[one-users] Permission denied while creating VM

Tobias Honacker t.honacker at googlemail.com
Thu Feb 28 09:43:07 PST 2013


Hi Jaime,

It works, thanks. Don't know why i don't try this.
Thanks for support. Maybe we should put this to the documentation.


Best regards,
Tobias

Von:  Jaime Melis <jmelis at opennebula.org>
Datum:  Thu, 28 Feb 2013 18:35:23 +0100
An:  Tobias Honacker <t.honacker at googlemail.com>
Cc:  Users OpenNebula <users at lists.opennebula.org>
Betreff:  Re: [one-users] Permission denied while creating VM

Is 'oneadmin' in the 'disk' group? can you try that?


On Thu, Feb 28, 2013 at 6:28 PM, Tobias Honacker <t.honacker at googlemail.com>
wrote:
> Hi Jaime,
> 
> bash-4.1$ sudo -u oneadmin virsh -c qemu:///system create deployment.0
> Fehler: Fehler beim Erstellen der Domain von deployment.0
> Fehler: internal error process exited while connecting to monitor: qemu-kvm:
> -drive 
> file=/var/lib/one//datastores/0/18/disk.0,if=none,id=drive-ide0-0-0,format=raw
> : could not open disk image /var/lib/one//datastores/0/18/disk.0: Permission
> denied
> 
> 
> bash-4.1$ ls -lL disk.0
> brw-rw---- 1 root disk 253, 9 28. Feb 18:26 disk.0
> 
> 
> Best regards,
> Tobias
> 
> Von:  Jaime Melis <jmelis at opennebula.org>
> Datum:  Thu, 28 Feb 2013 18:21:50 +0100
> 
> An:  Tobias Honacker <t.honacker at googlemail.com>
> Cc:  Users OpenNebula <users at lists.opennebula.org>
> Betreff:  Re: [one-users] Permission denied while creating VM
> 
> Sorry Tobias, the command I sent is not the correct one, you have to
> explicitely say that you want to connect to the system socket. Do this
> instead:
> 
> $ sudo -u oneadmin virsh -c qemu:///system create deployment.0
> 
> 
> On Thu, Feb 28, 2013 at 6:14 PM, Tobias Honacker <t.honacker at googlemail.com>
> wrote:
>> Hi Jaime,
>> 
>> Thanks for the support.
>> 
>> ---snip---
>> bash-4.1$ sudo -u oneadmin virsh create deployment.0
>> 
>> Fehler: Fehler beim Erstellen der Domain von deployment.0
>> 
>> Fehler: Unable to create tap device vnet%d: Operation not permitted
>> 
>> ---snip---
>> 
>> 
>> 
>> 
>> 
>> Does /var/log/libvirtd/qemu/one-<vm_id>.log shed any light on the issue?
>> 
>> 
>> 
>> --> nope, exact same error.
>> 
>> 
>> 
>> It could be a polkit problem, have you grepped the usual suspects? auth.log,
>> etcŠ
>> 
>> 
>> 
>> --> can't see any error or strange log files
>> 
>> 
>> 
>> 
>> 
>> /var/log/libvirt/libvirtd.log :
>> 
>> 
>> 
>> 2013-02-28 14:57:10.341+0000: 11893: error : qemuMonitorOpenUnix:266 : failed
>> to connect to monitor socket: No such process
>> 
>> 2013-02-28 14:57:10.342+0000: 11893: error : qemuProcessWaitForMonitor:1533 :
>> internal error process exited while connecting to monitor:
>> 
>> qemu-kvm: -drive
>> file=/var/lib/one//datastores/0/17/disk.0,if=none,id=drive-ide0-0-0,format=ra
>> w: could not open disk image /var/lib/one//datastores/0/17/disk.0: Permission
>> denied
>> 
>> 
>> 
>> Don't know what "
>> 
>> failed to connect to monitor socket: No such process" means, all settings are
>> correct in my opinion.
>> 
>> 
>> 
>> 
>> 
>> Best regards,
>> 
>> Tobias
>> 
>> 
>> 
>> Von:  Jaime Melis <jmelis at opennebula.org>
>> Datum:  Thu, 28 Feb 2013 16:36:45 +0100
>> An:  Tobias Honacker <t.honacker at googlemail.com>
>> Cc:  Users OpenNebula <users at lists.opennebula.org>
>> Betreff:  Re: [one-users] Permission denied while creating VM
>> 
>> Hi Tobias,
>> 
>> I have no idea why that's happening to you. I'm wondering, have you tried
>> start the VM manually in the host after it fails to deploy? the files should
>> be still there until you do "onevm delete".
>> $ virsh create /var/lib/one/datastores/0/<vm_id>/deployment.0
>> 
>> Does /var/log/libvirtd/qemu/one-<vm_id>.log shed any light on the issue?
>> 
>> It could be a polkit problem, have you grepped the usual suspects? auth.log,
>> etc...
>> 
>> cheers,
>> Jaime
>> 
>> 
>> On Tue, Feb 26, 2013 at 5:21 PM, Tobias Honacker <t.honacker at googlemail.com>
>> wrote:
