[one-users] Error when instantiating VM from image - next status

Thu Jun 21 08:19:55 PDT 2012

Also, I supposte oned is running as oneadmin user. Just to check.

On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfontan at opennebula.org> wrote:
> I am checking my configuration ans the only differences are:
>
> * oneadmin is in group oneadmin
> * qemu group is oneadmin
> *  /var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
>
> Can you try moving the line of apparmor to
> /etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
> problem that we don't know of. Unfortunately I am not an apparmor.
>
> On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.benadik at atos.net> wrote:
>> So - now I have still the same error message in oned.log:
>> Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
>> Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
>> /var/lib/one/0/deployment.38
>> Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
>> Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
>> operation: pre.
>> Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
>> /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
>> Connection reset by peer
>> Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
>> /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
>> Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
>> operation: deploy.
>> Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
>> not create domain from /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
>>
>> At the same time in the /var/log/libvirt/libvirtd.log the following message
>> appears:
>> 2012-06-21 09:27:43.610+0000: 1114: warning :
>> virDomainDiskDefForeachPath:13244 : Ignoring open failure on
>> /var/lib/one/0/images/disk.1: Permission denied
>> 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
>> to read from monitor: Connection reset by peer
>>
>> Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
>> flushed ...!).
>>
>> Permissions of files and folders:
>> oneadmin at opennebula-host:/var/lib$ ls -ld /var/lib/one
>> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
>>
>> oneadmin at opennebula-host:/var/lib/one# ls -la
>> total 132
>> drwxr-xr-x  8 oneadmin root   4096 Jun 21 09:27 .
>> drwxr-xr-x 37 root     root   4096 Jun 21 06:30 ..
>> -rw-------  1 oneadmin cloud  2261 Jun 21 08:42 .bash_history
>> drwx------  2 oneadmin cloud  4096 Jun 20 09:48 .cache
>> drwx------  2 oneadmin cloud  4096 Jun 20 09:49 .one
>> drwx------  2 oneadmin root   4096 Jun 20 17:43 .ssh
>> -rw-------  1 oneadmin cloud  3412 Jun 20 11:06 .viminfo
>> drwxrwxrwx  3 oneadmin cloud  4096 Jun 21 09:26 0
>> -rw-r--r--  1 oneadmin cloud  1738 Jun 21 08:50 config
>> drwxrwx--T  2 oneadmin root   4096 Jun 20 10:57 images
>> -rw-r--r--  1 oneadmin cloud 67584 Jun 21 09:27 one.db
>> -rw-r--r--  1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
>> drwxr-xr-x  8 root     root   4096 Jun 20 09:33 remotes
>>
>> oneadmin at opennebula-host:/var/lib/one/0# ls -la
>> total 20
>> drwxrwxrwx  3 oneadmin cloud 4096 Jun 21 09:36 .
>> drwxr-xr-x 10 oneadmin root  4096 Jun 21 09:35 ..
>> -rw-r--r--  1 oneadmin cloud  735 Jun 21 09:26 deployment.38
>> drwxrwxrwx  2 oneadmin cloud 4096 Jun 21 09:26 images
>> -rw-r--r--  1 oneadmin cloud  201 Jun 21 09:26 transfer.38.prolog
>>
>> oneadmin at opennebula-host:/var/lib/one/0/images# ls -la
>> total 906256
>> drwxrwxrwx 2 oneadmin cloud      4096 Jun 21 09:26 .
>> drwxrwxrwx 3 oneadmin cloud      4096 Jun 21 09:36 ..
