
<div dir="ltr">Also, can you check this command?<div><br></div><div style>$ ls -lL disk.0 </div><div style><br></div><div style>to see the permissions of the block device pointed at by the symlink?</div></div><div class="gmail_extra">


<br><br><div class="gmail_quote">On Thu, Feb 28, 2013 at 6:21 PM, Jaime Melis <span dir="ltr"><<a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div dir="ltr">Sorry Tobias, the command I sent is not the correct one, you have to explicitely say that you want to connect to the system socket. Do this instead:<br><div><br></div><div><span style="font-family:Calibri;font-size:medium">$ sudo -u oneadmin virsh -c qemu:///system create deployment.0</span><br>


</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 28, 2013 at 6:14 PM, Tobias Honacker <span dir="ltr"><<a href="mailto:t.honacker@googlemail.com" target="_blank">t.honacker@googlemail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div style="font-family:Calibri,sans-serif;word-wrap:break-word"><div style="font-family:Calibri,sans-serif;font-size:14px">Hi Jaime,</div><div style="font-family:Calibri,sans-serif;font-size:14px"><br></div><div style="font-family:Calibri,sans-serif;font-size:14px">


Thanks for the support.</div><div style="font-family:Calibri,sans-serif;font-size:14px"><br></div><div style="font-family:Calibri,sans-serif;font-size:14px">---snip---</div><div>


<p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><font size="3"><span style="font-family:Calibri">bash-4.1$ sudo -u oneadmin virsh

create deployment.0 </span><span style="font-family:Calibri"><u></u><u></u></span></font></p>


<p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><font size="3"><span style="font-family:Calibri">Fehler: Fehler beim Erstellen der

Domain von deployment.0</span><span style="font-family:Calibri"><u></u><u></u></span></font></p>


<p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">Fehler: Unable to create tap device

vnet%d: Operation not permitted</font></span><font size="3"><u></u><u></u></font></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">---snip---</font></span></p>


<div><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3"><br></font></span></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm">


<span style="font-family:Calibri"><font size="3"><br></font></span></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-size:14px;font-family:Calibri,sans-serif">Does /var/log/libvirtd/qemu/one-<vm_id>.log shed any light on the issue?</span></p>


<p style="font-size:14px;margin-left:0cm;text-indent:0cm"><font face="Calibri,sans-serif" size="3"><br></font></p></div><p style="font-size:14px;margin-left:0cm;text-indent:0cm"><font face="arial,sans-serif"><span style="font-size:13px;white-space:nowrap">--> nope, </span></font><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px">exact same error.</span></span></p>


<p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"><br>


</span></span></p><p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri,sans-serif">It could be a polkit problem, have you grepped the usual suspects? auth.log, etc…</span></p><p style="font-size:14px;margin-left:0cm;text-indent:0cm">


<span style="font-family:Calibri,sans-serif"><br></span></p><p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri,sans-serif">--> can't see any error or strange log files</span></p>


<p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"><br>


</span></span></p><p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"><br>


</span></span></p><p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px">/var/log/libvirt/libvirtd.log :</span></span></p>


<p style="font-size:14px;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri;font-size:medium"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;font-size:13px;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"><br>


</span></span></p><p style="margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;text-transform:none;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"></span></span></p>


<p style="margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">2013-02-28 14:57:10.341+0000: 11893: error : qemuMonitorOpenUnix:266 : failed to connect to monitor socket: No such process</font></span></p>


<p style="margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">2013-02-28 14:57:10.342+0000: 11893: error : qemuProcessWaitForMonitor:1533 : internal error process exited while connecting to monitor: </font></span></p>


<p style="margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">qemu-kvm: -drive file=/var/lib/one//datastores/0/17/disk.0,if=none,id=drive-ide0-0-0,format=raw: could not open disk image /var/lib/one//datastores/0/17/disk.0: Permission denied</font></span></p>


<p></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3"><br></font></span></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm">


<span style="font-family:Calibri"><font size="3">Don't know what "</font></span><span style="font-size:16px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;line-height:normal;text-transform:none;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"></span></span></p>


<p style="margin-top:0cm;margin-right:0cm;margin-left:0cm;margin-bottom:0.0001pt;text-indent:0cm;font-size:12pt;font-family:Verdana;display:inline!important"><span style="font-family:Calibri"><font size="3">failed to connect to monitor socket: No such process" means, all settings are correct in my opinion.</font></span></p>


<p></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-size:16px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;line-height:normal;text-transform:none;white-space:nowrap;font-family:arial,sans-serif;word-spacing:0px"></span></span></p>


<p style="margin-top:0cm;margin-right:0cm;margin-left:0cm;margin-bottom:0.0001pt;text-indent:0cm;font-size:12pt;font-family:Verdana;display:inline!important"><span style="font-family:Calibri"><font size="3"><br></font></span></p>


<p></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3"><br></font></span></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm">


<span style="font-family:Calibri"><font size="3">Best regards,</font></span></p><p style="font-size:14px;font-family:Calibri,sans-serif;margin-left:0cm;text-indent:0cm"><span style="font-family:Calibri"><font size="3">Tobias</font></span></p>


</div><div style="font-family:Calibri,sans-serif;font-size:14px"><br></div><div style="font-family:Calibri,sans-serif;font-size:14px"><br></div><span style="font-size:14px;font-family:Calibri,sans-serif"><div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">


<span style="font-weight:bold">Von: </span> Jaime Melis <<a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a>><br><span style="font-weight:bold">Datum: </span> Thu, 28 Feb 2013 16:36:45 +0100<br>


