[one-users] Error when instantiating VM from image - next status
Ruben S. Montero
rsmontero at opennebula.org
Fri Jun 22 08:18:15 PDT 2012
Seems the same thing... is it /var/lib/one/ in an NFS volume in the host?
BTW, you need ACPI installed in the guest domains to shutdown them, if not
you can just use cancel
On Fri, Jun 22, 2012 at 4:39 PM, Jan Benadik <jan.benadik at atos.net> wrote:
> Other error message (with SSH transfer driver used):
> Fri Jun 22 14:08:53 2012 [LCM][I]: New VM state is BOOT
> Fri Jun 22 14:08:53 2012 [VMM][I]: Generating deployment file:
> /var/lib/one/0/deployment.1
> Fri Jun 22 14:08:53 2012 [VMM][I]: ExitCode: 0
> Fri Jun 22 14:08:53 2012 [VMM][I]: Successfully execute network driver
> operation: pre.
> Fri Jun 22 14:09:24 2012 [VMM][I]: Command execution fail: cat << EOT |
> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.1 10.0.5.201 0
> 10.0.5.201
> Fri Jun 22 14:09:24 2012 [VMM][I]: error: Failed to create domain from
> /var/lib/one/0/images/deployment.1
> *Fri Jun 22 14:09:24 2012 [VMM][I]: error: monitor socket did not show
> up.: No such file or directory*
> Fri Jun 22 14:09:24 2012 [VMM][E]: Could not create domain from
> /var/lib/one/0/images/deployment.1
> Fri Jun 22 14:09:24 2012 [VMM][I]: ExitCode: 255
> Fri Jun 22 14:09:24 2012 [VMM][I]: Failed to execute virtualization driver
> operation: deploy.
> Fri Jun 22 14:09:24 2012 [VMM][E]: Error deploying virtual machine: Could
> not create domain from /var/lib/one/0/images/deployment.1
> Fri Jun 22 14:09:25 2012 [DiM][I]: New VM state is FAILED
>
> In syslog it is very similar:
> Jun 22 16:45:01 tyan-host kernel: [82002.423842] type=1505
> audit(1340376301.285:71): operation="profile_load" pid=24477
> name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79"
> Jun 22 16:45:01 tyan-host libvirtd: 16:45:01.317: error :
> qemuDomainSetFileOwnership:2222 : cannot set ownership on
> /var/lib/one/0/images/disk.0: Permission denied
> Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.327: error :
> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
> directory
> Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.328: error :
> qemuConnectMonitor:822 : Failed to connect monitor for one-0#012
> Jun 22 16:45:31 tyan-host kernel: [82032.643614] type=1505
> audit(1340376331.505:72): operation="profile_remove" pid=24585
> name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79" namespace="root"
>
>
> Jan
>
>
>
>
>
>
>
> Dňa 22.06.2012 11:58, Jaime Melis wrote / napísal(a):
>
> Hello Jan,
>
> I forgot to mention that it's not enough with using the SSH transfer
> driver, you also have to unmount all your NFS exports in your hypervisor
> node, so the disk images aren't copied to an NFS filesystem.
>
> Cheers,
> Jaime
>
> On Fri, Jun 22, 2012 at 11:21 AM, Jaime Melis <jmelis at opennebula.org>wrote:
>
>> Hello Jan,
>>
>> let's try without NFS just to rule it out. Can you use the SSH transfer
>> driver:
>>
>> http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver
>> and try launching the VM again?
>>
>> By the way, after reading your logs it seems you're not using the last
>> stable release OpenNebula 3.4. Could you upgrade to this release?
>>
>> Regards,
>> Jaime
>>
>>
>> On Fri, Jun 22, 2012 at 8:01 AM, Jan Benadik <jan.benadik at atos.net>wrote:
>>
>>> Yes, it runs:
>>> oneadmin at nebula-3:~$ ps aux |grep oned
>>> oneadmin 10158 0.0 0.1 1172252 8020 ? Sl Jun21 0:22
>>> /usr/bin/oned -f
>>>
>>> When I changed security_driver in qemu.conf to default state
>>>
>>> /etc/libvirt/qemu.conf:
>>> # security_driver = "selinux"
>>>
>>> my error message went back to previous state (but still was there) ...
>>>
>>> When I replaced OS on host to Ubuntu 10.04 Server (with the same
>>> settings), error message is:
>>>
>>> Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT
>>> Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file:
>>> /var/lib/one/1/deployment.4
>>> Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0
>>> Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver
>>> operation: pre.
>>> Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT |
>>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan
>>> Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from
>>> /var/lib/one/1/images/deployment.4
>>> *Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on
>>> /var/lib/one/1/images/disk.1: Permission denied*
>>> Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from
>>> /var/lib/one/1/images/deployment.4
>>> Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
>>> Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization
>>> driver operation: deploy.