>> -rw-r--r-- 1 oneadmin cloud       736 Jun 21 09:26 deployment.38
>> -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
>> lrwxrwxrwx 1 oneadmin cloud        52 Jun 21 09:26 disk.1 ->
>> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
>>
>> oneadmin at opennebula-host:~/images$ ls -la
>> total 1040116
>> drwxrwx--T  2 oneadmin root        4096 Jun 20 10:57 .
>> drwxr-xr-x 10 oneadmin root        4096 Jun 21 09:37 ..
>> -rw-rw----  1 oneadmin root   927989760 Jun 20 10:57
>> 46440b43448202b4ee69b4b541f5eeab
>> -rw-rw----  1 oneadmin root 10737418241 Jun 20 10:57
>> 9c52b90a79dba7c26a912d05ff5190b8
>>
>>
>> Libvirtd and Qemu settings:
>> /etc/libvirt/libvirtd.conf:
>> listen_tls = 0
>> listen_tcp = 1
>> unix_sock_group = "libvirtd"
>> unix_sock_ro_perms = "0777"
>> unix_sock_rw_perms = "0777"
>> unix_sock_dir = "/var/run/libvirt"
>> auth_unix_ro = "none"
>> auth_unix_rw = "none"
>>
>> /etc/libvirt/qemu.conf:
>> security_driver = "none"
>> user = "oneadmin"
>> group = "cloud"
>> dynamic_ownership = 0
>>
>> /etc/default/libvirt-bin:
>> start_libvirtd="yes"
>> libvirtd_opts="-d -l"
>>
>> /etc/apparmor.d/usr.sbin.libvirtd:
>> # Last Modified: Mon Jul  6 17:23:58 2009
>> #include <tunables/global>
>> @{LIBVIRT}="libvirt"
>>
>> /usr/sbin/libvirtd {
>>   #include <abstractions/base>
>>   # Site-specific additions and overrides. See local/README for details.
>>   #include <local/usr.sbin.libvirtd>
>>
>>   capability kill,
>>   capability net_admin,
>>   capability net_raw,
>>   capability setgid,
>>   capability sys_admin,
>>   capability sys_module,
>>   capability sys_ptrace,
>>   capability sys_nice,
>>   capability sys_chroot,
>>   capability setuid,
>>   capability dac_override,
>>   capability dac_read_search,
>>   capability fowner,
>>   capability chown,
>>   capability setpcap,
>>   capability mknod,
>>   capability fsetid,
>>   capability ipc_lock,
>>
>>   network inet stream,
>>   network inet dgram,
>>   network inet6 stream,
>>   network inet6 dgram,
>>   network packet dgram,
>>
>>   # for now, use a very lenient profile since we want to first focus on
>>   # confining the guests
>>   / r,
>>   /** rwmkl,
>>
>>   /bin/* PUx,
>>   /sbin/* PUx,
>>   /usr/bin/* PUx,
>>   /usr/sbin/* PUx,
>>   /lib/udev/scsi_id PUx,
>>
>>   # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
>>   # write and run an ebtables script.
>>   /var/lib/libvirt/virtd* ixr,
>>
>>   # force the use of virt-aa-helper
>>   audit deny /sbin/apparmor_parser rwxl,
>>   audit deny /etc/apparmor.d/libvirt/** wxl,
>>   audit deny /sys/kernel/security/apparmor/features rwxl,
>>   audit deny /sys/kernel/security/apparmor/matching rwxl,
>>   audit deny /sys/kernel/security/apparmor/.* rwxl,
>>   /sys/kernel/security/apparmor/profiles r,
>>   /usr/lib/libvirt/* PUxr,
>>   /etc/libvirt/hooks/** rmix,
>>   /var/lib/one/** lrwk,
>>
>>   # allow changing to our UUID-based named profiles
>>   change_profile ->
>> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
>>
>> }
>>
>> User settings:
>> oneadmin at opennebula-host:~/images$ groups oneadmin
>> oneadmin : cloud root disk kvm libvirtd
>>
>>
>>
>> My question - where is an issue?
>>
>> Jan
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
> --
> Javier Fontán Muiños
> Project Engineer
> OpenNebula - The Open Source Toolkit for Data Center Virtualization
> www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula

-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula