Dear list,

I'm writing this in case someone stumbles with the same problem. In the end
Robert managed to fix this by setting

I needed to modify /etc/libvirt/qemu.conf to set
> user = "oneadmin"
> group = "cloud"

You can read more about this in OpenNebula's documentation, specifically in:


On Mon, May 14, 2012 at 10:19 PM, Robert Schweikert <>wrote:

> On 05/14/2012 10:11 AM, Jaime Melis wrote:
>> Hi Robert,
>> Let's see if you can pinpoint where the problem is. A few ideas you may
>> check:
>> - Has the 'oneadmin' user the same unix id across all the servers?
> Yes
>> - You said in your email that "ownership change is disabled" however
>> in the documentation [1] it states that "To be able to use the images
>> copied by OpenNebula, change also the user and group under which the
>> libvirtd is run to “oneadmin”." Is it properly configured?
> If I run libvirtd as the oneadmin user no socket gets created. However,
> since access is goverened by Policykit it should not be necessary to run
> libvirtd as the oneadmin user. Will testing libvirtd as oneadmin user, I
> did change the permissions of /var/run/libvirtd to allow oneadmin to write
> there to assure that the socket creation process would not fail because of
> write permission issues, but libvirt-sock was still not created.
> I've also asked one of our libvirt experts and he suggested to change the
> libvirtd.conf (unix_sock_group = "cloud"). I made the suggested changes and
> the socket (libvirt-sock) became world read- and write-able as documented.
> Still with this change I get the warning about the socket and launching a
> VM still fails with the same problem.
> Interestingly enough I can connect to the node using virsh:
> # sudo -u oneadmin virsh -c 
> qemu+ssh://oneadmin@192.168.1.**203/system<http://oneadmin@>
> WARNING: no socket to connect to
> Welcome to virsh, the virtualization interactive terminal.
> Type:  'help' for help with commands
>       'quit' to quit
> virsh # hostname
> node1
> virsh #
> Note that virsh also complains about the socket issue, but I am still on
> the host, i.e. the connection was
> That would beg the question why oned cannot deal with this and use a
> connection mechanism that is more robust.
>> - You could prevent OpenNebula from removing the images after a fail,
>> so you can do a manual "virsh create":
>> 1. [frontend] comment the ssh_exec_and_log $DST_HOST "rm -rf ..." line
>> in /var/lib/one/remotes/tm/<TM_**MAD>/delete
> I am using "shared" as the disk with the image is NFS mounted to the node.
> Is this the correct approach?
>  2. [host] cd /var/lib/one/datastores/0/<VM_**ID>; virsh create
>> deployment.0
> OK, this fails and mybe the overall problem?
> # sudo -u oneadmin virsh create deployment.2
> WARNING: no socket to connect to
> error: Failed to create domain from deployment.2
> error: Failed to add tap interface to bridge 'br0': Operation not permitted
> # ifconfig
> br0       Link encap:Ethernet  HWaddr 00:22:4D:4C:12:DE
>          inet addr:  Bcast:  Mask:
>          inet6 addr: fe80::222:4dff:fe4c:12de/64 Scope:Link
>          RX packets:305725 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:2070530 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:618635967 (589.9 Mb)  TX bytes:3006271991 (2867.0 Mb)
>  3. [host] ls -l `readlink -f /var/lib/one/datastores/0/<VM_**ID>/disk.0`
> # ls -l `readlink -f /var/lib/one/datastores/0/0/**disk.0`
> -rw-r----- 1 oneadmin cloud 573308928 May 14 20:08
> /var/lib/one/datastores/0/0/**disk.0
>  4. Are you able to manipulate as oneadmin the
>> /var/lib/one/datastores/0/<VM_**ID>/disk.0 image? try doing echo "foo">
>> /path/to/image
> Yes I am:
> [frontend] # sudo -u oneadmin touch /var/lib/one/datastores/0/0/**
> aFile.txt
> [frontend] # ls -l /var/lib/one/datastores/0/0/**aFile.txt
> -rw-r--r-- 1 oneadmin cloud 0 May 14 15:57 /var/lib/one/datastores/0/0/**
> aFile.txt
> [node] # sudo -u oneadmin touch /var/lib/one/datastores/0/0/**
> anotherFile.txt
> [node] # # ls -l /var/lib/one/datastores/0/0/**anotherFile.txt
> -rw-r--r-- 1 oneadmin cloud 0 May 14  2012 /var/lib/one/datastores/0/0/**
> anotherFile.txt
> Thanks for the continued help with this.
> Robert
