I imported a guest from its iscsi storage domain and clicked the green UP button, but the guest failed to start. This was the first time vdsm tried to create a temporary storage domain for a host other than hosted_engine. I'm using the same chap credential that was used with the same iscsi storage domain with the old instance of Manager. It looks like it wasn't able to get permission to do something, but everything was set up with sudo-as-root. I used CentOS 7.2 with the ovirt-release repository and hosted-engine script to deploy Manager.
From /var/log/vdsm/vdsm.log on the host where it tried to start:
Thread-23385::ERROR::2016-11-19 02:12:41,907::vm::765::virt.vm::(_startUnderlyingVm) vmId=`c3125d32-ae2a-4d2f-af4c-13661d90ddf9`::The vm start process failed
Traceback (most recent call last):
File "/usr/share/vdsm/virt/vm.py", line 706, in _startUnderlyingVm
self._run()
File "/usr/share/vdsm/virt/vm.py", line 1996, in _run
self._connection.createXML(domxml, flags),
File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 123, in wrapper
ret = f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 917, in wrapper
return func(inst, *args, **kwargs)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3611, in createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
libvirtError: internal error: Could not get access to ACL tech driver 'ebiptables'
From /usr/lib64/python2.7/site-packages/libvirt.py which raised the error:
def createXML(self, xmlDesc, flags=0):
"""Launch a new guest domain, based on an XML description similar
to the one returned by virDomainGetXMLDesc()
This function may require privileged access to the hypervisor.
The domain is not persistent, so its definition will disappear when it
is destroyed, or if the host is restarted (see virDomainDefineXML() to
define persistent domains).
If the VIR_DOMAIN_START_PAUSED flag is set, the guest domain
will be started, but its CPUs will remain paused. The CPUs
can later be manually started using virDomainResume.
If the VIR_DOMAIN_START_AUTODESTROY flag is set, the guest
domain will be automatically destroyed when the virConnectPtr
object is finally released. This will also happen if the
client application crashes / loses its connection to the
libvirtd daemon. Any domains marked for auto destroy will
block attempts at migration, save-to-file, or snapshots.
virDomainFree should be used to free the resources after the
domain object is no longer needed. """
ret = libvirtmod.virDomainCreateXML(self._o, xmlDesc, flags)
if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
__tmp = virDomain(self,_obj=ret)
return __tmp