×


The URI Failed to Connect to the Hypervisor - Fix it now

Are you facing the error 'The URI Failed to Connect to the Hypervisor' and trying to find a solution for it? 

This guide is for you.


Different errors can occur when connecting to the server (for example, when running virsh).

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve hypervisor related errors.

In this context, we shall look into errors that occur when the URI fails to connect to the hypervisor.


The URI Failed to Connect to the Hypervisor – How to fix common errors ?

Now let's take a look at how to resolve the errors related to the Hypervisor connection.


1. Cannot read CA certificate

The following error (or similar) appears when running the below command:

$ virsh -c qemu://$hostname/system_list
error: failed to connect to the hypervisor
error: Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory

Cause

This error can occur due to different reasons that include an incorrectly specified URI or a connection that is not configured.


Solution

i. Incorrectly specified URI

When specifying qemu://system or qemu://session as a connection URI, virsh attempts to connect to host names’ system or session respectively. Because virsh recognizes the text after the second forward slash as the host.

So we use three forward slashes to connect to the localhost. For example, specifying qemu:///system instructs virsh to connect to the system instance of libvirtd on the localhost.

When we specify a hostname, the QEMU transport defaults to TLS. This results in certificates.


ii. Connection is not configured

The URI is correct (for example, qemu[+tls]://server/system) but the certificates are not set up properly on our machine.


2. Unable to connect to the server at 'host:16509': Connection refused

The connections fail while libvirtd should listen on TCP ports for connections. Here is the error message.

# virsh -c qemu+tcp://host/system
error: failed to connect to the hypervisor
error: unable to connect to server at ‘host:16509’: Connection refused

Even after changing the configuration in /etc/libvirt/libvirtd.conf, the libvirt daemon is not listening on TCP ports:

# grep listen_ /etc/libvirt/libvirtd.conf
listen_tls = 1
listen_tcp = 1
listen_addr = “0.0.0.0”

However, the TCP ports for libvirt are still not open after changing configuration:

# netstat -lntp | grep libvirtd

Cause

Here, the libvirt daemon was started without the –listen option. So, we verify this by running the below command:

# ps aux | grep libvirtd
root 10749 0.1 0.2 558276 18280 ? Ssl 23:21 0:00 /usr/sbin/libvirtd

As a result, the output does not contain the –listen option.


Solution

We start the daemon with the –listen option. For that, we modify the /etc/sysconfig/libvirtd file and uncomment the below line:

# LIBVIRTD_ARGS=”–listen”

Then, we restart the libvirtd service by running the below command:

# /bin/systemctl restart libvirtd.service


3. Authentication Failed

When running a command, the following error (or similar) appears:

$ virsh -c qemu://$hostname/system_list
error: failed to connect to the hypervisor
error: authentication failed: authentication failed

Cause

Sometimes, the authentication may fail even when the correct credentials are used. This can happen when the SASL authentication is not configured.


Solution

First, we edit the /etc/libvirt/libvirtd.conf file and set the value of the auth_tcp parameter to sasl. Then we verify using the below command:

# cat /etc/libvirt/libvirtd.conf | grep auth_tcp
auth_tcp = “sasl”

Next, we edit the /etc/sasl2/libvirt.conf file and add the following lines to the file:

mech_list: digest-md5
sasldb_path: /etc/libvirt/passwd.db

Also, we ensure the cyrus-sasl-md5 package is installed by running:

# yum install cyrus-sasl-md5

After that, we restart the libvirtd service. For that, we run the below command:

# systemctl restart libvirtd

Finally, we set a user name and password for libvirt SASL:

# saslpasswd2 -a libvirt 1


4. Permission Denied

The following error (or similar) appears when running a virsh command as a non-root user:

$ virsh -c qemu://$hostname/system_list
error: Failed to connect socket to ‘/var/run/libvirt/libvirt-sock’: Permission denied
error: failed to connect to the hypervisor

Solution

We edit the /etc/libvirt/libvirt.conf file and add the following lines to the file:

#unix_sock_group = “libvirt”
#unix_sock_ro_perms = “0777”
#unix_sock_rw_perms = “0770”

Then we restart the libvirtd service:

# systemctl restart libvirtd


[Need urgent assistance with hypervisor queries? – We are here to help you. ]


Conclusion

This article covers methods to resolve hypervisor error. The error message is misleading about the actual cause. This error can be caused by a variety of factors, such as an incorrectly specified URI, or a connection that is not configured.


To fix THE URI FAILED TO CONNECT TO THE HYPERVISOR:

1. Incorrectly specified URI

When specifying qemu://system or qemu://session as a connection URI, virsh attempts to connect to host names system or session respectively. This is because virsh recognizes the text after the second forward slash as the host.

Use three forward slashes to connect to the local host. For example, specifying qemu:///system instructs virsh connect to the system instance of libvirtd on the local host.

When a host name is specified, the QEMU transport defaults to TLS. This results in certificates.


2. Connection is not configured

The URI is correct (for example, qemu[+tls]://server/system) but the certificates are not set up properly on your machine. For information on configuring TLS, see Setting up libvirt for TLS available from the libvirt website.