<span style="font-weight:bold">An: </span> Tobias Honacker <<a href="mailto:t.honacker@googlemail.com" target="_blank">t.honacker@googlemail.com</a>><br><span style="font-weight:bold">Cc: </span> Users OpenNebula <<a href="mailto:users@lists.opennebula.org" target="_blank">users@lists.opennebula.org</a>><br>


<span style="font-weight:bold">Betreff: </span> Re: [one-users] Permission denied while creating VM<br></div><div><div><div><br></div><div dir="ltr">Hi Tobias,<div><br></div><div>I have no idea why that's happening to you. I'm wondering, have you tried start the VM manually in the host after it fails to deploy? the files should be still there until you do "onevm delete".</div>


<div>$ virsh create /var/lib/one/datastores/0/<vm_id>/deployment.0</div><div><br></div><div>Does /var/log/libvirtd/qemu/one-<vm_id>.log shed any light on the issue?</div><div><br></div><div>It could be a polkit problem, have you grepped the usual suspects? auth.log, etc...</div>


<div><br></div><div>cheers,<br>Jaime</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 26, 2013 at 5:21 PM, Tobias Honacker <span dir="ltr"><<a href="mailto:t.honacker@googlemail.com" target="_blank">t.honacker@googlemail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi guys,<br><br>

My environment:<br><br>

OS: CentOS 6.3<br>

Version: OpenNebula 3.8.3<br>

Datastore: LVM (DRBD 8.4.3 + clvm + crm)<br>

Filesystem of /var/lib/one: ext4<br>

Images: 1x (Type: Datablock - 10G) and 1x (Type: CDROM - Path<br>

/tmp/debian-image.iso)<br>

LVM Storage is working perfectly and without errors!<br><br><br>

My Problem:<br><br>

VM is not booting cause of this error:<br><br>

---snip---<br>

Tue Feb 26 16:17:35 2013 [VMM][D]: Message received: LOG I 1 Successfully<br>

execute network driver operation: pre.<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 Command<br>

execution fail: cat << EOT | /var/lib/one/remotes/vmm/kvm/deploy<br>

/var/lib/one//datastores/0/1/deployment.0 priv$<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 error: Failed<br>

to create domain from /var/lib/one//datastores/0/1/deployment.0<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 error:<br>

internal error process exited while connecting to monitor: qemu-kvm:<br>

-drive<br>

file=/var/lib/one//datastores/0/1/disk.0,if=none,id=drive-ide0-0-0,format=r<br>

aw: could not open disk image /var/lib/one//datastores/0/1/disk.0:<br>

Permission denied<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG E 1 Could not<br>

create domain from /var/lib/one//datastores/0/1/deployment.0<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 ExitCode: 255<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: LOG I 1 Failed to<br>

execute virtualization driver operation: deploy.<br><br>

Tue Feb 26 16:17:39 2013 [VMM][D]: Message received: DEPLOY FAILURE 1<br>

Could not create domain from /var/lib/one//datastores/0/1/deployment.0<br>

---snip---<br><br><br><br>

Datastore Config:<br><br>

NAME = drbd<br>

DS_MAD = lvm<br>

TM_MAD = lvm<br>

VG_NAME = vg-one<br>

HOST = localhost<br><br><br><br>

[root@priv001 one]# grep -vE '^($|#)' /etc/libvirt/qemu.conf<br>

user  = "oneadmin"<br>

group = "oneadmin"<br>

dynamic_ownership = 0<br><br><br><br>

root@priv001 one]# grep -vE '^($|#)' /etc/libvirt/libvirtd.conf<br>

listen_tls = 0<br>

listen_tcp = 1<br>

mdns_adv = 0<br>

unix_sock_group = "libvirt"<br>

unix_sock_ro_perms = "0777"<br>

unix_sock_rw_perms = "0770"<br>

auth_unix_ro = "none"<br>

auth_unix_rw = "none"<br><br><br><br>

[root@priv001 one]# id oneadmin<br>

uid=9869(oneadmin) gid=9869(oneadmin)<br>

Gruppen=9869(oneadmin),36(kvm),9870(libvirt)<br><br><br><br>

[root@priv001 one]# cat<br>

/etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebu<br>

la.pkla<br>

# content of file:<br>

/etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebu<br>

la.pkla<br>

[Allow oneadmin user to manage virtual machines]<br>

Identity=unix-user:oneadmin<br>

Action=org.libvirt.unix.manage<br>

#Action=org.libvirt.unix.monitor<br>

ResultAny=yes<br>

ResultInactive=yes<br>

ResultActive=yes<br><br><br><br>

[root@priv001 ~]# getenforce<br>

Disabled<br><br><br>

Diskpermission:<br><br>

lrwxrwxrwx 1 oneadmin oneadmin   24 26. Feb 17:01 disk.0 -><br>

/dev/vg-one/lv-one-0-3-0<br><br><br><br>

I've tried lots of thins like upgrading drbd, OpenNebula from 3.8.1 to<br>

3.8.3, using other filesystems, playing around with libvirt rights, tried<br>

oneadmin as group from libvirt etc.pp.<br><br><br>

Any idea whats wrong with my system?<br>

Thanks for helping.<br><br><br><br>

Best regards,<br>

Tobias<br><br><br>

_______________________________________________<br>

Users mailing list<br><a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br><a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>


</blockquote></div><br></div><br clear="all"><div><br></div>-- <br>Jaime Melis<br>Project Engineer<br>OpenNebula - The Open Source Toolkit for Cloud Computing<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div>


</div></span></div>

</blockquote></div><br><br clear="all"><div><br></div>-- <br>Jaime Melis<br>Project Engineer<br>OpenNebula - The Open Source Toolkit for Cloud Computing<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a>

</div>

</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Jaime Melis<br>Project Engineer<br>OpenNebula - The Open Source Toolkit for Cloud Computing<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a>

</div>