<html>
<head>
<meta content="text/html; charset=ISO-8859-2"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Other error message (with SSH transfer driver used):<br>
<small>Fri Jun 22 14:08:53 2012 [LCM][I]: New VM state is BOOT<br>
Fri Jun 22 14:08:53 2012 [VMM][I]: Generating deployment file:
/var/lib/one/0/deployment.1<br>
Fri Jun 22 14:08:53 2012 [VMM][I]: ExitCode: 0<br>
Fri Jun 22 14:08:53 2012 [VMM][I]: Successfully execute network
driver operation: pre.<br>
Fri Jun 22 14:09:24 2012 [VMM][I]: Command execution fail: cat
<< EOT | /var/tmp/one/vmm/kvm/deploy
/var/lib/one/0/images/deployment.1 10.0.5.201 0 10.0.5.201<br>
Fri Jun 22 14:09:24 2012 [VMM][I]: error: Failed to create domain
from /var/lib/one/0/images/deployment.1<br>
<b>Fri Jun 22 14:09:24 2012 [VMM][I]: error: monitor socket did
not show up.: No such file or directory</b><br>
Fri Jun 22 14:09:24 2012 [VMM][E]: Could not create domain from
/var/lib/one/0/images/deployment.1<br>
Fri Jun 22 14:09:24 2012 [VMM][I]: ExitCode: 255<br>
Fri Jun 22 14:09:24 2012 [VMM][I]: Failed to execute
virtualization driver operation: deploy.<br>
Fri Jun 22 14:09:24 2012 [VMM][E]: Error deploying virtual
machine: Could not create domain from
/var/lib/one/0/images/deployment.1<br>
Fri Jun 22 14:09:25 2012 [DiM][I]: New VM state is FAILED<br>
<br>
<big>In syslog it is very similar:</big></small><br>
<small>Jun 22 16:45:01 tyan-host kernel: [82002.423842] type=1505
audit(1340376301.285:71): operation="profile_load" pid=24477
name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79"<br>
Jun 22 16:45:01 tyan-host libvirtd: 16:45:01.317: error :
qemuDomainSetFileOwnership:2222 : cannot set ownership on
/var/lib/one/0/images/disk.0: Permission denied<br>
Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.327: error :
qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such
file or directory<br>
Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.328: error :
qemuConnectMonitor:822 : Failed to connect monitor for one-0#012<br>
Jun 22 16:45:31 tyan-host kernel: [82032.643614] type=1505
audit(1340376331.505:72): operation="profile_remove" pid=24585
name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79"
namespace="root"<br>
<br>
</small><br>
Jan<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Dòa 22.06.2012 11:58, Jaime Melis wrote / napísal(a):
<blockquote
cite="mid:CA+HrgRrEgg7pgX6_C7PfHg9F86G_5c2rgEUk08bhUNoO64oxDg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-2">
Hello Jan,
<div><br>
</div>
<div>I forgot to mention that it's not enough with using the SSH
transfer driver, you also have to unmount all your NFS exports
in your hypervisor node, so the disk images aren't copied to an
NFS filesystem.</div>
<div><br>
</div>
<div>Cheers,<br>
Jaime<br>
<br>
<div class="gmail_quote">On Fri, Jun 22, 2012 at 11:21 AM, Jaime
Melis <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Jan,
<div><br>
</div>
<div>let's try without NFS just to rule it out. Can you use
the SSH transfer driver:</div>
<div><a moz-do-not-send="true"
href="http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver"
target="_blank">http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver</a></div>
<div>and try launching the VM again?</div>
<div><br>
</div>
<div>By the way, after reading your logs it seems you're not
using the last stable release OpenNebula 3.4. Could you
upgrade to this release?</div>
<div><br>
</div>
<div>Regards,<br>
Jaime
<div>
<div class="h5"><br>
<br>
<div class="gmail_quote">On Fri, Jun 22, 2012 at 8:01
AM, Jan Benadik <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jan.benadik@atos.net"
target="_blank">jan.benadik@atos.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Yes, it
runs:<br>
<small>oneadmin@nebula-3:~$ ps aux |grep oned<br>
oneadmin 10158 0.0 0.1 1172252 8020 ?
