[ovirt-users] unsupported configuration: Unable to find security driver for model selinux
Yaniv Kaul
ykaul at redhat.com
Sun Sep 10 13:19:36 UTC 2017
On Thu, Aug 31, 2017 at 4:25 PM, Charles Kozler <ckozleriii at gmail.com>
wrote:
> Also, to add to this, I figured all nodes need to "equal" in terms of
> selinux now so I went on node 1 and set selinux to permissive, rebooted,
> and then vdsmd wouldnt start which would show the host as nonresponsive in
> engine UI. Upon inspection of the log it was because of the missing sebool
> module. So I ran 'vdsm-tool configure --force' and then vdsmd started fine.
> Once doing this the host came up in the web UI
>
> Tested migrating a VM to it and it worked with no issue
>
> Hope this helps someone else who lands in this situation, however, I'd
> like to know what the expected environment of ovirt is. It would be helpful
> to have some checks along the way for this condition if its a blocker for
> functions
>
We do not test without SELinux enabled, and we know of issues when it's
only half disabled.
Y.
>
> On Thu, Aug 31, 2017 at 9:09 AM, Charles Kozler <ckozleriii at gmail.com>
> wrote:
>
>> Hello,
>>
>> I recently installed ovirt cluster on 3 nodes and saw that I could only
>> migrate one way
>>
>> Reviewing the logs I found this
>>
>> 2017-08-31 09:04:30,685-0400 ERROR (migsrc/1eca84bd) [virt.vm]
>> (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') unsupported configuration:
>> Unable to find security driver for model selinux (migration:287)
>> 2017-08-31 09:04:30,698-0400 ERROR (migsrc/1eca84bd) [virt.vm]
>> (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') Failed to migrate
>> (migration:429)
>> Traceback (most recent call last):
>> File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line
>> 411, in run
>> self._startUnderlyingMigration(time.time())
>> File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line
>> 487, in _startUnderlyingMigration
>> self._perform_with_conv_schedule(duri, muri)
>> File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line
>> 563, in _perform_with_conv_schedule
>> self._perform_migration(duri, muri)
>> File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line
>> 529, in _perform_migration
>> self._vm._dom.migrateToURI3(duri, params, flags)
>> File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py", line
>> 69, in f
>> ret = attr(*args, **kwargs)
>> File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py",
>> line 123, in wrapper
>> ret = f(*args, **kwargs)
>> File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 944, in
>> wrapper
>> return func(inst, *args, **kwargs)
>> File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1939, in
>> migrateToURI3
>> if ret == -1: raise libvirtError ('virDomainMigrateToURI3() failed',
>> dom=self)
>> libvirtError: unsupported configuration: Unable to find security driver
>> for model selinux
>>
>>
>> Which led me to this
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1013617
>>
>> I could migrate from node1 -> node 2 but not node2 -> node1, so obviously
>> I had something different with node 1. In this case, it was selinux
>>
>> On node 1 it is set to disabled but on node 2 it is set to permissive. I
>> am not sure how they got different but I wanted to update this list with
>> this finding
>>
>> Node 2 was setup directly via web UI in the engine with host -> new.
>> Perhaps I manually set node 1 to disabled
>>
>> Does ovirt / libvirt expect permissive? Or does it expect enforcing? Or
>> does it need to be both the same matching?
>>
>> thanks!
>>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170910/54928353/attachment.html>
More information about the Users
mailing list