subject:"\[one\-users\] libvirt not allowing access to \/dev\/kvm"

Re: [one-users] libvirt not allowing access to /dev/kvm

2012-02-10 Thread Jaime Melis

Hi Michael,

to figure out what's wrong, can you send us:
$ grep -Ev '^(#|$)' /etc/libvirt/qemu.conf
$ grep -Ev '^(#|$)' /etc/libvirt/libvirtd.conf

I'm aware you already sent part of your qemu.conf... but I'd like to
know if there's anything else besides what you pasted.

cheers,
Jaime


On Wed, Feb 8, 2012 at 7:53 PM, Michael Brown mich...@netdirect.ca wrote:
 I think I've finally nailed the root cause of my troubles. I posted this
 on http://serverfault.com/q/358118/2101 but you guys may be able to
 answer with more authority:

 I have a fresh Open Nebula 3.2.1 installation which I'm trying to get
 working and manage some freshly-installed debian squeeze kvm hosts.

 My problem is that when Open Nebula deploys VMs the KVM process does not
 have access to the /dev/kvm device on the host.

 I've set up everything according to documentation:
 root@onhost1:~# ls -al /dev/kvm
 crw-rw 1 root kvm 10, 232 Feb 8 11:24 /dev/kvm

 root@onhost1:~# id oneadmin
 uid=500(oneadmin) gid=500(oneadmin)
 groups=500(oneadmin),106(kvm),108(libvirt)

 libvirt/qemu.conf has:
 user = oneadmin
 group = oneadmin

 When libvirt creates VMs they do not have any of the secondary groups
 set so the process doesn't have access to /dev/kvm via file permissions.
 OK, fair enough, though the Open Nebula documentation seems to indicate
 it should be set up this way.

 I've tried mounting cgroups to try and resolve this problem. After I do
 so, the kvm process has the following cgroup entry:

 1:devices,cpu:/libvirt/qemu/one-29

 corresponding to:

 /dev/cgroup/libvirt/qemu/one-29/devices.list:c 10:232 rwm

 My lack of understanding of how cgroups work indicate to me that this
 ought to allow the process to access /dev/kvm, but no go.

 I can make things work by adding an ACL entry (setfacl -m u:oneadmin:rw
 /dev/kvm) but that doesn't Seem Right. Shouldn't Open Nebula/libvirt be
 handling this?

 * What are the Correct Changes to make?
 * Should the documentation be changed?
 * Have I missed something?


 --
 Michael Brown               | `One of the main causes of the fall of
 Systems Consultant          | the Roman Empire was that, lacking zero,
 Net Direct Inc.             | they had no way to indicate successful
 ☎: +1 519 883 1172 x5106    | termination of their C programs.' - Firth


 ___
 Users mailing list
 Users@lists.opennebula.org
 http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jme...@opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] libvirt not allowing access to /dev/kvm

2012-02-08 Thread Michael Brown

I think I've finally nailed the root cause of my troubles. I posted this
on http://serverfault.com/q/358118/2101 but you guys may be able to
answer with more authority:

I have a fresh Open Nebula 3.2.1 installation which I'm trying to get
working and manage some freshly-installed debian squeeze kvm hosts.

My problem is that when Open Nebula deploys VMs the KVM process does not
have access to the /dev/kvm device on the host.

I've set up everything according to documentation:
root@onhost1:~# ls -al /dev/kvm
crw-rw 1 root kvm 10, 232 Feb 8 11:24 /dev/kvm

root@onhost1:~# id oneadmin
uid=500(oneadmin) gid=500(oneadmin)
groups=500(oneadmin),106(kvm),108(libvirt)

libvirt/qemu.conf has:
user = oneadmin
group = oneadmin

When libvirt creates VMs they do not have any of the secondary groups
set so the process doesn't have access to /dev/kvm via file permissions.
OK, fair enough, though the Open Nebula documentation seems to indicate
it should be set up this way.

I've tried mounting cgroups to try and resolve this problem. After I do
so, the kvm process has the following cgroup entry:

1:devices,cpu:/libvirt/qemu/one-29

corresponding to:

/dev/cgroup/libvirt/qemu/one-29/devices.list:c 10:232 rwm

My lack of understanding of how cgroups work indicate to me that this
ought to allow the process to access /dev/kvm, but no go.

I can make things work by adding an ACL entry (setfacl -m u:oneadmin:rw
/dev/kvm) but that doesn't Seem Right. Shouldn't Open Nebula/libvirt be
handling this?

* What are the Correct Changes to make?
* Should the documentation be changed?
* Have I missed something?


-- 
Michael Brown   | `One of the main causes of the fall of
Systems Consultant  | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
☎: +1 519 883 1172 x5106| termination of their C programs.' - Firth


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] libvirt not allowing access to /dev/kvm

[one-users] libvirt not allowing access to /dev/kvm

2 matches

Site Navigation

Mail list logo

Footer information