Re: [one-users] Error when instantiating VM from image - next status

Jan Benadik Sun, 24 Jun 2012 11:56:09 -0700

No - this attempt was with SSH transfer driver, not shared.

Jan

Dňa 22.06.2012 17:18, Ruben S. Montero wrote / napísal(a):

Seems the same thing... is it /var/lib/one/ in an NFS volume in the host?
BTW, you need ACPI installed in the guest domains to shutdown them, if not you can just use cancel
On Fri, Jun 22, 2012 at 4:39 PM, Jan Benadik <jan.bena...@atos.net> wrote:
Other error message (with SSH transfer driver used):
Fri Jun 22 14:08:53 2012 [LCM][I]: New VM state is BOOT
Fri Jun 22 14:08:53 2012 [VMM][I]: Generating deployment file: /var/lib/one/0/deployment.1
Fri Jun 22 14:08:53 2012 [VMM][I]: ExitCode: 0
Fri Jun 22 14:08:53 2012 [VMM][I]: Successfully execute network driver operation: pre.
Fri Jun 22 14:09:24 2012 [VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.1 10.0.5.201 0 10.0.5.201
Fri Jun 22 14:09:24 2012 [VMM][I]: error: Failed to create domain from /var/lib/one/0/images/deployment.1
Fri Jun 22 14:09:24 2012 [VMM][I]: error: monitor socket did not show up.: No such file or directory
Fri Jun 22 14:09:24 2012 [VMM][E]: Could not create domain from /var/lib/one/0/images/deployment.1
Fri Jun 22 14:09:24 2012 [VMM][I]: ExitCode: 255
Fri Jun 22 14:09:24 2012 [VMM][I]: Failed to execute virtualization driver operation: deploy.
Fri Jun 22 14:09:24 2012 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one/0/images/deployment.1
Fri Jun 22 14:09:25 2012 [DiM][I]: New VM state is FAILED

In syslog it is very similar:
Jun 22 16:45:01 tyan-host kernel: [82002.423842] type=1505 audit(1340376301.285:71): operation="profile_load" pid=24477 name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79"
Jun 22 16:45:01 tyan-host libvirtd: 16:45:01.317: error : qemuDomainSetFileOwnership:2222 : cannot set ownership on /var/lib/one/0/images/disk.0: Permission denied
Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.327: error : qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or directory
Jun 22 16:45:31 tyan-host libvirtd: 16:45:31.328: error : qemuConnectMonitor:822 : Failed to connect monitor for one-0#012
Jun 22 16:45:31 tyan-host kernel: [82032.643614] type=1505 audit(1340376331.505:72): operation="profile_remove" pid=24585 name="libvirt-3cd36a8d-dd19-6b86-333e-f0249700ba79" namespace="root"

Jan

Dňa 22.06.2012 11:58, Jaime Melis wrote / napísal(a):
Hello Jan,

I forgot to mention that it's not enough with using the SSH transfer driver, you also have to unmount all your NFS exports in your hypervisor node, so the disk images aren't copied to an NFS filesystem.
Cheers,
Jaime
On Fri, Jun 22, 2012 at 11:21 AM, Jaime Melis <jme...@opennebula.org> wrote:
Hello Jan,

let's try without NFS just to rule it out. Can you use the SSH transfer driver:

http://opennebula.org/documentation:rel3.4:fs_ds#using_the_ssh_transfer_driver

and try launching the VM again?

By the way, after reading your logs it seems you're not using the last stable release OpenNebula 3.4. Could you upgrade to this release?
Regards,
Jaime
On Fri, Jun 22, 2012 at 8:01 AM, Jan Benadik <jan.bena...@atos.net> wrote:
Yes, it runs:
oneadmin@nebula-3:~$ ps aux |grep oned
oneadmin 10158 0.0 0.1 1172252 8020 ? Sl Jun21 0:22 /usr/bin/oned -f

When I changed security_driver in qemu.conf to default state
/etc/libvirt/qemu.conf:
# security_driver = "selinux"
my error message went back to previous state (but still was there) ...

