Yes, it runs: oneadmin@nebula-3:~$ ps aux |grep oned oneadmin 10158 0.0 0.1 1172252 8020 ? Sl Jun21 0:22 /usr/bin/oned -f When I changed security_driver in qemu.conf to default state /etc/libvirt/qemu.conf: # security_driver = "selinux"my error message went back to previous state (but still was there) ... When I replaced OS on host to Ubuntu 10.04 Server (with the same settings), error message is: Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file: /var/lib/one/1/deployment.4 Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0 Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver operation: pre. Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from /var/lib/one/1/images/deployment.4 Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on /var/lib/one/1/images/disk.1: Permission denied Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from /var/lib/one/1/images/deployment.4 Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255 Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization driver operation: deploy. Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one/1/images/deployment.4 Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED Messages in /var/log/syslog at the same time: Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505 audit(1340353324.455:27): operation="profile_load" pid=13044 name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error : qemuDomainSetFileOwnership:2222 : cannot set ownership on /var/lib/one/1/images/disk.0: Permission denied Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error : qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or directory Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error : qemuConnectMonitor:822 : Failed to connect monitor for one-1#012 Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error : qemuDomainSetFileOwnership:2222 : cannot set ownership on /var/lib/one/1/images/disk.1: Permission denied Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning : qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for one-1 Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505 audit(1340353354.655:28): operation="profile_remove" pid=13051 name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" namespace="root" Jan Dňa 21.06.2012 17:19, Javier Fontan wrote / napísal(a): Also, I supposte oned is running as oneadmin user. Just to check.On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfon...@opennebula.org> wrote:I am checking my configuration ans the only differences are: * oneadmin is in group oneadmin * qemu group is oneadmin * �/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd Can you try moving the line of apparmor to /etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence problem that we don't know of. Unfortunately I am not an apparmor. On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.bena...@atos.net> wrote:So - now I have still the same error message in oned.log: Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file: /var/lib/one/0/deployment.38 Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0 Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver operation: pre. Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from /var/lib/one/0/images/deployment.38 Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor: Connection reset by peer Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from /var/lib/one/0/images/deployment.38 Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255 Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver operation: deploy. Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one/0/images/deployment.38 Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED At the same time in the /var/log/libvirt/libvirtd.log the following message appears: 2012-06-21 09:27:43.610+0000: 1114: warning : virDomainDiskDefForeachPath:13244 : Ignoring open failure on /var/lib/one/0/images/disk.1: Permission denied 2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable to read from monitor: Connection reset by peer Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped, flushed ...!). Permissions of files and folders: oneadmin@opennebula-host:/var/lib$ ls -ld /var/lib/one drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one oneadmin@opennebula-host:/var/lib/one# ls -la total 132 drwxr-xr-x� 8 oneadmin root�� 4096 Jun 21 09:27 . drwxr-xr-x 37 root���� root�� 4096 Jun 21 06:30 .. -rw-------� 1 oneadmin cloud� 2261 Jun 21 08:42 .bash_history drwx------� 2 oneadmin cloud� 4096 Jun 20 09:48 .cache drwx------� 2 oneadmin cloud� 4096 Jun 20 09:49 .one drwx------� 2 oneadmin root�� 4096 Jun 20 17:43 .ssh -rw-------� 1 oneadmin cloud� 3412 Jun 20 11:06 .viminfo drwxrwxrwx� 3 oneadmin cloud� 4096 Jun 21 09:26 0 -rw-r--r--� 1 oneadmin cloud� 1738 Jun 21 08:50 config drwxrwx--T� 2 oneadmin root�� 4096 Jun 20 10:57 images -rw-r--r--� 1 oneadmin cloud 67584 Jun 21 09:27 one.db -rw-r--r--� 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db drwxr-xr-x� 8 root���� root�� 4096 Jun 20 09:33 remotes oneadmin@opennebula-host:/var/lib/one/0# ls -la total 20 drwxrwxrwx� 3 oneadmin cloud 4096 Jun 21 09:36 . drwxr-xr-x 10 oneadmin root� 4096 Jun 21 09:35 .. -rw-r--r--� 1 oneadmin cloud� 735 Jun 21 09:26 deployment.38 drwxrwxrwx� 2 oneadmin cloud 4096 Jun 21 09:26 images -rw-r--r--� 1 oneadmin cloud� 201 Jun 21 09:26 transfer.38.prolog oneadmin@opennebula-host:/var/lib/one/0/images# ls -la total 906256 drwxrwxrwx 2 oneadmin cloud����� 4096 Jun 21 09:26 . drwxrwxrwx 3 oneadmin cloud����� 4096 Jun 21 09:36 .. -rw-r--r-- 1 oneadmin cloud������ 736 Jun 21 09:26 deployment.38 -rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0 lrwxrwxrwx 1 oneadmin cloud������� 52 Jun 21 09:26 disk.1 -> /var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8 oneadmin@opennebula-host:~/images$ ls -la total 1040116 drwxrwx--T� 2 oneadmin root������� 4096 Jun 20 10:57 . drwxr-xr-x 10 oneadmin root������� 4096 Jun 21 09:37 .. -rw-rw----� 1 oneadmin root�� 927989760 Jun 20 10:57 46440b43448202b4ee69b4b541f5eeab -rw-rw----� 1 oneadmin root 10737418241 Jun 20 10:57 9c52b90a79dba7c26a912d05ff5190b8 Libvirtd and Qemu settings: /etc/libvirt/libvirtd.conf: listen_tls = 0 listen_tcp = 1 unix_sock_group = "libvirtd" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0777" unix_sock_dir = "/var/run/libvirt" auth_unix_ro = "none" auth_unix_rw = "none" /etc/libvirt/qemu.conf: security_driver = "none" user = "oneadmin" group = "cloud" dynamic_ownership = 0 /etc/default/libvirt-bin: start_libvirtd="yes" libvirtd_opts="-d -l" /etc/apparmor.d/usr.sbin.libvirtd: # Last Modified: Mon Jul� 6 17:23:58 2009 #include <tunables/global> @{LIBVIRT}="libvirt" /usr/sbin/libvirtd { � #include <abstractions/base> � # Site-specific additions and overrides. See local/README for details. � #include <local/usr.sbin.libvirtd> � capability kill, � capability net_admin, � capability net_raw, � capability setgid, � capability sys_admin, � capability sys_module, � capability sys_ptrace, � capability sys_nice, � capability sys_chroot, � capability setuid, � capability dac_override, � capability dac_read_search, � capability fowner, � capability chown, � capability setpcap, � capability mknod, � capability fsetid, � capability ipc_lock, � network inet stream, � network inet dgram, � network inet6 stream, � network inet6 dgram, � network packet dgram, � # for now, use a very lenient profile since we want to first focus on � # confining the guests � / r, � /** rwmkl, � /bin/* PUx, � /sbin/* PUx, � /usr/bin/* PUx, � /usr/sbin/* PUx, � /lib/udev/scsi_id PUx, � # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to � # write and run an ebtables script. � /var/lib/libvirt/virtd* ixr, � # force the use of virt-aa-helper � audit deny /sbin/apparmor_parser rwxl, � audit deny /etc/apparmor.d/libvirt/** wxl, � audit deny /sys/kernel/security/apparmor/features rwxl, � audit deny /sys/kernel/security/apparmor/matching rwxl, � audit deny /sys/kernel/security/apparmor/.* rwxl, � /sys/kernel/security/apparmor/profiles r, � /usr/lib/libvirt/* PUxr, � /etc/libvirt/hooks/** rmix, � /var/lib/one/** lrwk, � # allow changing to our UUID-based named profiles � change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, } User settings: oneadmin@opennebula-host:~/images$ groups oneadmin oneadmin : cloud root disk kvm libvirtd My question - where is an issue? Jan _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org-- Javier Font�n Mui�os Project Engineer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org�|�jfon...@opennebula.org�| @OpenNebula --
Ján Beňadik Managed Services - Solution Design Architect +421 46 5151 332 +421 903 691 634 jan.bena...@atos.net Vinohradnícka 6, 971 01 Prievidza www.sk.atos.net __________________________________ |
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org