ProblemType: Bug ApportVersion: 2.0.1-0ubuntu8 Architecture: amd64 Date: Tue Jul 17 16:06:39 2012 Dependencies: adduser 3.113ubuntu2 base-passwd 3.5.24 bridge-utils 1.5-2ubuntu6 busybox-initramfs 1:1.18.5-1ubuntu4 cgroup-lite 1.1 coreutils 8.13-3ubuntu3 cpio 2.11-7ubuntu3 cron 3.0pl1-120ubuntu4 dbus 1.4.18-1ubuntu1 debconf 1.5.42ubuntu1 debianutils 4.2.1ubuntu2 dmsetup 2:1.02.48-4ubuntu7.1 dnsmasq-base 2.59-4 dpkg 1.16.1.2ubuntu7 findutils 4.4.2-4ubuntu1 gcc-4.6-base 4.6.3-1ubuntu5 gettext-base 0.18.1.1-5ubuntu3 ifupdown 0.7~beta2ubuntu8 initramfs-tools 0.99ubuntu13 initramfs-tools-bin 0.99ubuntu13 initscripts 2.88dsf-13.10ubuntu11 insserv 1.14.0-2.1ubuntu2 iproute 20111117-1ubuntu2 iptables 1.4.12-1ubuntu4 klibc-utils 1.5.25-1ubuntu2 libacl1 2.2.51-5ubuntu1 libapparmor1 2.7.102-0ubuntu3.1 libattr1 1:2.4.46-5ubuntu1 libavahi-client3 0.6.30-5ubuntu2 libavahi-common-data 0.6.30-5ubuntu2 libavahi-common3 0.6.30-5ubuntu2 libblkid1 2.20.1-1ubuntu3 libbz2-1.0 1.0.6-1 libc-bin 2.15-0ubuntu10 libc6 2.15-0ubuntu10 libcap-ng0 0.6.6-1ubuntu1 libdb5.1 5.1.25-11build1 libdbus-1-3 1.4.18-1ubuntu1 libdevmapper1.02.1 2:1.02.48-4ubuntu7.1 libdrm-intel1 2.4.32-1ubuntu1 libdrm-nouveau1a 2.4.32-1ubuntu1 libdrm-radeon1 2.4.32-1ubuntu1 libdrm2 2.4.32-1ubuntu1 libexpat1 2.0.1-7.2ubuntu1 libffi6 3.0.11~rc1-5 libgcc1 1:4.6.3-1ubuntu5 libgcrypt11 1.5.0-3ubuntu0.1 libglib2.0-0 2.32.3-0ubuntu1 libgnutls26 2.12.14-5ubuntu3.1 libgpg-error0 1.10-2ubuntu1 libidn11 1.23-2 libklibc 1.5.25-1ubuntu2 liblzma5 5.1.1alpha+20110809-3 libmount1 2.20.1-1ubuntu3 libncurses5 5.9-4 libncursesw5 5.9-4 libnetfilter-conntrack3 0.9.1-1ubuntu1 libnfnetlink0 1.0.0-1 libnih-dbus1 1.0.3-4ubuntu9 libnih1 1.0.3-4ubuntu9 libnl-3-200 3.2.3-2ubuntu2 libnuma1 2.0.8~rc3-1 libp11-kit0 0.12-2ubuntu1 libpam-modules 1.1.3-7ubuntu2 libpam-modules-bin 1.1.3-7ubuntu2 libpam-runtime 1.1.3-7ubuntu2 libpam0g 1.1.3-7ubuntu2 libparted0debian1 2.3-8ubuntu5 libpcap0.8 1.1.1-10 libpciaccess0 0.12.902-1 libpcre3 8.12-4 libplymouth2 0.8.2-2ubuntu30 libpng12-0 1.2.46-3ubuntu4 libpopt0 1.16-3ubuntu1 libreadline6 6.2-8 libsasl2-2 2.1.25.dfsg1-3ubuntu0.1 libselinux1 2.1.0-4.1ubuntu1 libslang2 2.2.4-3ubuntu1 libstdc++6 4.6.3-1ubuntu5 libtasn1-3 2.10-1ubuntu1.1 libtinfo5 5.9-4 libudev0 175-0ubuntu9 libuuid1 2.20.1-1ubuntu3 libvirt0 0.9.8-2ubuntu17.1 libxenstore3.0 4.1.2-2ubuntu2.1 libxml2 2.7.8.dfsg-5.1ubuntu4.1 libyajl1 1.0.12-2 logrotate 3.7.8-6ubuntu5 lsb-base 4.0-0ubuntu20 makedev 2.3.1-89ubuntu2 module-init-tools 3.16-1ubuntu2 mount 2.20.1-1ubuntu3 mountall 2.36 multiarch-support 2.15-0ubuntu10 ncurses-bin 5.9-4 netbase 4.47ubuntu1 netcat-openbsd 1.89-4ubuntu1 passwd 1:4.1.4.2+svn3283-3ubuntu5 perl-base 5.14.2-6ubuntu2 plymouth 0.8.2-2ubuntu30 procps 1:3.2.8-11ubuntu6 readline-common 6.2-8 sed 4.2.1-9 sensible-utils 0.0.6ubuntu2 sysv-rc 2.88dsf-13.10ubuntu11 sysvinit-utils 2.88dsf-13.10ubuntu11 tar 1.26-4ubuntu1 tzdata 2012b-1 udev 175-0ubuntu9 upstart 1.5-0ubuntu7 util-linux 2.20.1-1ubuntu3 xz-utils 5.1.1alpha+20110809-3 zlib1g 1:1.2.3.4.dfsg-3ubuntu4 DistroRelease: Ubuntu 12.04 InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1) Package: libvirt-bin 0.9.8-2ubuntu17.1 PackageArchitecture: amd64 ProcEnviron: TERM=xterm SHELL=/bin/bash LANG=en_GB.UTF-8 LANGUAGE=en_GB:en ProcVersionSignature: Ubuntu 3.2.0-26.41-generic 3.2.19 SourcePackage: libvirt Tags: precise Uname: Linux 3.2.0-26-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.libvirtd.conf: # Master libvirt daemon configuration file # # For further information consult http://libvirt.org/format.html # # NOTE: the tests/daemon-conf regression test script requires # that each "PARAMETER = VALUE" line in this file have the parameter # name just after a leading "#". ################################################################# # # Network connectivity controls # # Flag listening for