[one-users] Error when instantiating VM from image - next status
Jaime Melis
jmelis at opennebula.org
Fri Jun 22 02:58:02 PDT 2012
Hello Jan,
I forgot to mention that it's not enough with using the SSH transfer
driver, you also have to unmount all your NFS exports in your hypervisor
node, so the disk images aren't copied to an NFS filesystem.
Cheers,
Jaime
On Fri, Jun 22, 2012 at 11:21 AM, Jaime Melis <jmelis at opennebula.org> wrote:
> Hello Jan,
>
> let's try without NFS just to rule it out. Can you use the SSH transfer
> driver:
>
> http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver
> and try launching the VM again?
>
> By the way, after reading your logs it seems you're not using the last
> stable release OpenNebula 3.4. Could you upgrade to this release?
>
> Regards,
> Jaime
>
>
> On Fri, Jun 22, 2012 at 8:01 AM, Jan Benadik <jan.benadik at atos.net> wrote:
>
>> Yes, it runs:
>> oneadmin at nebula-3:~$ ps aux |grep oned
>> oneadmin 10158 0.0 0.1 1172252 8020 ? Sl Jun21 0:22
>> /usr/bin/oned -f
>>
>> When I changed security_driver in qemu.conf to default state
>>
>> /etc/libvirt/qemu.conf:
>> # security_driver = "selinux"
>>
>> my error message went back to previous state (but still was there) ...
>>
>> When I replaced OS on host to Ubuntu 10.04 Server (with the same
>> settings), error message is:
>>
>> Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT
>> Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file:
>> /var/lib/one/1/deployment.4
>> Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0
>> Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver
>> operation: pre.
>> Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT |
>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan
>> Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from
>> /var/lib/one/1/images/deployment.4
>> *Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on
>> /var/lib/one/1/images/disk.1: Permission denied*
>> Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from
>> /var/lib/one/1/images/deployment.4
>> Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
>> Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization
>> driver operation: deploy.
>> Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine: Could
>> not create domain from /var/lib/one/1/images/deployment.4
>> Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED
>>
>> Messages in /var/log/syslog at the same time:
>> Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD ( cd / && run-parts
>> --report /etc/cron.hourly)
>> Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505
>> audit(1340353324.455:27): operation="profile_load" pid=13044
>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
>> Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error :
>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>> /var/lib/one/1/images/disk.0: Permission denied
>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
>> directory
>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>> qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error :
>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>> /var/lib/one/1/images/disk.1: Permission denied
>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning :
>> qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for
>> one-1
>> Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505
>> audit(1340353354.655:28): operation="profile_remove" pid=13051
>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" namespace="root"
>>
>> Jan
>>
>>
>>
>> Dňa 21.06.2012 17:19, Javier Fontan wrote / napísal(a):
>>
>> Also, I supposte oned is running as oneadmin user. Just to check.
>>
>> On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfontan at opennebula.org> <jfontan at opennebula.org> wrote:
>>
>> I am checking my configuration ans the only differences are:
>>
>> * oneadmin is in group oneadmin
>> * qemu group is oneadmin
>> * �/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
>>
>> Can you try moving the line of apparmor to
>> /etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
>> problem that we don't know of. Unfortunately I am not an apparmor.
>>
>> On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.benadik at atos.net> <jan.benadik at atos.net> wrote:
>>
>> So - now I have still the same error message in oned.log:
>> Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
>> Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
>> /var/lib/one/0/deployment.38
>> Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
>> Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
>> operation: pre.
>> Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
>> /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
>> Connection reset by peer
>> Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
>> /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
>> Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
>> operation: deploy.
>> Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
>> not create domain from /var/lib/one/0/images/deployment.38
>> Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
>>
>> At the same time in the /var/log/libvirt/libvirtd.log the following message
>> appears:
>> 2012-06-21 09:27:43.610+0000: 1114: warning :
>> virDomainDiskDefForeachPath:13244 : Ignoring open failure on
>> /var/lib/one/0/images/disk.1: Permission denied
>> 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
>> to read from monitor: Connection reset by peer
>>
>> Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
>> flushed ...!).
>>
>> Permissions of files and folders:
>> oneadmin at opennebula-host:/var/lib$ ls -ld /var/lib/one
>> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
>>
>> oneadmin at opennebula-host:/var/lib/one# ls -la
>> total 132
>> drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 .
>> drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 ..
>> -rw-------� 1 oneadmin cloud� 2261 Jun 21 08:42 .bash_history
>> drwx------� 2 oneadmin cloud� 4096 Jun 20 09:48 .cache
>> drwx------� 2 oneadmin cloud� 4096 Jun 20 09:49 .one
>> drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh
>> -rw-------� 1 oneadmin cloud� 3412 Jun 20 11:06 .viminfo
>> drwxrwxrwx� 3 oneadmin cloud� 4096 Jun 21 09:26 0
>> -rw-r--r--� 1 oneadmin cloud� 1738 Jun 21 08:50 config
>> drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images
>> -rw-r--r--� 1 oneadmin cloud 67584 Jun 21 09:27 one.db
>> -rw-r--r--� 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
>> drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes
>>
>> oneadmin at opennebula-host:/var/lib/one/0# ls -la
>> total 20
>> drwxrwxrwx� 3 oneadmin cloud 4096 Jun 21 09:36 .
