Re: KVM VM's disappeared
On Tue, Jul 10, 2012 at 2:28 AM, Natxo Asenjo wrote: > > On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia wrote: >> >> >> You might also consider disabling SELinux, if the machine is behind >> reasonable firewalls. SELinux has been a *disaster* in system >> security, costing far more wasted productivity and engineering >> resources than many of active worms or attack vectors of the Linux >> world, most of which it does not really help with. (Bad PHP is bad >> PHP, and SELinux does not necessarily help at all.) > > > let's agree to disagree on this one :-) It's a different subject, and could be worth some time. For some reason, every Linux architect I've worked with, for over a decade, has decided on their own, decide to try to re-invent the "File System Hierarchy" from scratch. They each pick their own unique top level directory and litter it with their own special layouts, They won't use "/usr/local", they won't use "/opt", they fairly randomly re-assign what would be "/etc" directory contents or locations of /log, and do not get me *started* on all the various ways people lay out JBoss and its components. The results are predictably unfortunate interacting with SELinux. And the system vulnerabilities are usually far greater from the "we trust the people we work with" problems of storing passwords in clear text, refusing to apply published patches, and refusing to sanitize inputs for exposed services. (Obligatory xkcd cartoon, "little Bobby Drop Tables", http://xkcd.com/327/). > I have not had major issues since ... fedora 8? I have not had had notable issues since. last Thursday. > It is true that selinux is a new tool and thus not so well understood by > plenty of people, but I quite like it. It is quite simple once you take the > time to learn it (like everything in life) and we routinely deploy settings > from cfengine for it. Unfortunately, I'm rarely in control of the deployment technology.: I'm too far into operations land to get the developer's testing environments to match production environments, and don't get me going on the randomization of functionality when the Java programmers start writing shell scripts. Interestingly, at SVNday in Berlin (an interesting Subversion conference), one company presented on completely relying on RPM for configuration management. Apache configurations and their Subversion source control integration to manage it. They included, locally built service tools, SSH configurations, all were hardcoded config files from RPM's that they could publish or replace on the fly. That could provide a workable SELinux managed environment, since the necessary ''%post" installation steps could be well defined. > -- > groet, > natxo > >
Re: KVM VM's disappeared
On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia wrote: > > You might also consider disabling SELinux, if the machine is behind > reasonable firewalls. SELinux has been a *disaster* in system > security, costing far more wasted productivity and engineering > resources than many of active worms or attack vectors of the Linux > world, most of which it does not really help with. (Bad PHP is bad > PHP, and SELinux does not necessarily help at all.) > let's agree to disagree on this one :-) I have not had major issues since ... fedora 8? It is true that selinux is a new tool and thus not so well understood by plenty of people, but I quite like it. It is quite simple once you take the time to learn it (like everything in life) and we routinely deploy settings from cfengine for it. -- groet, natxo
Re: KVM VM's disappeared
On 07/09/2012 09:35 PM, Nico Kadel-Garcia wrote: On Mon, Jul 9, 2012 at 6:59 PM, Todd And Margo Chester wrote: The both of you called it. It did not know I got updated in the background. I should have been suspicious when my stink' flash-plugin mysteriously got updated. Larry's pointing me to /var/log/yum.log was a light bulb moment. The following fixed my problem: # yum downgrade libvirt libvirt-client libvirt-python Loaded plugins: priorities, refresh-packagekit, security Setting up Downgrade Process 18 packages excluded due to repository priority protections You might also consider disabling SELinux, if the machine is behind reasonable firewalls. SELinux has been a *disaster* in system security, costing far more wasted productivity and engineering resources than many of active worms or attack vectors of the Linux world, most of which it does not really help with. (Bad PHP is bad PHP, and SELinux does not necessarily help at all.) You called that. I had to turn selinux off ages ago as it foo bars Samba. Selinux is a good idea that never made it to the practical phase. And, I wrote/configured my own firewall: all things are illegal, except those things that are legal. It is really nasty. You want in or out, you have to have a rule. Even troubleshoots your network setup (won't work unless it sees what it wants). -T
Re: KVM VM's disappeared
On Mon, Jul 9, 2012 at 6:59 PM, Todd And Margo Chester wrote: > The both of you called it. It did not know I got > updated in the background. I should have been suspicious > when my stink' flash-plugin mysteriously got updated. > Larry's pointing me to /var/log/yum.log was a > light bulb moment. > >The following fixed my problem: > > # yum downgrade libvirt libvirt-client libvirt-python > Loaded plugins: priorities, refresh-packagekit, security > Setting up Downgrade Process > 18 packages excluded due to repository priority protections You might also consider disabling SELinux, if the machine is behind reasonable firewalls. SELinux has been a *disaster* in system security, costing far more wasted productivity and engineering resources than many of active worms or attack vectors of the Linux world, most of which it does not really help with. (Bad PHP is bad PHP, and SELinux does not necessarily help at all.)
