<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br> <BR><div>> Date: Fri, 6 Sep 2013 22:05:05 +0100<br>> From: danken@redhat.com<br>> To: jvdwege@xs4all.nl<br>> CC: users@ovirt.org<br>> Subject: Re: [Users] very odd permission problem<br>> <br>> On Fri, Sep 06, 2013 at 04:05:13PM +0200, Joop wrote:<br>> > Alessandro Bianchi wrote:<br>> > >>On 6-9-2013 12:34, Alessandro Bianchi wrote:<br>> > >>>Hi all<br>> > >>><br>> > >>>I'm running 3.2 on several Fedora 18 nodes<br>> > >>><br>> > >>>One of them has a local storage running 4 VMs<br>> > >>><br>> > >>>Today the UPS crashed and host was rebboted after UPS replacement<br>> > >>><br>> > >>>None of the VM's were able to be started<br>> > >>><br>> > >>>I tried to put the Host in maintenance and reinstalled it, but this<br>> > >>>didn't give any result<br>> > >>><br>> > >>>Digging into the logs I discovered the following error:<br>> > >>><br>> > >>>The first was of this kind (on every VM)<br>> > >>><br>> > >>> File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2630, in<br>> > >>>createXML<br>> > >>> if ret is None:raise libvirtError('virDomainCreateXML() failed',<br>> > >>>conn=self)<br>> > >>>libvirtError: errore interno process exited while connecting to<br>> > >>>monitor: ((null):5034): Spice-Warning **: reds.c:3247:reds_init_ssl:<br>> > >>>Could not use private key file<br>> > >>>qemu-kvm: failed to initialize spice server<br>> > >>><br>> > >>>Thread-564::DEBUG::2013-09-06<br>> > >>>11:31:32,814::vm::1065::vm.Vm::(setDownStatus)<br>> > >>>vmId=`49d84915-490b-497d-a3f8-c7dac7485281`::Changed state to Down:<br>> > >>>errore interno process exited while connecting to monitor:<br>> > >>>((null):5034): Spice-Warning **: reds.c:3247:reds_init_ssl: Could not<br>> > >>>use private key file<br>> > >>>qemu-kvm: failed to initialize spice server<br>> > >>><br>> > >>>The private key was marked 440 as permission owned by vdsm user and<br>> > >>>kvm group<br>> > >>><br>> > >>>I had to change it to 444 to allow everyone to read it<br>> > >>><br>> > >>>After that I had for every VM the following error:<br>> > >>><br>> > >>>could not open disk image<br>> > >>>/rhev/data-center/3935800a-abe4-406d-84a1-4c3c0b915cce/6818de31-5cda-41d0-a41a-681230a409ba/images/54144c03-5057-462e-8275-6ab386ae8c5a/01298998-32d5-44c2-b5d1-91be1316ed19:<br>> > >>><br>> > >>>Permission denied<br>> > >>><br>> > >>>Disks were owned by vdsm:kvm with 660 permission<br>> > >>><br>> > >>>I had to relax this to 666 to enable the VMs to start<br>> > >>><br>> > >>>Has anyone faced this kind f problem before?<br>> > >>><br>> > >>Yes, me.<br>> > >>>Any hint about what may have caused this odd problem?<br>> > >>><br>> > >>yum update.<br>> > >><br>> > >>I updated one of my hosts and after that that host couldn't start VMs<br>> > >>anymore with exact the same errors. See thread 'Starting VM error' by<br>> > >>Shaun Glass. I tried a couple of things but not making world readable<br>> > >>those files. Will probably restore a backup and try it.<br>> > >>I added the virt-preview repo for F18 and updated qemu/libvirt which<br>> > >>also solved the problem.<br>> > >>The difference between the updated and not updated host were really<br>> > >>minimal. See the thead for logs.<br>> > >><br>> > >>Regards,<br>> > >><br>> > >>Joop<br>> > >Thank you for your very quick answer<br>> > ><br>> > >I suspected the same thing !<br>> > ><br>> > >I'll update libvirt and revert the permission changes<br>> > ><br>> > That will give you way way newer libvirt/qemu than you probably<br>> > want. I would keep the permission changes and hope that one of the<br>> > following updates to either libvirt/qemu fixes this problem.<br>> <br>> Joop, I'm sorry that I have many requests and few answers, but if indeed<br>> the problem is related to a version of libvirt/qemu, would yould you try<br>> to reproduce it outside ovirt?<br>> <br>> I mean, in your working/non-working hosts, could you create a vdsm:kvm-<br>> owned image, and try to run it from virsh (using vdsm@ovirt user and the<br>> ever-so-secret password listed in vdsm/libvirt_password)?<br>> <br>> What happens if you chown your image to vdsm:qemu? (keeping mode as 660)<br>> <br>> What's `groups qemu` on your hosts?<br>> <br>> Could you attach gdb to the short-living qemu process, and run<br>> getgroups(2) on it?<br>> <br>> Dan.</div><div> </div><div>> > >>>errore interno process exited while connecting to monitor:<br>> > >>>((null):5034): Spice-Warning **: reds.c:3247:reds_init_ssl: Could not<br>> > >>>use private key file</div><div> </div><div>I just ran into this myself on a fresh 3.2.2 install. Enabling the virt-preview repo and doing a yum update fixed the spice-warning issue and the VMs started right up. That might help you Joop.</div><div> </div><div> </div><div>Another issue, ovirt-engine-sdk is newer on the fedora repos than in the ovirt-repo. The fedora one caused issues (I forget which error at the moment), so I had to disable the fedora repos, remove ovirt-engine-sdk, and then reinstall it from the ovirt-repo.</div><div> </div><div> </div><div> </div><div><br>> _______________________________________________<br>> Users mailing list<br>> Users@ovirt.org<br>> http://lists.ovirt.org/mailman/listinfo/users<br></div> </div></body>
</html>