secure TLS connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to # have any effect. # # It is necessary to setup a CA and issue server certificates before # using this capability. # # This is enabled by default, uncomment this to disable it #listen_tls = 0 # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to # have any effect. # # Using the TCP socket requires SASL authentication by default. Only # SASL mechanisms which support data encryption are allowed. This is # DIGEST_MD5 and GSSAPI (Kerberos5) # # This is disabled by default, uncomment this to enable it. #listen_tcp = 1 # Override the port for accepting secure TLS connections # This can be a port number, or service name # #tls_port = "16514" # Override the port for accepting insecure TCP connections # This can be a port number, or service name # #tcp_port = "16509" # Override the default configuration which binds to all network # interfaces. This can be a numeric IPv4/6 address, or hostname # #listen_addr = "192.168.0.1" # Flag toggling mDNS advertizement of the libvirt service. # # Alternatively can disable for all services on a host by # stopping the Avahi daemon # # This is enabled by default, uncomment this to disable it #mdns_adv = 0 # Override the default mDNS advertizement name. This must be # unique on the immediate broadcast network. # # The default is "Virtualization Host HOSTNAME", where HOSTNAME # is subsituted for the short hostname of the machine (without domain) # #mdns_name = "Virtualization Host Joe Demo" ################################################################# # # UNIX socket access controls # # Set the UNIX domain socket group ownership. This can be used to # allow a 'trusted' set of users access to management capabilities # without becoming root. # # This is restricted to 'root' by default. unix_sock_group = "libvirtd" # Set the UNIX socket permissions for the R/O socket. This is used # for monitoring VM status only # # Default allows any user. If setting group ownership may want to # restrict this to: #unix_sock_ro_perms = "0777" # Set the UNIX socket permissions for the R/W socket. This is used # for full management of VMs # # Default allows only root. If PolicyKit is enabled on the socket, # the default will change to allow everyone (eg, 0777) # # If not using PolicyKit and setting group ownership for access # control then you may want to relax this to: unix_sock_rw_perms = "0770" # Set the name of the directory in which sockets will be found/created. #unix_sock_dir = "/var/run/libvirt" ################################################################# # # Authentication. # # - none: do not perform auth checks. If you can connect to the # socket you are allowed. This is suitable if there are # restrictions on connecting to the socket (eg, UNIX # socket permissions), or if there is a lower layer in # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then # controlled from /etc/sasl2/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # # - polkit: use PolicyKit to authenticate. This is only suitable # for use on the UNIX sockets. The default policy will # require a user to supply their own password to gain # full read/write access (aka sudo like), while anyone # is allowed read/only access. # # Set an authentication scheme for UNIX read-only sockets # By default socket permissions allow anyone to connect # # To restrict monitoring of domains you may wish to enable # an authentication mechanism here auth_unix_ro = "none" # Set an authentication scheme for UNIX read-write sockets # By default socket permissions only allow root. If PolicyKit # support was compiled into libvirt, the default will be to # use 'polkit' auth. # # If the unix_sock_rw_perms are changed you may wish to enable # an authentication mechanism here auth_unix_rw = "none" # Change the authentication