Sl Jun21 0:22 /usr/bin/oned -f</small><br>
<br>
When I changed security_driver in qemu.conf to
default state<br>
<pre>/etc/libvirt/qemu.conf:
# security_driver = "selinux"</pre>
my error message went back to previous state
(but still was there) ...<br>
<br>
When I replaced OS on host to Ubuntu 10.04
Server (with the same settings), error message
is:<br>
<br>
<small>Thu Jun 21 16:41:17 2012 [LCM][I]: New VM
state is BOOT<br>
Thu Jun 21 16:41:17 2012 [VMM][I]: Generating
deployment file: /var/lib/one/1/deployment.4<br>
Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0<br>
Thu Jun 21 16:41:17 2012 [VMM][I]:
Successfully execute network driver operation:
pre.<br>
Thu Jun 21 16:41:48 2012 [VMM][I]: Command
execution fail: cat << EOT |
/var/tmp/one/vmm/kvm/deploy
/var/lib/one/1/images/deployment.4 tyan 1 tyan<br>
Thu Jun 21 16:41:48 2012 [VMM][I]: error:
Failed to create domain from
/var/lib/one/1/images/deployment.4<br>
<b>Thu Jun 21 16:41:48 2012 [VMM][I]: error:
cannot set ownership on
/var/lib/one/1/images/disk.1: Permission
denied</b><br>
Thu Jun 21 16:41:48 2012 [VMM][E]: Could not
create domain from
/var/lib/one/1/images/deployment.4<br>
Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode:
255<br>
Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to
execute virtualization driver operation:
deploy.<br>
Thu Jun 21 16:41:48 2012 [VMM][E]: Error
deploying virtual machine: Could not create
domain from /var/lib/one/1/images/deployment.4<br>
Thu Jun 21 16:41:49 2012 [DiM][I]: New VM
state is FAILED</small><br>
<br>
Messages in /var/log/syslog at the same time:<br>
<small>Jun 22 10:17:01 tyan-host CRON[12881]:
(root) CMD ( cd / && run-parts
--report /etc/cron.hourly)<br>
Jun 22 10:22:04 tyan-host kernel:
[59025.594722] type=1505
audit(1340353324.455:27):
operation="profile_load" pid=13044
name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"<br>
Jun 22 10:22:04 tyan-host libvirtd:
10:22:04.470: error :
qemuDomainSetFileOwnership:2222 : cannot set
ownership on /var/lib/one/1/images/disk.0:
Permission denied<br>
Jun 22 10:22:34 tyan-host libvirtd:
10:22:34.481: error : qemuMonitorOpenUnix:268
: monitor socket did not show up.: No such
file or directory<br>
Jun 22 10:22:34 tyan-host libvirtd:
10:22:34.481: error : qemuConnectMonitor:822 :
Failed to connect monitor for one-1#012<br>
Jun 22 10:22:34 tyan-host libvirtd:
10:22:34.665: error :
qemuDomainSetFileOwnership:2222 : cannot set
ownership on /var/lib/one/1/images/disk.1:
Permission denied<br>
Jun 22 10:22:34 tyan-host libvirtd:
10:22:34.665: warning :
qemudShutdownVMDaemon:2703 : Failed to restore
all device ownership for one-1<br>
Jun 22 10:22:34 tyan-host kernel:
[59055.797448] type=1505
audit(1340353354.655:28):
operation="profile_remove" pid=13051
name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
namespace="root"</small><br>
<br>
Jan<br>
<br>
<br>
<br>
Dňa <a moz-do-not-send="true"
href="tel:21.06.2012%2017"
value="+12106201217" target="_blank">21.06.2012
17</a>:19, Javier Fontan wrote / napÃsal(a):
<blockquote type="cite">
<div>
<div>
<pre>Also, I supposte oned is running as oneadmin user. Just to check.
On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <a moz-do-not-send="true" href="mailto:jfontan@opennebula.org" target="_blank"><jfontan@opennebula.org></a> wrote:
</pre>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<pre>I am checking my configuration ans the only differences are:
* oneadmin is in group oneadmin
* qemu group is oneadmin
* �/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
Can you try moving the line of apparmor to
/etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
problem that we don't know of. Unfortunately I am not an apparmor.