Re: KVM VM's disappeared
On 07/09/2012 03:38 PM, Todd And Margo Chester wrote:> On 07/09/2012 03:05 PM, P. Larry Nelson wrote: Hi Todd and/or Margo, On 7/9/12 4:50 PM, Todd And Margo Chester wrote: On 07/09/2012 02:33 PM, Connie Sieh wrote: On Mon, 9 Jul 2012, Todd And Margo Chester wrote: Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T What security errata and other rpms have been installed recently? -Connie Sieh Hi Connie, Thank you for the quick response. Two weeks ago, I installed "hexedit". Nothing since then, except for downgrading my "flash-plugin" -T Yes, but what about any possible behind-the-scenes security upgrades? Check /var/log/yum.log (Just a thought...) - Larry Oh my. A lot of stuff goes on in the background. These two look interesting: Jul 09 11:18:50 Updated: libvirt-0.9.10-21.el6.x86_64 Jul 09 11:19:22 Updated: selinux-policy-targeted-3.7.19-155.el6_3.noarch Hi Larry and Connie, The both of you called it. It did not know I got updated in the background. I should have been suspicious when my stink' flash-plugin mysteriously got updated. Larry's pointing me to /var/log/yum.log was a light bulb moment. The following fixed my problem: # yum downgrade libvirt libvirt-client libvirt-python Loaded plugins: priorities, refresh-packagekit, security Setting up Downgrade Process 18 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package libvirt.x86_64 0:0.9.4-23.el6 will be a downgrade ---> Package libvirt.x86_64 0:0.9.10-21.el6 will be erased ---> Package libvirt-client.x86_64 0:0.9.4-23.el6 will be a downgrade ---> Package libvirt-client.x86_64 0:0.9.10-21.el6 will be erased ---> Package libvirt-python.x86_64 0:0.9.4-23.el6 will be a downgrade ---> Package libvirt-python.x86_64 0:0.9.10-21.el6 will be erased --> Finished Dependency Resolution Thank you both so much! -T p.s. bet you can't guess what my next post is going to be!
Re: KVM VM's disappeared
> Jul 09 11:19:22 Updated: selinux-policy-targeted-3.7.19-155.el6_3.noarch Easy enough to eliminate SElinux with a setenforce 0 as root. - Bluejay Adametz God is great Beer is good People are strange -- NOTICE: This message, including any attachments, is only for the use of the intended recipient(s) and may contain confidential and privileged information, or information otherwise protected from disclosure by law. If the reader of this message is not the intended recipient, you are hereby notified that any use, disclosure, copying, dissemination or distribution of this message or any of its attachments is strictly prohibited. If you received this message in error, please contact the sender immediately by reply email and destroy this message, including all attachments, and any copies thereof.
Re: KVM VM's disappeared
On 07/09/2012 03:05 PM, P. Larry Nelson wrote: Hi Todd and/or Margo, On 7/9/12 4:50 PM, Todd And Margo Chester wrote: On 07/09/2012 02:33 PM, Connie Sieh wrote: On Mon, 9 Jul 2012, Todd And Margo Chester wrote: Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T What security errata and other rpms have been installed recently? -Connie Sieh Hi Connie, Thank you for the quick response. Two weeks ago, I installed "hexedit". Nothing since then, except for downgrading my "flash-plugin" -T Yes, but what about any possible behind-the-scenes security upgrades? Check /var/log/yum.log (Just a thought...) - Larry Oh my. A lot of stuff goes on in the background. These two look interesting: Jul 09 11:18:50 Updated: libvirt-0.9.10-21.el6.x86_64 Jul 09 11:19:22 Updated: selinux-policy-targeted-3.7.19-155.el6_3.noarch
KVM VM's disappeared
Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T Another symptom. I can not edit ANY of the VMs: # virsh edit KVM-W8.xml error: failed to get domain 'KVM-W8.xml' error: Domain not found: no domain with matching name 'KVM-W8.xml'
Re: KVM VM's disappeared
On 07/09/2012 02:33 PM, Connie Sieh wrote: On Mon, 9 Jul 2012, Todd And Margo Chester wrote: Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T What security errata and other rpms have been installed recently? -Connie Sieh Hi Connie, Thank you for the quick response. Two weeks ago, I installed "hexedit". Nothing since then, except for downgrading my "flash-plugin" -T
Re: KVM VM's disappeared
On Mon, 9 Jul 2012, Todd And Margo Chester wrote: Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T What security errata and other rpms have been installed recently? -Connie Sieh
KVM VM's disappeared
Hi All, I am in trouble here. I would really appreciate any help you guys can spare. Scientific Linux 6.2, 64 bit. (Red Hat Enterprise Linux 6.2 clone) $ rpm -qa \*qemu\* qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64 qemu-img-0.12.1.2-2.209.el6_2.4.x86_64 gpxe-roms-qemu-0.9.7-6.9.el6.noarch $ uname -r 2.6.32-220.23.1.el6.x86_64 When I fired up my KVM Virtual Machine Manager (virt-manager) this morning, four of my seven virtual machines disappeared, including the one is desperately need. Checking /etc/libvirt/qemu and they are all there. Same attributes too. Checking where I put the virtual hard drives and they are all there too. Okay, so I try firing up the three that remain, I get the following error message: Error starting domain: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Yes, each VM has a different spice port set so I can tell them apart. This has always worked smoothly. Huh? qemu.conf is the default. The one with everything commented out. I even checked my backup: no change in qemu.conf. Checking /var/log/libvirt/libvirtd.log gives: 2012-07-09 19:36:41.957+: 2821: info : libvirt version: 0.9.10, package: 21.el6 (Scientific Linux, 2012-06-22-02:34:35, sl6.fnal.gov) 2012-07-09 19:36:41.957+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.959+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:36:41.960+: 2821: error : virDomainDefParseXML:8871 : Maximum CPUs greater than topology limit 2012-07-09 19:47:59.089+: 2811: error : qemuBuildCommandLine:5526 : unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf Again with the spice port error. The only thing I did to my system between working yesterday and not working today was downgrade my flash-plugin. I tried setting "spice_tls = 1" in qemu.conf, but the other four VM still do not show up. Spice lays an egg on the ones that do show up, so I set spice_tls back to commented out. I removed qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64, rebooted, reinstalled, rebooted. No symptom change. What is the world? I can not find anything wrong! Many thanks, -T