Are you stuck with the error ‘The URI Failed to Connect to the Hypervisor’ and trying to find a solution for it? You are at the right place.
Different errors can occur when connecting to the server (for example, when running virsh).
Here at Bobcares, we have seen several such hypervisor-related errors as part of our Server Management Services for web hosts and online service providers.
Today we’ll see the errors that occur when the URI fails to connect to the hypervisor.
The URI Failed to Connect to the Hypervisor – How to fix common errors
Now let’s take a look at how our Support Engineers resolve the errors related to the Hypervisor connection.
1. Cannot read CA certificate
The following error (or similar) appears when running the below command.
$ virsh -c qemu://$hostname/system_list error: failed to connect to the hypervisor error: Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory
This error can occur due to different reasons that include an incorrectly specified URI or a connection that is not configured.
* Incorrectly specified URI
When specifying qemu://system or qemu://session as a connection URI, virsh attempts to connect to host names’ system or session respectively. Because virsh recognizes the text after the second forward slash as the host.
So we use three forward slashes to connect to the localhost. For example, specifying qemu:///system instructs virsh to connect to the system instance of libvirtd on the localhost.
When we specify a hostname, the QEMU transport defaults to TLS. This results in certificates.
* Connection is not configured
The URI is correct (for example, qemu[+tls]://server/system) but the certificates are not set up properly on our machine.
2. Unable to connect to the server at ‘host:16509’: Connection refused
The connections fail while libvirtd should listen on TCP ports for connections. Here is the error message.
# virsh -c qemu+tcp://host/system error: failed to connect to the hypervisor error: unable to connect to server at ‘host:16509’: Connection refused
Even after changing the configuration in /etc/libvirt/libvirtd.conf, the libvirt daemon is not listening on TCP ports:
# grep listen_ /etc/libvirt/libvirtd.conf listen_tls = 1 listen_tcp = 1 listen_addr = “0.0.0.0”
However, the TCP ports for libvirt are still not open after changing configuration:
# netstat -lntp | grep libvirtd
Here, the libvirt daemon was started without the –listen option. So, we verify this by running the below command:
# ps aux | grep libvirtd root 10749 0.1 0.2 558276 18280 ? Ssl 23:21 0:00 /usr/sbin/libvirtd
As a result, the output does not contain the –listen option.
We start the daemon with the –listen option. For that, we modify the /etc/sysconfig/libvirtd file and uncomment the below line:
Then, we restart the libvirtd service by running the below command:
# /bin/systemctl restart libvirtd.service
3. Authentication Failed
When running a command, the following error (or similar) appears:
$ virsh -c qemu://$hostname/system_list error: failed to connect to the hypervisor error: authentication failed: authentication failed
Sometimes, the authentication may fail even when the correct credentials are used. This can happen when the SASL authentication is not configured.
First, we edit the /etc/libvirt/libvirtd.conf file and set the value of the auth_tcp parameter to sasl. Then we verify using the below command:
# cat /etc/libvirt/libvirtd.conf | grep auth_tcp auth_tcp = “sasl”
Next, we edit the /etc/sasl2/libvirt.conf file and add the following lines to the file:
mech_list: digest-md5 sasldb_path: /etc/libvirt/passwd.db
Also, we ensure the cyrus-sasl-md5 package is installed by running:
# yum install cyrus-sasl-md5
After that, we restart the libvirtd service. For that, we run the below command:
# systemctl restart libvirtd
Finally, we set a user name and password for libvirt SASL:
# saslpasswd2 -a libvirt 1
4. Permission Denied
The following error (or similar) appears when running a virsh command as a non-root user:
$ virsh -c qemu://$hostname/system_list error: Failed to connect socket to ‘/var/run/libvirt/libvirt-sock’: Permission denied error: failed to connect to the hypervisor
We edit the /etc/libvirt/libvirt.conf file and add the following lines to the file:
#unix_sock_group = “libvirt” #unix_sock_ro_perms = “0777” #unix_sock_rw_perms = “0770”
Then we restart the libvirtd service:
# systemctl restart libvirtd
[Need any further assistance with hypervisor queries? – We are here to help you.]
In today’s writeup, we saw how our Support Engineers resolve the hypervisor error.