[one-users] Error when instantiating VM from image - next status

Javier Fontan jfontan at opennebula.org
Fri Jun 29 03:17:42 PDT 2012


Even if the transfer driver is ssh make suer that the FS is not NFS
mounted. The error looks like NFS not letting you change the permissions.

On Sun, Jun 24, 2012 at 8:56 PM, Jan Benadik <jan.benadik at atos.net> wrote:

>  No - this attempt was with SSH transfer driver, not shared.
>
> Jan
>
> Dňa 22.06.2012 17:18, Ruben S. Montero  wrote / napísal(a):
>
> Seems the same thing... is it /var/lib/one/ in an NFS volume in the host?
>
>  BTW, you need ACPI installed in the guest domains to shutdown them, if
> not you can just use cancel
>
>
>  On Fri, Jun 22, 2012 at 4:39 PM, Jan Benadik <jan.benadik at atos.net>wrote:
>
>>  Other error message (with SSH transfer driver used):
>> Fri Jun 22 14:08:53 2012 [LCM][I]: New VM state is BOOT
>> Fri Jun 22 14:08:53 2012 [VMM][I]: Generating deployment file:
>> /var/lib/one/0/deployment.1
>> Fri Jun 22 14:08:53 2012 [VMM][I]: ExitCode: 0
>> Fri Jun 22 14:08:53 2012 [VMM][I]: Successfully execute network driver
>> operation: pre.
>> Fri Jun 22 14:09:24 2012 [VMM][I]: Command execution fail: cat << EOT |
>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.1 10.0.5.201 0
>> 10.0.5.201
>> Fri Jun 22 14:09:24 2012 [VMM][I]: error: Failed to create domain from
>> /var/lib/one/0/images/deployment.1
>> *Fri Jun 22 14:09:24 2012 [VMM][I]: error: monitor socket did not show
>> up.: No such file or directory*
>> Fri Jun 22 14:09:24 2012 [VMM][E]: Could not create domain from
>> /var/lib/one/0/images/deployment.1
>> Fri Jun 22 14:09:24 2012 [VMM][I]: ExitCode: 255
>> Fri Jun 22 14:09:24 2012 [VMM][I]: Failed to execute virtualization
>> driver operation: deploy.
>> Fri Jun 22 14:09:24 2012 [VMM][E]: Error deploying virtual machine: Could
>> not create domain from /var/lib/one/0/images/deployment.1
>> Fri Jun 22 14:09:25 2012 [DiM][I]: New VM state is FAILED
>>
>> In syslog it is very similar:
>> Jun 22 16:45:01 tyan-host kernel: [82002.423842] type=1505
>> audit(1340376301.285:71):  operation="profile_load" pid=24477
>> name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79"
>> Jun 22 16:45:01 tyan-host libvirtd: 16:45:01.317: error :
>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>> /var/lib/one/0/images/disk.0: Permission denied
>> Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.327: error :
>> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
>> directory
>> Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.328: error :
>> qemuConnectMonitor:822 : Failed to connect monitor for one-0#012
>> Jun 22 16:45:31 tyan-host kernel: [82032.643614] type=1505
>> audit(1340376331.505:72):  operation="profile_remove" pid=24585
>> name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79" namespace="root"
>>
>>
>> Jan
>>
>>
>>
>>
>>
>>
>>
>> Dňa 22.06.2012 11:58, Jaime Melis  wrote / napísal(a):
>>
>>  Hello Jan,
>>
>>  I forgot to mention that it's not enough with using the SSH transfer
>> driver, you also have to unmount all your NFS exports in your hypervisor
>> node, so the disk images aren't copied to an NFS filesystem.
>>
>>   Cheers,
>> Jaime
>>
>>  On Fri, Jun 22, 2012 at 11:21 AM, Jaime Melis <jmelis at opennebula.org>wrote:
>>
>>>  Hello Jan,
>>>
>>>  let's try without NFS just to rule it out. Can you use the SSH
>>> transfer driver:
>>>
>>> http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver
>>> and try launching the VM again?
>>>
>>>  By the way, after reading your logs it seems you're not using the last
>>> stable release OpenNebula 3.4. Could you upgrade to this release?