On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <a moz-do-not-send="true" href="mailto:jan.benadik@atos.net" target="_blank"><jan.benadik@atos.net></a> wrote:
</pre>
<blockquote type="cite">
<pre>So - now I have still the same error message in oned.log:
Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
/var/lib/one/0/deployment.38
Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
operation: pre.
Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
/var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
Connection reset by peer
Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
operation: deploy.
Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
not create domain from /var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
At the same time in the /var/log/libvirt/libvirtd.log the following message
appears:
2012-06-21 09:27:43.610+0000: 1114: warning :
virDomainDiskDefForeachPath:13244 : Ignoring open failure on
/var/lib/one/0/images/disk.1: Permission denied
2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
to read from monitor: Connection reset by peer
Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
flushed ...!).
Permissions of files and folders:
oneadmin@opennebula-host:/var/lib$ ls -ld /var/lib/one
drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
oneadmin@opennebula-host:/var/lib/one# ls -la
total 132
drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 .
drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 ..
-rw-------� 1 oneadmin cloud� 2261 Jun 21 08:42 .bash_history
drwx------� 2 oneadmin cloud� 4096 Jun 20 09:48 .cache
drwx------� 2 oneadmin cloud� 4096 Jun 20 09:49 .one
drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh
-rw-------� 1 oneadmin cloud� 3412 Jun 20 11:06 .viminfo
drwxrwxrwx� 3 oneadmin cloud� 4096 Jun 21 09:26 0
-rw-r--r--� 1 oneadmin cloud� 1738 Jun 21 08:50 config
drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images
-rw-r--r--� 1 oneadmin cloud 67584 Jun 21 09:27 one.db
-rw-r--r--� 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes
oneadmin@opennebula-host:/var/lib/one/0# ls -la
total 20
drwxrwxrwx� 3 oneadmin cloud 4096 Jun 21 09:36 .
drwxr-xr-x 10 oneadmin root� 4096 Jun 21 09:35 ..
-rw-r--r--� 1 oneadmin cloud� 735 Jun 21 09:26 deployment.38
drwxrwxrwx� 2 oneadmin cloud 4096 Jun 21 09:26 images
-rw-r--r--� 1 oneadmin cloud� 201 Jun 21 09:26 transfer.38.prolog
oneadmin@opennebula-host:/var/lib/one/0/images# ls -la
total 906256
drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 .
drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 ..
-rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38
-rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 ->
/var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
oneadmin@opennebula-host:~/images$ ls -la
total 1040116
drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 .
drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 ..
-rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57
46440b43448202b4ee69b4b541f5eeab
-rw-rw----� 1 oneadmin root 10737418241 Jun 20 10:57
9c52b90a79dba7c26a912d05ff5190b8
Libvirtd and Qemu settings:
/etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0777"
unix_sock_dir = "/var/run/libvirt"
auth_unix_ro = "none"
auth_unix_rw = "none"
/etc/libvirt/qemu.conf:
security_driver = "none"
user = "oneadmin"
group = "cloud"
dynamic_ownership = 0
/etc/default/libvirt-bin:
start_libvirtd="yes"
libvirtd_opts="-d -l"
/etc/apparmor.d/usr.sbin.libvirtd:
# Last Modified: Mon Jul� 6 17:23:58 2009
#include <tunables/global>
@{LIBVIRT}="libvirt"
/usr/sbin/libvirtd {
� #include <abstractions/base>
� # Site-specific additions and overrides. See local/README for details.
� #include <local/usr.sbin.libvirtd>
� capability kill,
� capability net_admin,
� capability net_raw,
� capability setgid,
� capability sys_admin,
� capability sys_module,
� capability sys_ptrace,
� capability sys_nice,
� capability sys_chroot,
� capability setuid,
� capability dac_override,
� capability dac_read_search,
� capability fowner,
� capability chown,
� capability setpcap,
� capability mknod,
� capability fsetid,
� capability ipc_lock,
� network inet stream,
� network inet dgram,
� network inet6 stream,
� network inet6 dgram,
� network packet dgram,
� # for now, use a very lenient profile since we want to first focus on
� # confining the guests
� / r,
� /** rwmkl,
� /bin/* PUx,
� /sbin/* PUx,
� /usr/bin/* PUx,
� /usr/sbin/* PUx,
� /lib/udev/scsi_id PUx,
� # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
� # write and run an ebtables script.
