Are you facing the error ‘libvirtd failed to start’ while manually trying to start libvirt daemon? You are at the right place to find a solution.
Sometimes, the libvirt daemon doesn’t start automatically. Also, it will fail if we manually start it.
Here at Bobcares, we have seen several such libvirt related errors as part of our Server Management Services for web hosts and online service providers.
Today we will take a look at how to troubleshoot and resolve this error.
How we troubleshoot the error ‘libvirtd failed to start’
Now let us take a look at how our Support Engineers troubleshoot this error message.
First, we change libvirt’s logging in /etc/libvirt/libvirtd.conf by enabling the line below. For that, we open the /etc/libvirt/libvirtd.conf file in a text editor. Then we remove the hash (or #) symbol from the beginning of the following line, and save the changes.
log_outputs="3:syslog:libvirtd"
We restart libvirt to check if this has resolved the problem.
If libvirtd still does not start successfully, an error similar to the below will appear:
# systemctl restart libvirtd Job for libvirtd.service failed because the control process exited with error code. See "systemctl status libvirtd.service" and "journalctl -xe" for details.
The libvirtd man page shows that the missing cacert.pem file is used as TLS authority when libvirt is run in Listen for TCP/IP connections mode. This means the –listen parameter is being passed.
How we troubleshoot the error ‘libvirtd failed to start’
Now let us take a look at how our Support Engineers resolve this error message.
We configure the libvirt daemon’s settings with one of the following methods:
1. Install a CA certificate.
If IdM installation is configured with the integrated Certificate System (CS) certificate authority (CA), we are able to create lightweight sub-CAs. They let us configure services, like virtual private network (VPN) gateways, to accept only certificates issued by one sub-CA. Along with it, we can configure other services to accept only certificates issued by a different sub-CA or the root CA.
To create a new sub-CA named VPN-ca from Web UI:
1. First, we open the Authentication tab and select the Certificates subtab.
2. Next, we select Certificate Authorities and click Add.
3. After that, we enter the name and subject DN for the CA.
The subject DN must be unique in the IdM CA infrastructure.
To create a new sub-CA named vpn-ca from the command line, we run the below command.
[root@server ~]# ipa ca-add vpn-ca –subject=”CN=VPN,O=IDM.EXAMPLE.COM” ——————- Created CA “vpn-ca” ——————- Name: vpn-ca Authority ID: ba83f324-5e50-4114-b109-acca05d6f1dc Subject DN: CN=VPN,O=IDM.EXAMPLE.COM Issuer DN: CN=Certificate Authority,O=IDM.EXAMPLE.COM
We run the below command, to verify that the new CA signing certificate has been successfully added to the IdM database.
[root@server ~]# certutil -d /etc/pki/pki-tomcat/alias/ -L
To remove a Sub-CA from the Web UI:
1. First, we open the Authentication tab and select the Certificates subtab.
2. Next, we select Certificate Authorities.
3. After that, we select the sub-CA to remove and click Delete.
4. Finally, we click Delete to confirm.
To delete a sub-CA from the command line, we run the below command:
[root@server ~]# ipa ca-del vpn-ca
2. Do not use TLS; use bare TCP instead. In /etc/libvirt/libvirtd.conf set listen_tls = 0 and listen_tcp = 1. The default values are listen_tls = 1 and listen_tcp = 0.
3. Do not pass the –listen parameter. In /etc/sysconfig/libvirtd.conf change the LIBVIRTD_ARGS variable.
[Need any further assistance with libvirtd related errors? – We are here to help you.]
Conclusion
In short, this error ‘libvirtd failed to start’ occurs while manually trying to start libvirt daemon. Today, we saw how our Support Engineers resolve this error.
0 Comments