unsupported configuration: Unable to find security driver for model selinux
Hello, I recently installed ovirt cluster on 3 nodes and saw that I could only migrate one way Reviewing the logs I found this 2017-08-31 09:04:30,685-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') unsupported configuration: Unable to find security driver for model selinux (migration:287) 2017-08-31 09:04:30,698-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') Failed to migrate (migration:429) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 411, in run self._startUnderlyingMigration(time.time()) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 487, in _startUnderlyingMigration self._perform_with_conv_schedule(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 563, in _perform_with_conv_schedule self._perform_migration(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 529, in _perform_migration self._vm._dom.migrateToURI3(duri, params, flags) File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py", line 69, in f ret = attr(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 123, in wrapper ret = f(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 944, in wrapper return func(inst, *args, **kwargs) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1939, in migrateToURI3 if ret == -1: raise libvirtError ('virDomainMigrateToURI3() failed', dom=self) libvirtError: unsupported configuration: Unable to find security driver for model selinux Which led me to this https://bugzilla.redhat.com/show_bug.cgi?id=1013617 I could migrate from node1 -> node 2 but not node2 -> node1, so obviously I had something different with node 1. In this case, it was selinux On node 1 it is set to disabled but on node 2 it is set to permissive. I am not sure how they got different but I wanted to update this list with this finding Node 2 was setup directly via web UI in the engine with host -> new. Perhaps I manually set node 1 to disabled Does ovirt / libvirt expect permissive? Or does it expect enforcing? Or does it need to be both the same matching? thanks!
Also, to add to this, I figured all nodes need to "equal" in terms of selinux now so I went on node 1 and set selinux to permissive, rebooted, and then vdsmd wouldnt start which would show the host as nonresponsive in engine UI. Upon inspection of the log it was because of the missing sebool module. So I ran 'vdsm-tool configure --force' and then vdsmd started fine. Once doing this the host came up in the web UI Tested migrating a VM to it and it worked with no issue Hope this helps someone else who lands in this situation, however, I'd like to know what the expected environment of ovirt is. It would be helpful to have some checks along the way for this condition if its a blocker for functions On Thu, Aug 31, 2017 at 9:09 AM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello,
I recently installed ovirt cluster on 3 nodes and saw that I could only migrate one way
Reviewing the logs I found this
2017-08-31 09:04:30,685-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') unsupported configuration: Unable to find security driver for model selinux (migration:287) 2017-08-31 09:04:30,698-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') Failed to migrate (migration:429) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 411, in run self._startUnderlyingMigration(time.time()) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 487, in _startUnderlyingMigration self._perform_with_conv_schedule(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 563, in _perform_with_conv_schedule self._perform_migration(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 529, in _perform_migration self._vm._dom.migrateToURI3(duri, params, flags) File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py", line 69, in f ret = attr(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 123, in wrapper ret = f(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 944, in wrapper return func(inst, *args, **kwargs) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1939, in migrateToURI3 if ret == -1: raise libvirtError ('virDomainMigrateToURI3() failed', dom=self) libvirtError: unsupported configuration: Unable to find security driver for model selinux
Which led me to this
https://bugzilla.redhat.com/show_bug.cgi?id=1013617
I could migrate from node1 -> node 2 but not node2 -> node1, so obviously I had something different with node 1. In this case, it was selinux
On node 1 it is set to disabled but on node 2 it is set to permissive. I am not sure how they got different but I wanted to update this list with this finding
Node 2 was setup directly via web UI in the engine with host -> new. Perhaps I manually set node 1 to disabled
Does ovirt / libvirt expect permissive? Or does it expect enforcing? Or does it need to be both the same matching?
thanks!
On Thu, Aug 31, 2017 at 4:25 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Also, to add to this, I figured all nodes need to "equal" in terms of selinux now so I went on node 1 and set selinux to permissive, rebooted, and then vdsmd wouldnt start which would show the host as nonresponsive in engine UI. Upon inspection of the log it was because of the missing sebool module. So I ran 'vdsm-tool configure --force' and then vdsmd started fine. Once doing this the host came up in the web UI
Tested migrating a VM to it and it worked with no issue
Hope this helps someone else who lands in this situation, however, I'd like to know what the expected environment of ovirt is. It would be helpful to have some checks along the way for this condition if its a blocker for functions
We do not test without SELinux enabled, and we know of issues when it's only half disabled. Y.
On Thu, Aug 31, 2017 at 9:09 AM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello,
I recently installed ovirt cluster on 3 nodes and saw that I could only migrate one way
Reviewing the logs I found this
2017-08-31 09:04:30,685-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') unsupported configuration: Unable to find security driver for model selinux (migration:287) 2017-08-31 09:04:30,698-0400 ERROR (migsrc/1eca84bd) [virt.vm] (vmId='1eca84bd-2796-469d-a071-6ba2b21d82f4') Failed to migrate (migration:429) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 411, in run self._startUnderlyingMigration(time.time()) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 487, in _startUnderlyingMigration self._perform_with_conv_schedule(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 563, in _perform_with_conv_schedule self._perform_migration(duri, muri) File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 529, in _perform_migration self._vm._dom.migrateToURI3(duri, params, flags) File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py", line 69, in f ret = attr(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 123, in wrapper ret = f(*args, **kwargs) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 944, in wrapper return func(inst, *args, **kwargs) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1939, in migrateToURI3 if ret == -1: raise libvirtError ('virDomainMigrateToURI3() failed', dom=self) libvirtError: unsupported configuration: Unable to find security driver for model selinux
Which led me to this
https://bugzilla.redhat.com/show_bug.cgi?id=1013617
I could migrate from node1 -> node 2 but not node2 -> node1, so obviously I had something different with node 1. In this case, it was selinux
On node 1 it is set to disabled but on node 2 it is set to permissive. I am not sure how they got different but I wanted to update this list with this finding
Node 2 was setup directly via web UI in the engine with host -> new. Perhaps I manually set node 1 to disabled
Does ovirt / libvirt expect permissive? Or does it expect enforcing? Or does it need to be both the same matching?
thanks!
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Charles Kozler -
Yaniv Kaul