� /var/lib/libvirt/virtd* ixr,
� # force the use of virt-aa-helper
� audit deny /sbin/apparmor_parser rwxl,
� audit deny /etc/apparmor.d/libvirt/** wxl,
� audit deny /sys/kernel/security/apparmor/features rwxl,
� audit deny /sys/kernel/security/apparmor/matching rwxl,
� audit deny /sys/kernel/security/apparmor/.* rwxl,
� /sys/kernel/security/apparmor/profiles r,
� /usr/lib/libvirt/* PUxr,
� /etc/libvirt/hooks/** rmix,
� /var/lib/one/** lrwk,
� # allow changing to our UUID-based named profiles
� change_profile ->
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
}
User settings:
oneadmin@opennebula-host:~/images$ groups oneadmin
oneadmin : cloud root disk kvm libvirtd
My question - where is an issue?
Jan
_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a>
<a moz-do-not-send="true" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
</blockquote>
</div>
</div>
<pre>--
Javier Font�n Mui�os
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
<span><font color="#888888"><a moz-do-not-send="true" href="http://www.OpenNebula.org%EF%BF%BD" target="_blank">www.OpenNebula.org�</a>|�<a moz-do-not-send="true" href="mailto:jfontan@opennebula.org" target="_blank">jfontan@opennebula.org</a>�| @OpenNebula
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<div>-- <br>
<font color="black" face="Verdana"
size="3"> <img moz-do-not-send="true"
alt="" height="15" width="252"><br>
<b>Ján Beňadik</b><br>
<font face="Verdana"> Managed Services -
Solution Design Architect<br>
<a moz-do-not-send="true"
href="tel:%2B421%2046%205151%20332"
value="+421465151332"
target="_blank">+421 46 5151 332</a><br>
<a moz-do-not-send="true"
href="tel:%2B421%20903%20691%20634"
value="+421903691634"
target="_blank">+421 903 691 634</a><br>
<a moz-do-not-send="true"
href="mailto://jan.benadik@atos.net"
target="_blank">jan.benadik@atos.net</a><br>
VinohradnÃcka 6, 971 01 Prievidza<br>
<a moz-do-not-send="true"
href="http://www.sk.atos.net"
target="_blank">www.sk.atos.net</a><br>
__________________________________<br>
<br>
<img moz-do-not-send="true" alt=""
height="58" width="261"><br>
</font> </font></div>
</font></span></div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<span class="HOEnZb"><font color="#888888">
<br clear="all">
<div><br>
</div>
-- <br>
Jaime Melis<br>
Project Engineer<br>
OpenNebula - The Open Source Toolkit for Cloud Computing<br>
<a moz-do-not-send="true"
href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a>
| <a moz-do-not-send="true"
href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a><br>
</font></span></blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Jaime Melis<br>
Project Engineer<br>
OpenNebula - The Open Source Toolkit for Cloud Computing<br>
<a moz-do-not-send="true" href="http://www.OpenNebula.org"
target="_blank">www.OpenNebula.org</a> | <a
moz-do-not-send="true" href="mailto:jmelis@opennebula.org"
target="_blank">jmelis@opennebula.org</a><br>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-2">
<title></title>
<font color="black" face="Verdana" size="3"> <img alt=""
src="cid:part23.01060209.07020505@atos.net" height="15"
width="252"><br>
<b>Ján Beòadik</b><br>
<font face="Verdana" size="2"> Managed Services - Solution
Design Architect<br>
+421 46 5151 332<br>
+421 903 691 634<br>
<a href="mailto://jan.benadik@atos.net">jan.benadik@atos.net</a><br>
Vinohradnícka 6, 971 01 Prievidza<br>
<a href="http://www.sk.atos.net">www.sk.atos.net</a><br>
__________________________________<br>
<br>
<img alt="" src="cid:part26.07040700.03030601@atos.net"
height="58" width="261"><br>
</font> </font></div>
</body>
</html>