[one-users] Error when instantiating VM from image - next status
Javier Fontan
jfontan at opennebula.org
Thu Jun 21 08:19:07 PDT 2012
I am checking my configuration ans the only differences are:
* oneadmin is in group oneadmin
* qemu group is oneadmin
* /var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
Can you try moving the line of apparmor to
/etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
problem that we don't know of. Unfortunately I am not an apparmor.
On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.benadik at atos.net> wrote:
> So - now I have still the same error message in oned.log:
> Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
> Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
> /var/lib/one/0/deployment.38
> Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
> Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
> operation: pre.
> Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
> /var/lib/one/0/images/deployment.38
> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
> Connection reset by peer
> Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
> /var/lib/one/0/images/deployment.38
> Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
> Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
> operation: deploy.
> Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
> not create domain from /var/lib/one/0/images/deployment.38
> Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
>
> At the same time in the /var/log/libvirt/libvirtd.log the following message
> appears:
> 2012-06-21 09:27:43.610+0000: 1114: warning :
> virDomainDiskDefForeachPath:13244 : Ignoring open failure on
> /var/lib/one/0/images/disk.1: Permission denied
> 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
> to read from monitor: Connection reset by peer
>
> Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
> flushed ...!).
>
> Permissions of files and folders:
> oneadmin at opennebula-host:/var/lib$ ls -ld /var/lib/one
> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
>
> oneadmin at opennebula-host:/var/lib/one# ls -la
> total 132
> drwxr-xr-x 8 oneadmin root 4096 Jun 21 09:27 .
> drwxr-xr-x 37 root root 4096 Jun 21 06:30 ..
> -rw------- 1 oneadmin cloud 2261 Jun 21 08:42 .bash_history
> drwx------ 2 oneadmin cloud 4096 Jun 20 09:48 .cache
> drwx------ 2 oneadmin cloud 4096 Jun 20 09:49 .one
> drwx------ 2 oneadmin root 4096 Jun 20 17:43 .ssh
> -rw------- 1 oneadmin cloud 3412 Jun 20 11:06 .viminfo
> drwxrwxrwx 3 oneadmin cloud 4096 Jun 21 09:26 0
> -rw-r--r-- 1 oneadmin cloud 1738 Jun 21 08:50 config
> drwxrwx--T 2 oneadmin root 4096 Jun 20 10:57 images
> -rw-r--r-- 1 oneadmin cloud 67584 Jun 21 09:27 one.db
> -rw-r--r-- 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
> drwxr-xr-x 8 root root 4096 Jun 20 09:33 remotes
>
> oneadmin at opennebula-host:/var/lib/one/0# ls -la
> total 20
> drwxrwxrwx 3 oneadmin cloud 4096 Jun 21 09:36 .
> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:35 ..
> -rw-r--r-- 1 oneadmin cloud 735 Jun 21 09:26 deployment.38
> drwxrwxrwx 2 oneadmin cloud 4096 Jun 21 09:26 images
> -rw-r--r-- 1 oneadmin cloud 201 Jun 21 09:26 transfer.38.prolog
>
> oneadmin at opennebula-host:/var/lib/one/0/images# ls -la
> total 906256
> drwxrwxrwx 2 oneadmin cloud 4096 Jun 21 09:26 .
> drwxrwxrwx 3 oneadmin cloud 4096 Jun 21 09:36 ..
> -rw-r--r-- 1 oneadmin cloud 736 Jun 21 09:26 deployment.38
> -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
> lrwxrwxrwx 1 oneadmin cloud 52 Jun 21 09:26 disk.1 ->
> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
>
> oneadmin at opennebula-host:~/images$ ls -la
> total 1040116
> drwxrwx--T 2 oneadmin root 4096 Jun 20 10:57 .
> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:37 ..
> -rw-rw---- 1 oneadmin root 927989760 Jun 20 10:57
> 46440b43448202b4ee69b4b541f5eeab
> -rw-rw---- 1 oneadmin root 10737418241 Jun 20 10:57
> 9c52b90a79dba7c26a912d05ff5190b8
>
>
> Libvirtd and Qemu settings:
> /etc/libvirt/libvirtd.conf:
> listen_tls = 0
> listen_tcp = 1
> unix_sock_group = "libvirtd"
> unix_sock_ro_perms = "0777"
> unix_sock_rw_perms = "0777"
> unix_sock_dir = "/var/run/libvirt"
> auth_unix_ro = "none"
> auth_unix_rw = "none"
>
> /etc/libvirt/qemu.conf:
> security_driver = "none"
> user = "oneadmin"
> group = "cloud"
> dynamic_ownership = 0
>
> /etc/default/libvirt-bin:
> start_libvirtd="yes"
> libvirtd_opts="-d -l"
>
> /etc/apparmor.d/usr.sbin.libvirtd:
> # Last Modified: Mon Jul 6 17:23:58 2009
> #include <tunables/global>
> @{LIBVIRT}="libvirt"
>
> /usr/sbin/libvirtd {
> #include <abstractions/base>
> # Site-specific additions and overrides. See local/README for details.
> #include <local/usr.sbin.libvirtd>
>
> capability kill,
> capability net_admin,
> capability net_raw,
> capability setgid,
> capability sys_admin,
> capability sys_module,
> capability sys_ptrace,
> capability sys_nice,
> capability sys_chroot,
> capability setuid,
> capability dac_override,
> capability dac_read_search,
> capability fowner,
> capability chown,
> capability setpcap,
> capability mknod,
> capability fsetid,
> capability ipc_lock,
>
> network inet stream,
> network inet dgram,
> network inet6 stream,
> network inet6 dgram,
> network packet dgram,
>
> # for now, use a very lenient profile since we want to first focus on
> # confining the guests
> / r,
> /** rwmkl,
>
> /bin/* PUx,
> /sbin/* PUx,
> /usr/bin/* PUx,
> /usr/sbin/* PUx,
> /lib/udev/scsi_id PUx,
>
> # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
> # write and run an ebtables script.
> /var/lib/libvirt/virtd* ixr,
>
> # force the use of virt-aa-helper
> audit deny /sbin/apparmor_parser rwxl,
> audit deny /etc/apparmor.d/libvirt/** wxl,
> audit deny /sys/kernel/security/apparmor/features rwxl,
> audit deny /sys/kernel/security/apparmor/matching rwxl,
> audit deny /sys/kernel/security/apparmor/.* rwxl,
> /sys/kernel/security/apparmor/profiles r,
> /usr/lib/libvirt/* PUxr,
> /etc/libvirt/hooks/** rmix,
> /var/lib/one/** lrwk,
>
> # allow changing to our UUID-based named profiles
> change_profile ->
> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
>
> }
>
> User settings:
> oneadmin at opennebula-host:~/images$ groups oneadmin
> oneadmin : cloud root disk kvm libvirtd
>
>
>
> My question - where is an issue?
>
> Jan
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
More information about the Users
mailing list