[one-users] open /dev/kvm: Permission denied on Debian Squeeze

Jaime Melis jmelis at opennebula.org
Thu Sep 13 03:37:26 PDT 2012 

Hello Valentin,

Thanks for the tip, we will review it and include in the documentation.

Thanks!

Jaime

On Wed, Jul 25, 2012 at 1:36 PM, Valentin Bud <valentin.bud at gmail.com>wrote:

> Hello Javier,
>
> Thank you for your answer. Indeed, changing /dev/kvm group to oneadmin
> solved the problem. I can now happily launch VMs on the Cloud.
>
> For future references, to make the change persist after reboot I have done:
>
> # cat > /etc/udev/rules.d/60-qemu-kvm.rules
> KERNEL=="kvm", GROUP="oneadmin", MODE="0660"
>
> I have also read the man page for udev to get this right. Learned
> something new today :).
>
> Maybe the OpenNebula developers could add this to the documentation in the
> KVM Configuration [1] section as a note for Debian Squeeze.
>
> NOTE:
> On Debian Squeeze when creating a VM as a regular user, the only group
> that is taken into account is the  one  that appears as 'gid' (oneadmin in
> this case). To solve the problem change the owner of /dev/kvm 'to
> root.oneadmin. To make the changes persist after reboot:
>
> # cat /etc/udev/rules.d/60-qemu-kvm.rules
> KERNEL=="kvm", GROUP="oneadmin", MODE="0660"
>
> [1] - http://opennebula.org/documentation:rel3.6:kvmg
>
>
> Cheers and Goodwill,
> Valentin Bud
>
> On Wed, Jul 25, 2012 at 1:15 PM, Javier Alvarez <javier.alvarez at bsc.es>wrote:
>
>>  Hello Valentin,
>>
>> Apparently, when creating a VM as a regular user, the only group that is
>> taken into account is the one that appears as 'gid' (oneadmin in this
>> case). So what I did to solve the problem was to change the owner of
>> /dev/kvm to root.oneadmin.
>>
>> Best,
>>
>> Javi
>>
>>
>> On 25/07/12 11:19, Valentin Bud wrote:
>>
>> Hello,
>>
>> I have recently setup OpenNebula 3.6 on 2 Debian Squeeze boxes. Both
>> machines function as hosts, one of them as frontend.
>> I have followed the OpenNebula documentation [1] to setup the KVM driver
>> on the hosts.
>>
>> ### Host A
>>
>> # kvm --version
>> QEMU PC emulator version 0.12.5 (qemu-kvm-0.12.5), Copyright (c)
>> 2003-2008 Fabrice Bellard
>>
>> # virsh --version
>> 0.8.3
>>
>> # grep -vE '^($|#)' /etc/libvirt/qemu.conf
>> user = "oneadmin"
>> group = "oneadmin"
>> dynamic_ownership = 0
>>
>> # id oneadmin
>> uid=1001(oneadmin) gid=1001(oneadmin)
>> groups=1001(oneadmin),106(kvm),108(libvirt)
>>
>> # ls -al /dev/kvm
>> crw-rw---- 1 root kvm 10, 232 Jul 25 11:23 /dev/kvm
>>
>> ### Host B
>>
>> # kvm --version
>> QEMU PC emulator version 0.12.5 (qemu-kvm-0.12.5), Copyright (c)
>> 2003-2008 Fabrice Bellard
>>
>> # virsh --version
>> 0.8.3
>>
>> # grep -vE '^($|#)' /etc/libvirt/qemu.conf
>> user = "oneadmin"
>> group = "oneadmin"
>> dynamic_ownership = 0
>>
>> # id oneadmin
>> uid=1001(oneadmin) gid=1001(oneadmin)
>> groups=1001(oneadmin),106(kvm),108(libvirt)
>>
>> # ls -al /dev/kvm
>> crw-rw---- 1 root kvm 10, 232 Jul 25 11:23 /dev/kvm
>>
>> Doesn't matter on which host the VM gets deployed, the error is the same.
>> The error follows:
>>
>> LC_ALL=C
>> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
>> HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M
>> pc-0.12 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name one-4
>> -uuid a7db4cd7-e258-503a-cc57-59d2dc1135ea -nodefaults -chardev
>> socket,id=monitor,path=/var/lib/libvirt/qemu/one-4.monitor,server,nowait
>> -mon chardev=monitor,mode=readline -rtc base=utc -boot c -device
>> lsi,id=scsi0,bus=pci.0,addr=0x5 -drive
>> file=/var/lib/one/datastores/0/4/disk.0,if=none,id=drive-scsi0-0-0,boot=on,format=qcow2
>> -device scsi-disk,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0
>> -device rtl8139,vlan=0,id=net0,mac=02:00:0a:41:02:65,bus=pci.0,addr=0x3
>> -net tap,fd=36,vlan=0,name=hostnet0 -device
>> rtl8139,vlan=1,id=net1,mac=02:00:0a:41:03:65,bus=pci.0,addr=0x4 -net
>> tap,fd=37,vlan=1,name=hostnet1 -usb -vnc 0.0.0.0:4 -vga cirrus -device
>> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
>> open /dev/kvm: Permission denied
>> Could not initialize KVM, will disable KVM support
>>
>> I don't have AppArmor installed or any other tool of this kind. It's just
>> a stock Debian Squeeze install. OpenNebula was compiled on another machine
>> and installed on Host A which is the frontend.
>>
>> Does anyone of you have any idea about this error? I have Googled around
>> but could not find any answer. Everything seems correct as per OpenNebula
>> KVM documentation [1].
>>
>> Thank you for your time invested in reading this email. Cheers and
>> Goodwill,
>> Valentin Bud
>>
>> [1]: http://opennebula.org/documentation:rel3.6:kvmg
>> --
>> w: http://ing.enia.re/ <http://databus.ro/blog>
>> in: http://www.linkedin.com/pub/valentin-bud/9/881/830
>> t: https://twitter.com/valentinbud
>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>> --
>> Javier Álvarez Cid-Fuentes
>> Grid Computing and Clusters Group
>> Barcelona Supercomputing Center (BSC-CNS)
>> Tel. (+34) 93 413 72 46
>>
>>
>>
>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>> individual or entity to which it is addressed and may contain information
>> which is privileged, confidential, proprietary, or exempt from disclosure
>> under applicable law. If you are not the intended recipient or the person
>> responsible for delivering the message to the intended recipient, you are
>> strictly prohibited from disclosing, distributing, copying, or in any way
>> using this message. If you have received this communication in error,
>> please notify the sender and destroy and delete any copies you may have
>> received.
>>
>> http://www.bsc.es/disclaimer <http://www.bsc.es/disclaimer.htm>
>>
>
>
>
> --
> w: http://ing.enia.re/
> in: http://www.linkedin.com/pub/valentin-bud/9/881/830
> t: https://twitter.com/valentinbud
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120913/8ec7e80f/attachment-0001.htm>

More information about the Users mailing list