>>>
>>>   Regards,
>>> Jaime
>>>
>>>
>>>  On Fri, Jun 22, 2012 at 8:01 AM, Jan Benadik <jan.benadik at atos.net>wrote:
>>>
>>>>   Yes, it runs:
>>>> oneadmin at nebula-3:~$ ps aux |grep oned
>>>> oneadmin 10158  0.0  0.1 1172252 8020 ?        Sl   Jun21   0:22
>>>> /usr/bin/oned -f
>>>>
>>>> When I changed security_driver in qemu.conf to default state
>>>>
>>>> /etc/libvirt/qemu.conf:
>>>> # security_driver = "selinux"
>>>>
>>>> my error message went back to previous state (but still was there) ...
>>>>
>>>> When I replaced OS on host to Ubuntu 10.04 Server (with the same
>>>> settings), error message is:
>>>>
>>>> Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT
>>>> Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file:
>>>> /var/lib/one/1/deployment.4
>>>> Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0
>>>> Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver
>>>> operation: pre.
>>>> Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT |
>>>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan
>>>> Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from
>>>> /var/lib/one/1/images/deployment.4
>>>> *Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on
>>>> /var/lib/one/1/images/disk.1: Permission denied*
>>>> Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from
>>>> /var/lib/one/1/images/deployment.4
>>>> Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
>>>> Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization
>>>> driver operation: deploy.
>>>> Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine:
>>>> Could not create domain from /var/lib/one/1/images/deployment.4
>>>> Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED
>>>>
>>>> Messages in /var/log/syslog at the same time:
>>>> Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD (   cd / && run-parts
>>>> --report /etc/cron.hourly)
>>>> Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505
>>>> audit(1340353324.455:27):  operation="profile_load" pid=13044
>>>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
>>>> Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error :
>>>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>>>> /var/lib/one/1/images/disk.0: Permission denied
>>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>>>> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
>>>> directory
>>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
>>>> qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
>>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error :
>>>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>>>> /var/lib/one/1/images/disk.1: Permission denied
>>>> Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning :
>>>> qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for
>>>> one-1
>>>> Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505
>>>> audit(1340353354.655:28):  operation="profile_remove" pid=13051
>>>> name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" namespace="root"
>>>>
>>>> Jan
>>>>
>>>>
>>>>
>>>>  DĹ a 21.06.2012 17:19, Javier Fontan  wrote / napĂ­sal(a):
>>>>
>>>>   Also, I supposte oned is running as oneadmin user. Just to check.
>>>>
>>>> On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfontan at opennebula.org> <jfontan at opennebula.org> wrote:
>>>>
>>>>    I am checking my configuration ans the only differences are:
>>>>
>>>> * oneadmin is in group oneadmin
>>>> * qemu group is oneadmin
>>>> * ďż˝/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
>>>>
>>>> Can you try moving the line of apparmor to
>>>> /etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
>>>> problem that we don't know of. Unfortunately I am not an apparmor.
>>>>
>>>> On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.benadik at atos.net> <jan.benadik at atos.net> wrote:
>>>>
>>>>  So - now I have still the same error message in oned.log:
>>>> Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
>>>> Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
>>>> /var/lib/one/0/deployment.38
>>>> Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
>>>> Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
>>>> operation: pre.
>>>> Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
>>>> /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
>>>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
>>>> /var/lib/one/0/images/deployment.38
>>>> Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
>>>> Connection reset by peer
>>>> Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
>>>> /var/lib/one/0/images/deployment.38
>>>> Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
>>>> Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
>>>> operation: deploy.
>>>> Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
>>>> not create domain from /var/lib/one/0/images/deployment.38
>>>> Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
>>>>
>>>> At the same time in the /var/log/libvirt/libvirtd.log the following message
>>>> appears:
>>>> 2012-06-21 09:27:43.610+0000: 1114: warning :
>>>> virDomainDiskDefForeachPath:13244 : Ignoring open failure on
>>>> /var/lib/one/0/images/disk.1: Permission denied
>>>> 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
>>>> to read from monitor: Connection reset by peer
>>>>
>>>> Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
>>>> flushed ...!).
>>>>
>>>> Permissions of files and folders:
>>>> oneadmin at opennebula-host:/var/lib$ ls -ld /var/lib/one
>>>> drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
>>>>
>>>> oneadmin at opennebula-host:/var/
>>>> lib/one# ls -la
>>>> total 132
>>>> drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 .