>>> Hi guys,
>>> 
>>> My environment:
>>> 
>>> OS: CentOS 6.3
>>> Version: OpenNebula 3.8.3
>>> Datastore: LVM (DRBD 8.4.3 + clvm + crm)
>>> Filesystem of /var/lib/one: ext4
>>> Images: 1x (Type: Datablock - 10G) and 1x (Type: CDROM - Path
>>> /tmp/debian-image.iso)
>>> LVM Storage is working perfectly and without errors!
>>> 
>>> 
>>> My Problem:
>>> 
>>> VM is not booting cause of this error:
>>> 
>>> ---snip---
>>> Tue Feb 26 16:17:35 2013 [VMM][D]: Message received: LOG I 1 Successfully
>>> execute network driver operation: pre.
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 Command
>>> execution fail: cat << EOT | /var/lib/one/remotes/vmm/kvm/deploy
>>> /var/lib/one//datastores/0/1/deployment.0 priv$
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 error: Failed
>>> to create domain from /var/lib/one//datastores/0/1/deployment.0
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 error:
>>> internal error process exited while connecting to monitor: qemu-kvm:
>>> -drive
>>> file=/var/lib/one//datastores/0/1/disk.0,if=none,id=drive-ide0-0-0,format=r
>>> aw: could not open disk image /var/lib/one//datastores/0/1/disk.0:
>>> Permission denied
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG E 1 Could not
>>> create domain from /var/lib/one//datastores/0/1/deployment.0
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 ExitCode: 255
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 Failed to
>>> execute virtualization driver operation: deploy.
>>> 
>>> Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: DEPLOY FAILURE 1
>>> Could not create domain from /var/lib/one//datastores/0/1/deployment.0
>>> ---snip---
>>> 
>>> 
>>> 
>>> Datastore Config:
>>> 
>>> NAME = drbd
>>> DS_MAD = lvm
>>> TM_MAD = lvm
>>> VG_NAME = vg-one
>>> HOST = localhost
>>> 
>>> 
>>> 
>>> [root at priv001 one]# grep -vE '^($|#)' /etc/libvirt/qemu.conf
>>> user  = "oneadmin"
>>> group = "oneadmin"
>>> dynamic_ownership = 0
>>> 
>>> 
>>> 
>>> root at priv001 one]# grep -vE '^($|#)' /etc/libvirt/libvirtd.conf
>>> listen_tls = 0
>>> listen_tcp = 1
>>> mdns_adv = 0
>>> unix_sock_group = "libvirt"
>>> unix_sock_ro_perms = "0777"
>>> unix_sock_rw_perms = "0770"
>>> auth_unix_ro = "none"
>>> auth_unix_rw = "none"
>>> 
>>> 
>>> 
>>> [root at priv001 one]# id oneadmin
>>> uid=9869(oneadmin) gid=9869(oneadmin)
>>> Gruppen=9869(oneadmin),36(kvm),9870(libvirt)
>>> 
>>> 
>>> 
>>> [root at priv001 one]# cat
>>> /etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebu
>>> la.pkla
>>> # content of file:
>>> /etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebu
>>> la.pkla
>>> [Allow oneadmin user to manage virtual machines]
>>> Identity=unix-user:oneadmin
>>> Action=org.libvirt.unix.manage
>>> #Action=org.libvirt.unix.monitor
>>> ResultAny=yes
>>> ResultInactive=yes
>>> ResultActive=yes
>>> 
>>> 
>>> 
>>> [root at priv001 ~]# getenforce
>>> Disabled
>>> 
>>> 
>>> Diskpermission:
>>> 
>>> lrwxrwxrwx 1 oneadmin oneadmin   24 26. Feb 17:01 disk.0 ->
>>> /dev/vg-one/lv-one-0-3-0
>>> 
>>> 
>>> 
>>> I've tried lots of thins like upgrading drbd, OpenNebula from 3.8.1 to
>>> 3.8.3, using other filesystems, playing around with libvirt rights, tried
>>> oneadmin as group from libvirt etc.pp.
>>> 
>>> 
>>> Any idea whats wrong with my system?
>>> Thanks for helping.
>>> 
>>> 
>>> 
>>> Best regards,
>>> Tobias
>>> 
>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> 
>> 
>> 
>> -- 
>> Jaime Melis
>> Project Engineer
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org <http://www.OpenNebula.org>  | jmelis at opennebula.org
> 
> 
> 
> -- 
> Jaime Melis
> Project Engineer
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org <http://www.OpenNebula.org>  | jmelis at opennebula.org



-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.OpenNebula.org>  | jmelis at opennebula.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130228/c9def857/attachment-0001.htm>


More information about the Users mailing list