>>> Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine:
>>> Could not create domain from /var/lib/one/1/images/deployment.4
>>> Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED
>>>
>>> Messages in /var/log/syslog at the same time:
>>> Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD ( cd / && run-parts
>>> --report /etc/cron.hourly)
>>> Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505
>>> audit(1340353324.455:27): operation="profile_load" pid=13044
>>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
>>> Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error :
>>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>>> /var/lib/one/1/images/disk.0: Permission denied
>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>>> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
>>> directory
>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>>> qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error :
>>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>>> /var/lib/one/1/images/disk.1: Permission denied
>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning :
>>> qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for
>>> one-1
>>> Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505
>>> audit(1340353354.655:28): operation="profile_remove" pid=13051
>>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" namespace="root"
>>>
>>> Jan
>>>
>>>
>>>
>>> DĹ a 21.06.2012 17 <21.06.2012%2017>:19, Javier Fontan wrote /
>>> napĂsal(a):
>>>
>>> Also, I supposte oned is running as oneadmin user. Just to check.
>>>
>>> On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfontan at opennebula.org> <jfontan at opennebula.org> wrote:
>>>
>>> I am checking my configuration ans the only differences are:
>>>
>>> * oneadmin is in group oneadmin
>>> * qemu group is oneadmin
>>> * ďż˝/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
>>>
>>> Can you try moving the line of apparmor to
>>> /etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
>>> problem that we don't know of. Unfortunately I am not an apparmor.
>>>
>>> On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.benadik at atos.net> <jan.benadik at atos.net> wrote:
>>>
>>> So - now I have still the same error message in oned.log:
>>> Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
>>> Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
>>> /var/lib/one/0/deployment.38
>>> Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
>>> Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
>>> operation: pre.
>>> Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
>>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
>>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
>>> /var/lib/one/0/images/deployment.38
>>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
>>> Connection reset by peer
>>> Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
>>> /var/lib/one/0/images/deployment.38
>>> Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
>>> Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
>>> operation: deploy.
>>> Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
>>> not create domain from /var/lib/one/0/images/deployment.38
>>> Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
>>>
>>> At the same time in the /var/log/libvirt/libvirtd.log the following message
>>> appears:
>>> 2012-06-21 09:27:43.610+0000: 1114: warning :
>>> virDomainDiskDefForeachPath:13244 : Ignoring open failure on
>>> /var/lib/one/0/images/disk.1: Permission denied
>>> 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
>>> to read from monitor: Connection reset by peer
>>>
>>> Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
>>> flushed ...!).
>>>
>>> Permissions of files and folders:
>>> oneadmin at opennebula-host:/var/lib$ ls -ld /var/lib/one
>>> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
>>>
>>> oneadmin at opennebula-host:/var/
>>> lib/one# ls -la
>>> total 132
>>> drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 .
>>> drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 ..
>>> -rw-------ďż˝ 1 oneadmin cloudďż˝ 2261 Jun 21 08:42 .bash_history
>>> drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:48 .cache
>>> drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:49 .one
>>> drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh
>>> -rw-------ďż˝ 1 oneadmin cloudďż˝ 3412 Jun 20 11:06 .viminfo
>>> drwxrwxrwxďż˝ 3 oneadmin cloudďż˝ 4096 Jun 21 09:26 0
>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 1738 Jun 21 08:50 config
>>> drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images
>>> -rw-r--r--ďż˝ 1 oneadmin cloud 67584 Jun 21 09:27 one.db
>>> -rw-r--r--ďż˝ 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
>>> drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes
>>>
>>> oneadmin at opennebula-host:/var/lib/one/0# ls -la
>>> total 20
>>> drwxrwxrwxďż˝ 3 oneadmin cloud 4096 Jun 21 09:36 .
>>> drwxr-xr-x 10 oneadmin rootďż˝ 4096 Jun 21 09:35 ..
>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 735 Jun 21 09:26 deployment.38
>>> drwxrwxrwxďż˝ 2 oneadmin cloud 4096 Jun 21 09:26 images
>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 201 Jun 21 09:26 transfer.38.prolog
>>>
>>> oneadmin at opennebula-host:/var/lib/one/0/images# ls -la
>>> total 906256
>>> drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 .
>>> drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 ..
>>> -rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38
>>> -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
>>> lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 ->
>>> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
>>>
>>> oneadmin at opennebula-host:~/images$ ls -la
>>> total 1040116
>>> drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 .
>>> drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 ..