>>>> drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 ..
>>>> -rw-------ďż˝ 1 oneadmin cloudďż˝ 2261 Jun 21 08:42 .bash_history
>>>> drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:48 .cache
>>>> drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:49 .one
>>>> drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh
>>>> -rw-------ďż˝ 1 oneadmin cloudďż˝ 3412 Jun 20 11:06 .viminfo
>>>> drwxrwxrwxďż˝ 3 oneadmin cloudďż˝ 4096 Jun 21 09:26 0
>>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 1738 Jun 21 08:50 config
>>>> drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images
>>>> -rw-r--r--ďż˝ 1 oneadmin cloud 67584 Jun 21 09:27 one.db
>>>> -rw-r--r--ďż˝ 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
>>>> drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes
>>>>
>>>> oneadmin at opennebula-host:/var/lib/one/0# ls -la
>>>> total 20
>>>> drwxrwxrwxďż˝ 3 oneadmin cloud 4096 Jun 21 09:36 .
>>>> drwxr-xr-x 10 oneadmin rootďż˝ 4096 Jun 21 09:35 ..
>>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 735 Jun 21 09:26 deployment.38
>>>> drwxrwxrwxďż˝ 2 oneadmin cloud 4096 Jun 21 09:26 images
>>>> -rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 201 Jun 21 09:26 transfer.38.prolog
>>>>
>>>> oneadmin at opennebula-host:/var/lib/one/0/images# ls -la
>>>> total 906256
>>>> drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 .
>>>> drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 ..
>>>> -rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38
>>>> -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
>>>> lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 ->
>>>> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
>>>>
>>>> oneadmin at opennebula-host:~/images$ ls -la
>>>> total 1040116
>>>> drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 .
>>>> drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 ..
>>>> -rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57
>>>> 46440b43448202b4ee69b4b541f5eeab
>>>> -rw-rw----ďż˝ 1 oneadmin root 10737418241 Jun 20 10:57
>>>> 9c52b90a79dba7c26a912d05ff5190b8
>>>>
>>>>
>>>> Libvirtd and Qemu settings:
>>>> /etc/libvirt/libvirtd.conf:
>>>> listen_tls = 0
>>>> listen_tcp = 1
>>>> unix_sock_group = "libvirtd"
>>>> unix_sock_ro_perms = "0777"
>>>> unix_sock_rw_perms = "0777"
>>>> unix_sock_dir = "/var/run/libvirt"
>>>> auth_unix_ro = "none"
>>>> auth_unix_rw = "none"
>>>>
>>>> /etc/libvirt/qemu.conf:
>>>> security_driver = "none"
>>>> user = "oneadmin"
>>>> group = "cloud"
>>>> dynamic_ownership = 0
>>>>
>>>> /etc/default/libvirt-bin:
>>>> start_libvirtd="yes"
>>>> libvirtd_opts="-d -l"
>>>>
>>>> /etc/apparmor.d/usr.sbin.libvirtd:
>>>> # Last Modified: Mon Julďż˝ 6 17:23:58 2009
>>>> #include <tunables/global>
>>>> @{LIBVIRT}="libvirt"
>>>>
>>>> /usr/sbin/libvirtd {
>>>> ďż˝ #include <abstractions/base>
>>>> ďż˝ # Site-specific additions and overrides. See local/README for details.