When I replaced OS on host to Ubuntu 10.04 Server (with the same settings), error message is:

Thu Jun 21 16:41:17 2012 [LCM][I]: New VM state is BOOT
Thu Jun 21 16:41:17 2012 [VMM][I]: Generating deployment file: /var/lib/one/1/deployment.4
Thu Jun 21 16:41:17 2012 [VMM][I]: ExitCode: 0
Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver operation: pre.
Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan
Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from /var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on /var/lib/one/1/images/disk.1: Permission denied
Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from /var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization driver operation: deploy.
Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one/1/images/deployment.4
Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED

Messages in /var/log/syslog at the same time:
Jun 22 10:17:01 tyan-host CRON[12881]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jun 22 10:22:04 tyan-host kernel: [59025.594722] type=1505 audit(1340353324.455:27): operation="profile_load" pid=13044 name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1"
Jun 22 10:22:04 tyan-host libvirtd: 10:22:04.470: error : qemuDomainSetFileOwnership:2222 : cannot set ownership on /var/lib/one/1/images/disk.0: Permission denied
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error : qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or directory
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.481: error : qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: error : qemuDomainSetFileOwnership:2222 : cannot set ownership on /var/lib/one/1/images/disk.1: Permission denied
Jun 22 10:22:34 tyan-host libvirtd: 10:22:34.665: warning : qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for one-1
Jun 22 10:22:34 tyan-host kernel: [59055.797448] type=1505 audit(1340353354.655:28): operation="profile_remove" pid=13051 name="libvirt-f42d2d5f-e5a0-3bcd-a445-1d3d876451e1" namespace="root"

Jan
DĹ a 21.06.2012 17:19, Javier Fontan wrote / napĂsal(a):
Also, I supposte oned is running as oneadmin user. Just to check.
On Thu, Jun 21, 2012 at 5:19 PM, Javier Fontan <jfon...@opennebula.org> wrote:
I am checking my configuration ans the only differences are:

* oneadmin is in group oneadmin
* qemu group is oneadmin
* ďż˝/var/lib/one/** lrwk, line is in /etc/apparmor.d/local/usr.sbin.libvirtd

Can you try moving the line of apparmor to
/etc/apparmor.d/local/usr.sbin.libvirtd? Maybe there's a precedence
problem that we don't know of. Unfortunately I am not an apparmor.

On Thu, Jun 21, 2012 at 9:55 AM, Jan Benadik <jan.bena...@atos.net> wrote:
So - now I have still the same error message in oned.log:
Thu Jun 21 09:26:42 2012 [LCM][I]: New VM state is BOOT
Thu Jun 21 09:26:42 2012 [VMM][I]: Generating deployment file:
/var/lib/one/0/deployment.38
Thu Jun 21 09:26:42 2012 [VMM][I]: ExitCode: 0
Thu Jun 21 09:26:42 2012 [VMM][I]: Successfully execute network driver
operation: pre.
Thu Jun 21 09:26:44 2012 [VMM][I]: Command execution fail: cat << EOT |
/var/tmp/one/vmm/kvm/deploy /var/lib/one/0/images/deployment.38 myto 0 myto
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Failed to create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: error: Unable to read from monitor:
Connection reset by peer
Thu Jun 21 09:26:44 2012 [VMM][E]: Could not create domain from
/var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:44 2012 [VMM][I]: ExitCode: 255
Thu Jun 21 09:26:44 2012 [VMM][I]: Failed to execute virtualization driver
operation: deploy.
Thu Jun 21 09:26:44 2012 [VMM][E]: Error deploying virtual machine: Could
not create domain from /var/lib/one/0/images/deployment.38
Thu Jun 21 09:26:45 2012 [DiM][I]: New VM state is FAILED

At the same time in the /var/log/libvirt/libvirtd.log the following message
appears:
2012-06-21 09:27:43.610+0000: 1114: warning :
virDomainDiskDefForeachPath:13244 : Ignoring open failure on
/var/lib/one/0/images/disk.1: Permission denied
2012-06-21 09:27:44.296+0000: 1110: error : qemuMonitorIORead:513 : Unable
to read from monitor: Connection reset by peer

Nothing in /var/log/syslog (doesn't matter if apparmor is running, stopped,
flushed ...!).

