<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry, as Ruben S. Montero stated, I specified dynamic_ownership=0
in /etc/libvirt/qemu.conf to avoid KVM changing image file
permissions in /var/lib/one/images to root:root.<br>
<br>
Best Regards,<br>
Alberto Picón<br>
<br>
-------- Mensaje original --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">Asunto: </th>
<td>Re: [one-users] Opennebula 3.0 RC1 and persistent images
in KVM VMs</td>
</tr>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">Fecha: </th>
<td>Tue, 27 Sep 2011 02:00:45 +0200</td>
</tr>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">De: </th>
<td>Alberto Picón Couselo <a class="moz-txt-link-rfc2396E" href="mailto:alpicon1@gmail.com"><alpicon1@gmail.com></a></td>
</tr>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">Responder
a: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:alpicon1@gmail.com">alpicon1@gmail.com</a></td>
</tr>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">Para: </th>
<td>Ruben S. Montero <a class="moz-txt-link-rfc2396E" href="mailto:rubensm@dacya.ucm.es"><rubensm@dacya.ucm.es></a></td>
</tr>
<tr>
<th nowrap="nowrap" align="RIGHT" valign="BASELINE">CC: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:users@lists.opennebula.org">users@lists.opennebula.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:users@lists.opennebula.org"><users@lists.opennebula.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi all,<br>
<br>
I finally executed KVM VM's with persistent disks in OpenNebula. <br>
<br>
I made the following changes in /etc/libvirt/qemu.conf<br>
<br>
# The user ID for QEMU processes run by the system instance<br>
user = "oneadmin"<br>
<br>
# The group ID for QEMU processes run by the system instance<br>
group = "oneadmin"<br>
<br>
# Whether libvirt should dynamically change file ownership<br>
# to match the configured user/group above. Defaults to 1.<br>
# Set to 0 to disable file ownership changes.<br>
dynamic_ownership = 1<br>
<br>
Oneadmin and libvirt-qemu user and group membership are as follows
in KVM worker node:<br>
<br>
~# groups oneadmin<br>
oneadmin : oneadmin kvm libvirt<br>
~# groups libvirt-qemu<br>
libvirt-qemu : kvm oneadmin<br>
<br>
I changed KVM /dev/kvm group from kvm to oneadmin:<br>
<br>
~# chgrp oneadmin /dev/kvm<br>
~# ls -la /dev/kvm<br>
crw-rw---- 1 root oneadmin 10, 232 sep 16 20:35 /dev/kvm<br>
<br>
I will need to change group permissions of /dev/kvm to oneadmin in
rc.local because reloading qemu-kvm resets /dev/kvm to kvm group. Do
you know any other way to set up group of /dev/kvm?<br>
<br>
Thank you very much everybody for your help and support!<br>
<br>
Best Regards,<br>
Alberto Picón<br>
<br>
El 26/09/2011 22:45, Ruben S. Montero escribió:
<blockquote
cite="mid:CAGi56tdeFUf3xSD--csR26RxRCgKAyxBqyc9R5FSkV2gnsg_xg@mail.gmail.com"
type="cite">Hi
<div><br>
</div>
<div>You may try to disable dynamic ownership in qemu.conf, as:</div>
<div>... <br>
<div>user = "root"</div>
<div>group = "root"</div>
<div><br>
</div>
<div>dynamic_ownership = 0</div>
<div>...</div>
<div><br>
</div>
<div>Cheers</div>
<div><br>
</div>
<div>Ruben</div>
<div class="gmail_quote">On Mon, Sep 26, 2011 at 9:52 PM,
Alberto Picón Couselo <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:alpicon1@gmail.com">alpicon1@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">Hi, Fabian.<br>
<br>
We have tested root read and write access to NFS mount in
KVM worker node and it works correctly. As you stated, when
we create a persistent image, Opennebula creates a link to
the registered image in /var/lib/{VID}/image. We are using
FreeNAS 8.0 Final Release for shared storage and it
implements NFSv3.<br>
<br>
When a new instance is deployed using a persistent image,
the image changes a quarter of a second to libvirt-bin:kvm
file permissions, instance fails to boot with "permission
denied" error and persistent image in repository changes its
file permissions to root user and root group.<br>
<br>
When we use a non persistent image, KVM instance boots
correctly cloning the registered image to
/var/lib/{VID}/image/disk.0, and it has libvirt-bin:kvm file
permissions during RUNNING state.<br>
<br>
Please, any clue regarding this issue would be really
appreciated.<br>
<br>
Best Regards,<br>
Alberto Picón<br>
<br>
El 26/09/2011 13:50, Fabian Wenk escribió:
<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;"> Hello Alberto<br>
<br>
On <a moz-do-not-send="true"
href="tel:25.09.2011%2000" value="+12509201100"
target="_blank">25.09.2011 00</a>:27, Alberto Picón
Couselo wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;"> We have some a problems
using persistent KVM images in Opennebula 3.0 RC1.<br>
<br>
Our configuration is as follows:<br>
<br>
Opennebula Front-End Ubuntu LTS 10.04<br>
KVM worker node Debian Queeze 6.0.2<br>
NAS for NFS Shared storage<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;"> Sat Sep 24 23:49:08 2011
[VMM][I]: Command execution fail: 'if [ -x<br>
"/var/lib/one/remotes/vmm/kvm/deploy" ]; then<br>
/var/lib/one/remotes/vmm/kvm/deploy
/var/lib/one/212/images/deployment.0<br>
tc-kvm-hv02 212 tc-kvm-hv02; else
exit 42; fi'<br>
Sat Sep 24 23:49:08 2011 [VMM][I]: error: Failed to
create domain from<br>
/var/lib/one/212/images/deployment.0<br>
Sat Sep 24 23:49:08 2011 [VMM][I]: error: internal
error process exited<br>
while connecting to monitor: qemu: could not open
disk image<br>
/var/lib/one/212/images/disk.0: Permission denied<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;"> Please, can you give us
any clue regarding this issue?. Persistent mode<br>
for KVM VMs is essential for us...<br>
</blockquote>
<br>
Is root allowed to read/write in the NFS mounted
images folder? Check the options in /etc/exports on
the NFS server.<br>
Eventually you also need to force the client (cluster
node) to mount it using NFSv3 (instead of NFSv4).<br>
<br>
With persistent images, the images stays in the images
folder and is only linked from the
<vm_id>/images/ folder. KVM does run with root
privileges.<br>
<br>
<br>
bye<br>
Fabian<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</blockquote>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Dr. Ruben Santiago Montero<br>
Associate Professor (Profesor Titular), Complutense University
of Madrid<br>
<br>
URL: <a moz-do-not-send="true"
href="http://dsa-research.org/doku.php?id=people:ruben"
target="_blank">http://dsa-research.org/doku.php?id=people:ruben</a><br>
Weblog: <a moz-do-not-send="true"
href="http://blog.dsa-research.org/?author=7" target="_blank">http://blog.dsa-research.org/?author=7</a><br>
</div>
</blockquote>
</body>
</html>