B.2. The URI Failed to Connect to the Hypervisor
Several different errors can occur when connecting to the server (for example, when running
virsh
).
B.2.1. Cannot read CA certificate
- Symptom
- When running a command, the following error (or similar) appears:
$ virsh -c name_of_uri list error: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory error: failed to connect to the hypervisor
- Investigation
- The error message is misleading about the actual cause. This error can be caused by a variety of factors, such as an incorrectly specified URI, or a connection that is not configured.
- Solution
- Incorrectly specified URI
- When specifying
qemu://system
orqemu://session
as a connection URI,virsh
attempts to connect to host namessystem
orsession
respectively. This is becausevirsh
recognizes the text after the second forward slash as the host.Use three forward slashes to connect to the local host. For example, specifyingqemu:///system
instructsvirsh
connect to thesystem
instance of libvirtd on the local host.When a host name is specified, the QEMU transport defaults toTLS
. This results in certificates. - Connection is not configured
- The URI is correct (for example,
qemu[+tls]://server/system
) but the certificates are not set up properly on your machine. For information on configuring TLS, see Setting up libvirt for TLS available from the libvirt website.