>>> -rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57
>>> 46440b43448202b4ee69b4b541f5eeab
>>> -rw-rw----ďż˝ 1 oneadmin root 10737418241 Jun 20 10:57
>>> 9c52b90a79dba7c26a912d05ff5190b8
>>>
>>>
>>> Libvirtd and Qemu settings:
>>> /etc/libvirt/libvirtd.conf:
>>> listen_tls = 0
>>> listen_tcp = 1
>>> unix_sock_group = "libvirtd"
>>> unix_sock_ro_perms = "0777"
>>> unix_sock_rw_perms = "0777"
>>> unix_sock_dir = "/var/run/libvirt"
>>> auth_unix_ro = "none"
>>> auth_unix_rw = "none"
>>>
>>> /etc/libvirt/qemu.conf:
>>> security_driver = "none"
>>> user = "oneadmin"
>>> group = "cloud"
>>> dynamic_ownership = 0
>>>
>>> /etc/default/libvirt-bin:
>>> start_libvirtd="yes"
>>> libvirtd_opts="-d -l"
>>>
>>> /etc/apparmor.d/usr.sbin.libvirtd:
>>> # Last Modified: Mon Julďż˝ 6 17:23:58 2009
>>> #include <tunables/global>
>>> @{LIBVIRT}="libvirt"
>>>
>>> /usr/sbin/libvirtd {
>>> ďż˝ #include <abstractions/base>
>>> ďż˝ # Site-specific additions and overrides. See local/README for details.
>>> ďż˝ #include <local/usr.sbin.libvirtd>
>>>
>>> ďż˝ capability kill,
>>> ďż˝ capability net_admin,
>>> ďż˝ capability net_raw,
>>> ďż˝ capability setgid,
>>> ďż˝ capability sys_admin,
>>> ďż˝ capability sys_module,
>>> ďż˝ capability sys_ptrace,
>>> ďż˝ capability sys_nice,
>>> ďż˝ capability sys_chroot,
>>> ďż˝ capability setuid,
>>> ďż˝ capability dac_override,
>>> ďż˝ capability dac_read_search,
>>> ďż˝ capability fowner,
>>> ďż˝ capability chown,
>>> ďż˝ capability setpcap,
>>> ďż˝ capability mknod,
>>> ďż˝ capability fsetid,
>>> ďż˝ capability ipc_lock,
>>>
>>> ďż˝ network inet stream,
>>> ďż˝ network inet dgram,
>>> ďż˝ network inet6 stream,
>>> ďż˝ network inet6 dgram,
>>> ďż˝ network packet dgram,
>>>
>>> ďż˝ # for now, use a very lenient profile since we want to first focus on
>>> ďż˝ # confining the guests
>>> ďż˝ / r,
>>> ďż˝ /** rwmkl,
>>>
>>> ďż˝ /bin/* PUx,
>>> ďż˝ /sbin/* PUx,
>>> ďż˝ /usr/bin/* PUx,
>>> ďż˝ /usr/sbin/* PUx,
>>> ďż˝ /lib/udev/scsi_id PUx,
>>>
>>> ďż˝ # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
>>> ďż˝ # write and run an ebtables script.
>>> ďż˝ /var/lib/libvirt/virtd* ixr,
>>>
>>> ďż˝ # force the use of virt-aa-helper
>>> ďż˝ audit deny /sbin/apparmor_parser rwxl,
>>> ďż˝ audit deny /etc/apparmor.d/libvirt/** wxl,
>>> ďż˝ audit deny /sys/kernel/security/apparmor/features rwxl,
>>> ďż˝ audit deny /sys/kernel/security/apparmor/matching rwxl,
>>> ďż˝ audit deny /sys/kernel/security/apparmor/.* rwxl,
>>> ďż˝ /sys/kernel/security/apparmor/profiles r,
>>> ďż˝ /usr/lib/libvirt/* PUxr,
>>> ďż˝ /etc/libvirt/hooks/** rmix,
>>> ďż˝ /var/lib/one/** lrwk,
>>>
>>> ďż˝ # allow changing to our UUID-based named profiles
>>> ďż˝ change_profile ->
>>> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
>>>
>>> }
>>>
>>> User settings:
>>> oneadmin at opennebula-host:~/images$ groups oneadmin
>>> oneadmin : cloud root disk kvm libvirtd
>>>
>>>
>>>
>>> My question - where is an issue?
>>>
>>> Jan
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>> --
>>> Javier Font�n Mui�os
>>> Project Engineer
>>> OpenNebula - The Open Source Toolkit for Data Center Virtualizationwww.OpenNebula.org� <http://www.OpenNebula.org%EF%BF%BD>|�jfontan at opennebula.org�| @OpenNebula
>>>
>>>
>>> --
>>>
>>> *JĂĄn BeĹ adik*
>>> Managed Services - Solution Design Architect
>>> +421 46 5151 332
>>> +421 903 691 634
>>> jan.benadik at atos.net <//jan.benadik at atos.net>
>>> VinohradnĂcka 6, 971 01 Prievidza
>>> www.sk.atos.net
>>> __________________________________
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>>
>> --
>> Jaime Melis
>> Project Engineer
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org | jmelis at opennebula.org
>>
>
>
>
> --
> Jaime Melis
> Project Engineer
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | jmelis at opennebula.org
>
>
> --
>
> *Ján Beňadik*
> Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>
> Vinohradnícka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120622/bc04016a/attachment-0003.htm>
More information about the Users
mailing list