Permissions of files and folders:
oneadmin@opennebula-host:/var/lib$ ls -ld /var/lib/one
drwxr-xr-x 10 oneadmin root 4096 Jun 21 09:49 /var/lib/one

oneadmin@opennebula-host:/var/lib/one# ls -la
total 132
drwxr-xr-xďż˝ 8 oneadmin rootďż˝ďż˝ 4096 Jun 21 09:27 .
drwxr-xr-x 37 rootďż˝ďż˝ďż˝ďż˝ rootďż˝ďż˝ 4096 Jun 21 06:30 ..
-rw-------ďż˝ 1 oneadmin cloudďż˝ 2261 Jun 21 08:42 .bash_history
drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:48 .cache
drwx------ďż˝ 2 oneadmin cloudďż˝ 4096 Jun 20 09:49 .one
drwx------ďż˝ 2 oneadmin rootďż˝ďż˝ 4096 Jun 20 17:43 .ssh
-rw-------ďż˝ 1 oneadmin cloudďż˝ 3412 Jun 20 11:06 .viminfo
drwxrwxrwxďż˝ 3 oneadmin cloudďż˝ 4096 Jun 21 09:26 0
-rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 1738 Jun 21 08:50 config
drwxrwx--Tďż˝ 2 oneadmin rootďż˝ďż˝ 4096 Jun 20 10:57 images
-rw-r--r--ďż˝ 1 oneadmin cloud 67584 Jun 21 09:27 one.db
-rw-r--r--ďż˝ 1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
drwxr-xr-xďż˝ 8 rootďż˝ďż˝ďż˝ďż˝ rootďż˝ďż˝ 4096 Jun 20 09:33 remotes

oneadmin@opennebula-host:/var/lib/one/0# ls -la
total 20
drwxrwxrwxďż˝ 3 oneadmin cloud 4096 Jun 21 09:36 .
drwxr-xr-x 10 oneadmin rootďż˝ 4096 Jun 21 09:35 ..
-rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 735 Jun 21 09:26 deployment.38
drwxrwxrwxďż˝ 2 oneadmin cloud 4096 Jun 21 09:26 images
-rw-r--r--ďż˝ 1 oneadmin cloudďż˝ 201 Jun 21 09:26 transfer.38.prolog

oneadmin@opennebula-host:/var/lib/one/0/images# ls -la
total 906256
drwxrwxrwx 2 oneadmin cloudďż˝ďż˝ďż˝ďż˝ďż˝ 4096 Jun 21 09:26 .
drwxrwxrwx 3 oneadmin cloudďż˝ďż˝ďż˝ďż˝ďż˝ 4096 Jun 21 09:36 ..
-rw-r--r-- 1 oneadmin cloudďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ 736 Jun 21 09:26 deployment.38
-rw-rw-rw- 1 oneadmin cloud 927989760 Jun 21 09:26 disk.0
lrwxrwxrwx 1 oneadmin cloudďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ 52 Jun 21 09:26 disk.1 ->
/var/lib/one/images/9c52b90a79dba7c26a912d05ff5190b8

oneadmin@opennebula-host:~/images$ ls -la
total 1040116
drwxrwx--Tďż˝ 2 oneadmin rootďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ 4096 Jun 20 10:57 .
drwxr-xr-x 10 oneadmin rootďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ďż˝ 4096 Jun 21 09:37 ..
-rw-rw----ďż˝ 1 oneadmin rootďż˝ďż˝ 927989760 Jun 20 10:57
46440b43448202b4ee69b4b541f5eeab
-rw-rw----ďż˝ 1 oneadmin root 10737418241 Jun 20 10:57
9c52b90a79dba7c26a912d05ff5190b8