scheme for TCP sockets. # # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 # mechanism in /etc/sasl2/libvirt.conf #auth_tcp = "sasl" # Change the authentication scheme for TLS sockets. # # TLS sockets already have encryption provided by the TLS # layer, and limited authentication is done by certificates # # It is possible to make use of any SASL authentication # mechanism as well, by using 'sasl' for this option #auth_tls = "none" ################################################################# # # TLS x509 certificate configuration # # Override the default server key file path # #key_file = "/etc/pki/libvirt/private/serverkey.pem" # Override the default server certificate file path # #cert_file = "/etc/pki/libvirt/servercert.pem" # Override the default CA certificate path # #ca_file = "/etc/pki/CA/cacert.pem" # Specify a certificate revocation list. # # Defaults to not using a CRL, uncomment to enable it #crl_file = "/etc/pki/CA/crl.pem" ################################################################# # # Authorization controls # # Flag to disable verification of our own server certificates # # When libvirtd starts it performs some sanity checks against # its own certificates. # # Default is to always run sanity checks. Uncommenting this # will disable sanity checks which is not a good idea #tls_no_sanity_certificate = 1 # Flag to disable verification of client certificates # # Client certificate verification is the primary authentication mechanism. # Any client which does not present a certificate signed by the CA # will be rejected. # # Default is to always verify. Uncommenting this will disable # verification - make sure an IP whitelist is set #tls_no_verify_certificate = 1 # A whitelist of allowed x509 Distinguished Names # This list may contain wildcards such as # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" # # See the POSIX fnmatch function for the format of the wildcards. # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks # # By default, no DN's are checked #tls_allowed_dn_list = ["DN1", "DN2"] # A whitelist of allowed SASL usernames. The format for usernames # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM # # This list may contain wildcards such as # # "*@EXAMPLE.COM" # # See the POSIX fnmatch function for the format of the wildcards. # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks # # By default, no Username's are checked #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] ################################################################# # # Processing controls # # The maximum number of concurrent client connections to allow # over all sockets combined. #max_clients = 20 # The minimum limit sets the number of workers to start up # initially. If the number of active clients exceeds this, # then more threads are spawned, upto max_workers limit. # Typically you'd want max_workers to equal maximum number # of clients allowed #min_workers = 5 #max_workers = 20 # The number of priority workers. If all workers from above # pool will stuck, some calls marked as high priority # (notably domainDestroy) can be executed in this pool. #prio_workers = 5 # Total global limit on concurrent RPC calls. Should be # at least as large as max_workers. Beyond this, RPC requests # will be read into memory and queued. This directly impact # memory usage, currently each request requires 256 KB of # memory. So by default upto 5 MB of memory is used # # XXX this isn't actually enforced yet, only the per-client # limit is used so far #max_requests = 20 # Limit on concurrent requests from a single client # connection. To avoid one client monopolizing the server # this should be a small fraction of the global max_requests # and max_workers parameter #max_client_requests = 5 ################################################################# # # Logging