On Fri, May 20, 2016 at 11:48 PM, Bill James <bill.james@j2.com> wrote:
I had added user = "root" because we use the import-to-ovirt.pl to move Vms from our old virtual platform to ovirt. My understanding was that was required for the to work. Is that not true or is the import script not worth the headaches caused? (https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/)
I don't know anything about this solution, adding Richard to add more info. If you run 3.6, you can use v2v to import from other systems. Adding Shahar to add into on v2v. Nir
[root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user /etc/libvirt/qemu.conf user = "root"
I'm assuming that's what sets the qemu user.
When I first tried using that script without setting "user = root" it didn't work.
On 5/20/16 1:16 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar.
Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See http://www.gluster.org/community/documentation/index.php/Translators/feature...
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote: > > another data point. > Changing just owner to qemu doesn't help. > Changing just group to qemu does. VM starts fine after that. > > > > On 05/18/2016 11:49 AM, Bill James wrote: >> >> Some added info. This issue seems to be just like this bug: >> https://bugzilla.redhat.com/show_bug.cgi?id=1052114 >> >> I have verified that chown qemu:qemu of disk image also fixes the >> startup issue. >> I'm using raw, not qcow images. >> >> >> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img >> info 253f9615-f111-45ca-bdce-cbc9e70406df >> image: 253f9615-f111-45ca-bdce-cbc9e70406df >> file format: raw >> virtual size: 20G (21474836480 bytes) >> disk size: 1.9G >> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l >> 253f9615-f111-45ca-bdce-cbc9e70406df >> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 >> 253f9615-f111-45ca-bdce-cbc9e70406df >> >> (default perms = vdsm:kvm) >> >> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 >> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 >> libvirt-daemon-1.2.17-13.el7_2.4.x86_64 >> >> >> Ideas?? >> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.