>> drwxr-xr-x 10 oneadmin root� 4096 Jun 21 09:35 ..
>> -rw-r--r--� 1 oneadmin cloud� 735 Jun 21 09:26 deployment.38
>> drwxrwxrwx� 2 oneadmin cloud 4096 Jun 21 09:26 images
>> -rw-r--r--� 1 oneadmin cloud� 201 Jun 21 09:26 transfer.38.prolog
>>
>> oneadmin at opennebula-host:/var/lib/one/0/images# ls -la
>> total 906256
>> drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 .
>> drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 ..
>> -rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38
>> -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
>> lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 ->
>> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
>>
>> oneadmin at opennebula-host:~/images$ ls -la
>> total 1040116
>> drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 .
>> drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 ..
>> -rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57
>> 46440b43448202b4ee69b4b541f5eeab
>> -rw-rw----� 1 oneadmin root 10737418241 Jun 20 10:57
>> 9c52b90a79dba7c26a912d05ff5190b8
>>
>>
>> Libvirtd and Qemu settings:
>> /etc/libvirt/libvirtd.conf:
>> listen_tls = 0
>> listen_tcp = 1
>> unix_sock_group = "libvirtd"
>> unix_sock_ro_perms = "0777"
>> unix_sock_rw_perms = "0777"
>> unix_sock_dir = "/var/run/libvirt"
>> auth_unix_ro = "none"
>> auth_unix_rw = "none"
>>
>> /etc/libvirt/qemu.conf:
>> security_driver = "none"
>> user = "oneadmin"
>> group = "cloud"
>> dynamic_ownership = 0
>>
>> /etc/default/libvirt-bin:
>> start_libvirtd="yes"
>> libvirtd_opts="-d -l"
>>
>> /etc/apparmor.d/usr.sbin.libvirtd:
>> # Last Modified: Mon Jul� 6 17:23:58 2009
>> #include <tunables/global>
>> @{LIBVIRT}="libvirt"
>>
>> /usr/sbin/libvirtd {
>> � #include <abstractions/base>
>> � # Site-specific additions and overrides. See local/README for details.
>> � #include <local/usr.sbin.libvirtd>
>>
>> � capability kill,
>> � capability net_admin,
>> � capability net_raw,
>> � capability setgid,
>> � capability sys_admin,
>> � capability sys_module,
>> � capability sys_ptrace,
>> � capability sys_nice,
>> � capability sys_chroot,
>> � capability setuid,
>> � capability dac_override,
>> � capability dac_read_search,
>> � capability fowner,
>> � capability chown,
>> � capability setpcap,
>> � capability mknod,
>> � capability fsetid,
>> � capability ipc_lock,
>>
>> � network inet stream,
>> � network inet dgram,
>> � network inet6 stream,
>> � network inet6 dgram,
>> � network packet dgram,
>>
>> � # for now, use a very lenient profile since we want to first focus on
>> � # confining the guests
>> � / r,
>> � /** rwmkl,
>>
>> � /bin/* PUx,
>> � /sbin/* PUx,
>> � /usr/bin/* PUx,
>> � /usr/sbin/* PUx,
>> � /lib/udev/scsi_id PUx,
>>
>> � # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
>> � # write and run an ebtables script.
>> � /var/lib/libvirt/virtd* ixr,
>>
>> � # force the use of virt-aa-helper
>> � audit deny /sbin/apparmor_parser rwxl,
>> � audit deny /etc/apparmor.d/libvirt/** wxl,
>> � audit deny /sys/kernel/security/apparmor/features rwxl,
>> � audit deny /sys/kernel/security/apparmor/matching rwxl,
>> � audit deny /sys/kernel/security/apparmor/.* rwxl,
>> � /sys/kernel/security/apparmor/profiles r,
>> � /usr/lib/libvirt/* PUxr,
>> � /etc/libvirt/hooks/** rmix,
>> � /var/lib/one/** lrwk,
>>
>> � # allow changing to our UUID-based named profiles
>> � change_profile ->
>> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
>>
>> }
>>
>> User settings:
>> oneadmin at opennebula-host:~/images$ groups oneadmin
>> oneadmin : cloud root disk kvm libvirtd
>>
>>
>>
>> My question - where is an issue?
>>
>> Jan
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>> --
>> Javier Font�n Mui�os
>> Project Engineer
>> OpenNebula - The Open Source Toolkit for Data Center Virtualizationwww.OpenNebula.org�|�jfontan at opennebula.org�| @OpenNebula
>>
>>
>> --
>>
>> *Ján Beňadik*
>> Managed Services - Solution Design Architect
>> +421 46 5151 332
>> +421 903 691 634
>> jan.benadik at atos.net <//jan.benadik at atos.net>
>> Vinohradnícka 6, 971 01 Prievidza
>> www.sk.atos.net
>> __________________________________
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
> --
> Jaime Melis
> Project Engineer
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | jmelis at opennebula.org
>
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120622/b1c14c3f/attachment-0003.htm>
More information about the Users
mailing list