>>>> ďż˝ #include <local/usr.sbin.libvirtd>
>>>>
>>>> ďż˝ capability kill,
>>>> ďż˝ capability net_admin,
>>>> ďż˝ capability net_raw,
>>>> ďż˝ capability setgid,
>>>> ďż˝ capability sys_admin,
>>>> ďż˝ capability sys_module,
>>>> ďż˝ capability sys_ptrace,
>>>> ďż˝ capability sys_nice,
>>>> ďż˝ capability sys_chroot,
>>>> ďż˝ capability setuid,
>>>> ďż˝ capability dac_override,
>>>> ďż˝ capability dac_read_search,
>>>> ďż˝ capability fowner,
>>>> ďż˝ capability chown,
>>>> ďż˝ capability setpcap,
>>>> ďż˝ capability mknod,
>>>> ďż˝ capability fsetid,
>>>> ďż˝ capability ipc_lock,
>>>>
>>>> ďż˝ network inet stream,
>>>> ďż˝ network inet dgram,
>>>> ďż˝ network inet6 stream,
>>>> ďż˝ network inet6 dgram,
>>>> ďż˝ network packet dgram,
>>>>
>>>> ďż˝ # for now, use a very lenient profile since we want to first focus on
>>>> ďż˝ # confining the guests
>>>> ďż˝ / r,
>>>> ďż˝ /** rwmkl,
>>>>
>>>> ďż˝ /bin/* PUx,
>>>> ďż˝ /sbin/* PUx,
>>>> ďż˝ /usr/bin/* PUx,
>>>> ďż˝ /usr/sbin/* PUx,
>>>> ďż˝ /lib/udev/scsi_id PUx,
>>>>
>>>> ďż˝ # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
>>>> ďż˝ # write and run an ebtables script.
>>>> ďż˝ /var/lib/libvirt/virtd* ixr,
>>>>
>>>> ďż˝ # force the use of virt-aa-helper
>>>> ďż˝ audit deny /sbin/apparmor_parser rwxl,
>>>> ďż˝ audit deny /etc/apparmor.d/libvirt/** wxl,
>>>> ďż˝ audit deny /sys/kernel/security/apparmor/features rwxl,
>>>> ďż˝ audit deny /sys/kernel/security/apparmor/matching rwxl,
>>>> ďż˝ audit deny /sys/kernel/security/apparmor/.* rwxl,
>>>> ďż˝ /sys/kernel/security/apparmor/profiles r,
>>>> ďż˝ /usr/lib/libvirt/* PUxr,
>>>> ďż˝ /etc/libvirt/hooks/** rmix,
>>>> ďż˝ /var/lib/one/** lrwk,
>>>>
>>>> ďż˝ # allow changing to our UUID-based named profiles
>>>> ďż˝ change_profile ->
>>>> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
>>>>
>>>> }
>>>>
>>>> User settings:
>>>> oneadmin at opennebula-host:~/images$ groups oneadmin
>>>> oneadmin : cloud root disk kvm libvirtd
>>>>
>>>>
>>>>
>>>> My question - where is an issue?
>>>>
>>>> Jan
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>>   --
>>>> Javier Font�n Mui�os
>>>> Project Engineer
>>>> OpenNebula - The Open Source Toolkit for Data Center Virtualizationwww.OpenNebula.org� <http://www.OpenNebula.org%EF%BF%BD>|�jfontan at opennebula.org�| @OpenNebula
>>>>
>>>>
>>>> --
>>>>
>>>> *JĂĄn BeĹ adik*
>>>>  Managed Services - Solution Design Architect
>>>> +421 46 5151 332 <%2B421%2046%205151%20332>
>>>> +421 903 691 634 <%2B421%20903%20691%20634>
>>>> jan.benadik at atos.net <//jan.benadik at atos.net>
>>>>  VinohradnĂ­cka 6, 971 01 Prievidza
>>>> www.sk.atos.net
>>>> __________________________________
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>>
>>>
>>>
>>>  --
>>> Jaime Melis
>>> Project Engineer
>>> OpenNebula - The Open Source Toolkit for Cloud Computing
>>> www.OpenNebula.org | jmelis at opennebula.org
>>>
>>
>>
>>
>>  --
>> Jaime Melis
>> Project Engineer
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org | jmelis at opennebula.org
>>
>>
>> --
>>
>> *Ján Beňadik*
>>  Managed Services - Solution Design Architect
>> +421 46 5151 332 <%2B421%2046%205151%20332>
>> +421 903 691 634 <%2B421%20903%20691%20634>
>> jan.benadik at atos.net <//jan.benadik at atos.net>
>> Vinohradnícka 6, 971 01 Prievidza
>> www.sk.atos.net
>> __________________________________
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
>  --
> Ruben S. Montero, PhD
> Project co-Lead and Chief Architect
> OpenNebula - The Open Source Solution for Data Center Virtualization
> www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
>
>
> --
>
> *Ján Beňadik*
>  Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>
> Vinohradnícka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/fb12012a/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/fb12012a/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/fb12012a/attachment-0007.gif>


More information about the Users mailing list