Yes, it runs:
oneadmin@nebula-3:~$ ps aux |grep oned
oneadmin 10158 0.0 0.1 1172252 8020 ? Sl Jun21 0:22
/usr/bin/oned -f
When I changed security_driver in qemu.conf to default state
/etc/libvirt/qemu.conf:
# security_driver = "selinux"
my error message went back to previous state (but still was there)
...
When I replaced OS on host to Ubuntu 10.04 Server (with the same
settings), error message is:
Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT
Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file:
/var/lib/one/1/deployment.4
Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0
Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network
driver operation: pre.
Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat
<< EOT | /var/tmp/one/vmm/kvm/deploy
/var/lib/one/1/images/deployment.4 tyan 1 tyan
Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain
from /var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership
on /var/lib/one/1/images/disk.1: Permission denied
Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from
/var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute
virtualization driver operation: deploy.
Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual
machine: Could not create domain from
/var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED
Messages in /var/log/syslog at the same time:
Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD ( cd /
&& run-parts --report /etc/cron.hourly)
Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505
audit(1340353324.455:27): operation="profile_load" pid=13044
name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error :
qemuDomainSetFileOwnership:2222 : cannot set ownership on
/var/lib/one/1/images/disk.0: Permission denied
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such
file or directory
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error :
qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error :
qemuDomainSetFileOwnership:2222 : cannot set ownership on
/var/lib/one/1/images/disk.1: Permission denied
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning :
qemudShutdownVMDaemon:2703 : Failed to restore all device
ownership for one-1
Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505
audit(1340353354.655:28): operation="profile_remove" pid=13051
name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
namespace="root"
Jan
Dňa 21.06.2012 17:19, Javier Fontan wrote / napísal(a):
Also, I supposte oned is running as oneadmin user. Just to check.
On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfon...@opennebula.org> wrote:
I am checking my configuration ans the only differences are:
* oneadmin is in group oneadmin
* qemu group is oneadmin
* �/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd
Can you try moving the line of apparmor to
/etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
problem that we don't know of. Unfortunately I am not an apparmor.
On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.bena...@atos.net> wrote:
So - now I have still the same error message in oned.log:
Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
/var/lib/one/0/deployment.38
Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
operation: pre.
Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
/var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
Connection reset by peer
Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
operation: deploy.
Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
not create domain from /var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED
At the same time in the /var/log/libvirt/libvirtd.log the following message
appears:
2012-06-21 09:27:43.610+0000: 1114: warning :
virDomainDiskDefForeachPath:13244 : Ignoring open failure on
/var/lib/one/0/images/disk.1: Permission denied
2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
to read from monitor: Connection reset by peer
Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
flushed ...!).
Permissions of files and folders:
oneadmin@opennebula-host:/var/lib$ ls -ld /var/lib/one
drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one
oneadmin@opennebula-host:/var/lib/one# ls -la
total 132
drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 .
drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 ..
-rw-------� 1 oneadmin cloud� 2261 Jun 21 08:42 .bash_history
drwx------� 2 oneadmin cloud� 4096 Jun 20 09:48 .cache
drwx------� 2 oneadmin cloud� 4096 Jun 20 09:49 .one
drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh
-rw-------� 1 oneadmin cloud� 3412 Jun 20 11:06 .viminfo
drwxrwxrwx� 3 oneadmin cloud� 4096 Jun 21 09:26 0
-rw-r--r--� 1 oneadmin cloud� 1738 Jun 21 08:50 config
drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images
-rw-r--r--� 1 oneadmin cloud 67584 Jun 21 09:27 one.db
-rw-r--r--� 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes
oneadmin@opennebula-host:/var/lib/one/0# ls -la
total 20
drwxrwxrwx� 3 oneadmin cloud 4096 Jun 21 09:36 .
drwxr-xr-x 10 oneadmin root� 4096 Jun 21 09:35 ..
-rw-r--r--� 1 oneadmin cloud� 735 Jun 21 09:26 deployment.38
drwxrwxrwx� 2 oneadmin cloud 4096 Jun 21 09:26 images
-rw-r--r--� 1 oneadmin cloud� 201 Jun 21 09:26 transfer.38.prolog
oneadmin@opennebula-host:/var/lib/one/0/images# ls -la
total 906256
drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 .
drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 ..
-rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38
-rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 ->
/var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8
oneadmin@opennebula-host:~/images$ ls -la
total 1040116
drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 .
drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 ..
-rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57
46440b43448202b4ee69b4b541f5eeab
-rw-rw----� 1 oneadmin root 10737418241 Jun 20 10:57
9c52b90a79dba7c26a912d05ff5190b8
Libvirtd and Qemu settings:
/etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0777"
unix_sock_dir = "/var/run/libvirt"
auth_unix_ro = "none"
auth_unix_rw = "none"
/etc/libvirt/qemu.conf:
security_driver = "none"
user = "oneadmin"
group = "cloud"
dynamic_ownership = 0
/etc/default/libvirt-bin:
start_libvirtd="yes"
libvirtd_opts="-d -l"
/etc/apparmor.d/usr.sbin.libvirtd:
# Last Modified: Mon Jul� 6 17:23:58 2009
#include <tunables/global>
@{LIBVIRT}="libvirt"
/usr/sbin/libvirtd {
� #include <abstractions/base>
� # Site-specific additions and overrides. See local/README for details.
� #include <local/usr.sbin.libvirtd>
� capability kill,
� capability net_admin,
� capability net_raw,
� capability setgid,
� capability sys_admin,
� capability sys_module,
� capability sys_ptrace,
� capability sys_nice,
� capability sys_chroot,
� capability setuid,
� capability dac_override,
� capability dac_read_search,
� capability fowner,
� capability chown,
� capability setpcap,
� capability mknod,
� capability fsetid,
� capability ipc_lock,
� network inet stream,
� network inet dgram,
� network inet6 stream,
� network inet6 dgram,
� network packet dgram,
� # for now, use a very lenient profile since we want to first focus on
� # confining the guests
� / r,
� /** rwmkl,
� /bin/* PUx,
� /sbin/* PUx,
� /usr/bin/* PUx,
� /usr/sbin/* PUx,
� /lib/udev/scsi_id PUx,
� # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
� # write and run an ebtables script.
� /var/lib/libvirt/virtd* ixr,
� # force the use of virt-aa-helper
� audit deny /sbin/apparmor_parser rwxl,
� audit deny /etc/apparmor.d/libvirt/** wxl,
� audit deny /sys/kernel/security/apparmor/features rwxl,
� audit deny /sys/kernel/security/apparmor/matching rwxl,
� audit deny /sys/kernel/security/apparmor/.* rwxl,
� /sys/kernel/security/apparmor/profiles r,
� /usr/lib/libvirt/* PUxr,
� /etc/libvirt/hooks/** rmix,
� /var/lib/one/** lrwk,
� # allow changing to our UUID-based named profiles
� change_profile ->
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
}
User settings:
oneadmin@opennebula-host:~/images$ groups oneadmin
oneadmin : cloud root disk kvm libvirtd
My question - where is an issue?
Jan
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Javier Font�n Mui�os
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org�|�jfon...@opennebula.org�| @OpenNebula
--
Ján Beňadik
Managed Services - Solution
Design Architect
+421 46 5151 332
+421 903 691 634
jan.bena...@atos.net
Vinohradnícka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________
|