Libvirtd and Qemu settings:
/etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0777"
unix_sock_dir = "/var/run/libvirt"
auth_unix_ro = "none"
auth_unix_rw = "none"

/etc/libvirt/qemu.conf:
security_driver = "none"
user = "oneadmin"
group = "cloud"
dynamic_ownership = 0

/etc/default/libvirt-bin:
start_libvirtd="yes"
libvirtd_opts="-d -l"

/etc/apparmor.d/usr.sbin.libvirtd:
# Last Modified: Mon Julďż˝ 6 17:23:58 2009
#include <tunables/global>
@{LIBVIRT}="libvirt"

/usr/sbin/libvirtd {
ďż˝ #include <abstractions/base>
ďż˝ # Site-specific additions and overrides. See local/README for details.
ďż˝ #include <local/usr.sbin.libvirtd>

ďż˝ capability kill,
ďż˝ capability net_admin,
ďż˝ capability net_raw,
ďż˝ capability setgid,
ďż˝ capability sys_admin,
ďż˝ capability sys_module,
ďż˝ capability sys_ptrace,
ďż˝ capability sys_nice,
ďż˝ capability sys_chroot,
ďż˝ capability setuid,
ďż˝ capability dac_override,
ďż˝ capability dac_read_search,
ďż˝ capability fowner,
ďż˝ capability chown,
ďż˝ capability setpcap,
ďż˝ capability mknod,
ďż˝ capability fsetid,
ďż˝ capability ipc_lock,

ďż˝ network inet stream,
ďż˝ network inet dgram,
ďż˝ network inet6 stream,
ďż˝ network inet6 dgram,
ďż˝ network packet dgram,

ďż˝ # for now, use a very lenient profile since we want to first focus on
ďż˝ # confining the guests
ďż˝ / r,
ďż˝ /** rwmkl,

ďż˝ /bin/* PUx,
ďż˝ /sbin/* PUx,
ďż˝ /usr/bin/* PUx,
ďż˝ /usr/sbin/* PUx,
ďż˝ /lib/udev/scsi_id PUx,

ďż˝ # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
ďż˝ # write and run an ebtables script.
ďż˝ /var/lib/libvirt/virtd* ixr,

ďż˝ # force the use of virt-aa-helper
ďż˝ audit deny /sbin/apparmor_parser rwxl,
ďż˝ audit deny /etc/apparmor.d/libvirt/** wxl,
ďż˝ audit deny /sys/kernel/security/apparmor/features rwxl,
ďż˝ audit deny /sys/kernel/security/apparmor/matching rwxl,
ďż˝ audit deny /sys/kernel/security/apparmor/.* rwxl,
ďż˝ /sys/kernel/security/apparmor/profiles r,
ďż˝ /usr/lib/libvirt/* PUxr,
ďż˝ /etc/libvirt/hooks/** rmix,
ďż˝ /var/lib/one/** lrwk,

ďż˝ # allow changing to our UUID-based named profiles
ďż˝ change_profile ->
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,

}

User settings:
oneadmin@opennebula-host:~/images$ groups oneadmin
oneadmin : cloud root disk kvm libvirtd



My question - where is an issue?

Jan


_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Javier Fontďż˝n Muiďż˝os
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.orgďż˝|ďż˝jfon...@opennebula.orgďż˝| @OpenNebula
--

JĂĄn BeĹ adik

Managed Services - Solution Design Architect
+421 46 5151 332
+421 903 691 634
jan.bena...@atos.net

VinohradnĂcka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jme...@opennebula.org
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jme...@opennebula.org
--

Ján Beňadik
Managed Services - Solution Design Architect
+421 46 5151 332
+421 903 691 634
jan.bena...@atos.net
Vinohradnícka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula

Ján Beňadik
Managed Services - Solution Design Architect
+421 46 5151 332
+421 903 691 634
jan.bena...@atos.net
Vinohradnícka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________

_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Error when instantiating VM from image - next status

Reply via email to