ok then thats an issue on the hypervisor at the Moment.. Maybe .. only if this Uri works with Python you could Make backup work
Or try with —User and —Passwort options
from virtnbdbackup.
Abbbi I fixed my OLVM not displaying VMs, but unfortunately I still have the same issue regardless authentication I used.
With user/pass, my output is the same:
[root@okvm2 virtnbdbackup-master]# ./virtnbdbackup --user root --password 'MY_PASS_CHANGED_HERE' -d rocky92 -l full -o /tmp/backupset/rocky92
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
[2024-03-29 15:52:47] INFO lib common - printVersion [main]: Version: 2.6 Arguments: ./virtnbdbackup --user root --password Am(4=ass -d rocky92 -l full -o /tmp/backupset/rocky92
[2024-03-29 15:52:47] INFO root virtnbdbackup - main [main]: Backup level: [full]
[2024-03-29 15:52:47] ERROR root virtnbdbackup - main [main]: Can't connect libvirt daemon: [authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)]
from virtnbdbackup.
I dont know.. Maybe try Remote Backup.
from virtnbdbackup.
Unfortunately Remote Backup doesn't work either:
[root@kvmmgmt .ssh]# virtnbdbackup -V
2.6
[root@kvmmgmt .ssh]# virtnbdbackup -U qemu+ssh://root@okvm2 --ssh-user root -d rocky92 -o /tmp/backupset/rocky92
[2024-03-29 21:13:37] INFO lib common - printVersion [main]: Version: 2.6 Arguments: /bin/virtnbdbackup -U qemu+ssh://root@okvm2 --ssh-user root -d rocky92 -o /tmp/backupset/rocky92
[2024-03-29 21:13:37] INFO root virtnbdbackup - main [main]: Backup level: [copy]
[2024-03-29 21:13:38] ERROR root virtnbdbackup - main [main]: Can't connect libvirt daemon: [authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)]
[root@kvmmgmt .ssh]#
from virtnbdbackup.
sorry, i dont know. Maybe reach out to ovirt or OLVM support forums. It seems OLVM libvirt is denying SASL based authentication. Cant tell why it doesnt work with the auth file locally, it does with my (older) RHEV setup. It seems to me OLVM may have has disabled authentication for other componens than virsh. Thats certainly not default behavior on other libvirt based setups.
Might also be an certificate issue:
dmacvicar/terraform-provider-libvirt#810
https://stackoverflow.com/questions/72680442/sasl-error-connecting-to-remote-libvirt-over-ssh-no-worthy-mechs-found
At the moment i dont have the time and energy to setup an complete OLVM myself to track down
whats wrong here.
As long as you cant make the autentication work as with:
i dont see a way youre able to use virtnbdbackup here.
from virtnbdbackup.
hi again,
the cause for the connection issue
Can't connect libvirt daemon: [authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)]
is the same as reported for the terraform provider:
dmacvicar/terraform-provider-libvirt#810
you need to include the hostname that is used for the libvirt certificate in your connection URI.
I used the following command on a test OLVM system to get the hostname from the certificate:
openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -noout -text
Subject: O=srv.test.local, CN=ovm-node1.test.local
i could then connect libvirt locally using python via:
python3
>>> import libvirt
>>> libvirt.open('qemu://ovm-node1.test.local/system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf')
<libvirt.virConnect object at 0x7ff8b46c9110>
means you need to include the hostname that is set in the certificate in the connection uri passed as -U option (for both remote or local backup) otherwise libvirtd cant match the certificate and denies SASL based authentication methods.
from virtnbdbackup.
the cause for the initial issue should be fixed as by now. Closing ticket -> if further discussion required, please open a discussion.
from virtnbdbackup.
Related Issues (20)
- domain not found, but shows in virsh list HOT 3
- Incremental backup fails with error "ImportError: cannot import name 'sighandle'" after previous successful full backup HOT 1
- Errors in journalctl HOT 2
- Operation not supported: creating checkpoint for incremental backup is not supported yet HOT 4
- Progress show TB of data during backup of ~61GB disk HOT 5
- After first offline backup the second fail with "does not contain full backup" HOT 4
- restore failed with more than one disk - NDB error HOT 8
- Start virtual machines in paused state if offline to allow full/incremental/differential backup HOT 1
- fs freeze / warning domain is not running doesn't make sense with option --start-domain
- Backup (SW)TPM Device related files
- Local backup being detected as remote, fails HOT 3
- amount of backup data in human readable size (MB/GB/TB) HOT 3
- Fedora 39 - RHEL9 - ModuleNotFoundError: No module named 'nbd' HOT 9
- Plausibility check for backup (amount of data) HOT 1
- Remote Backup Problem HOT 2
- backup with compression enabled fails: unsupported operand type(s) for +: 'int' and 'dict' HOT 4
- Kubevirt/openshift virtualization: howto
- Error during checkpoint removal
- Replace functionality for offline backup with -S option, make -S option default
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from virtnbdbackup.