controls # # Logging level: 4 errors, 3 warnings, 2 information, 1 debug # basically 1 will log everything possible log_level = 3 # Logging filters: # A filter allows to select a different logging level for a given category # of logs # The format for a filter is: # x:name # where name is a match string e.g. remote or qemu # the x prefix is the minimal level where matching messages should be logged # 1: DEBUG # 2: INFO # 3: WARNING # 4: ERROR # # Multiple filter can be defined in a single @filters, they just need to be # separated by spaces. # # e.g: # log_filters="3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer. # Logging outputs: # An output is one of the places to save logging information # The format for an output can be: # x:stderr # output goes to stderr # x:syslog:name # use syslog for the output and use the given name as the ident # x:file:file_path # output to a file, with the given filepath # In all case the x prefix is the minimal level, acting as a filter # 1: DEBUG # 2: INFO # 3: WARNING # 4: ERROR # # Multiple output can be defined, they just need to be separated by spaces. # e.g.: # log_outputs="3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident # Log debug buffer size: default 64 # The daemon keeps an internal debug log buffer which will be dumped in case # of crash or upon receiving a SIGUSR2 signal. This setting allows to override # the default buffer size in kilobytes. # If value is 0 or less the debug log buffer is deactivated #log_buffer_size = 64 ################################################################## # # Auditing # # This setting allows usage of the auditing subsystem to be altered: # # audit_level == 0 -> disable all auditing # audit_level == 1 -> enable auditing, only if enabled on host (default) # audit_level == 2 -> enable auditing, and exit if disabled on host # #audit_level = 2 # # If set to 1, then audit messages will also be sent # via libvirt logging infrastructure. Defaults to 0 # #audit_logging = 1 ################################################################### # UUID of the host: # Provide the UUID of the host here in case the command # 'dmidecode -s system-uuid' does not provide a valid uuid. In case # 'dmidecode' does not provide a valid UUID and none is provided here, a # temporary UUID will be generated. # Keep the format of the example UUID below. UUID must not have all digits # be the same. # NB This default all-zeros UUID will not work. Replace # it with the output of the 'uuidgen' command and then # uncomment this entry #host_uuid = "00000000-0000-0000-0000-000000000000" ################################################################### # Keepalive protocol: # This allows libvirtd to detect broken client connections or even # dead client. A keepalive message is sent to a client after # keepalive_interval seconds of inactivity to check if the client is # still responding; keepalive_count is a maximum number of keepalive # messages that are allowed to be sent to the client without getting # any response before the connection is considered broken. In other # words, the connection is automatically closed approximately after # keepalive_interval * (keepalive_count + 1) seconds since the last # message received from the client. If keepalive_interval is set to # -1, libvirtd will never send keepalive requests; however clients # can still send them and the deamon will send responses. When # keepalive_count is set to 0, connections will be automatically # closed after keepalive_interval seconds of inactivity without # sending any keepalive messages. # #keepalive_interval = 5 #keepalive_count = 5 # # If set to 1, libvirtd will refuse to talk to clients that do not # support keepalive protocol. Defaults to 0. # #keepalive_required = 1 mtime.conffile..etc.libvirt.libvirtd.conf: 2012-07-13T13:48:01.590488