gluster VM disk permissions
--------------030708060003050100080602 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit I'm sure I must have just missed something... I just setup a new ovirt cluster with gluster & nfs data domains. VMs on the NFS domain startup with no issues. VMs on the gluster domains complain of "Permission denied" on startup. 2016-05-17 14:14:51,959 ERROR [org.ovirt.engine.core.dal.dbbroker.audi tloghandling.AuditLogDirector] (ForkJoinPool-1-worker-11) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM billj7-2.j2noc.com is down with error. Exit message: internal error: process exited while connecting to monitor: 2016-05-17T21:14:51.162932Z qemu-kvm: -drive file=/rhev/data-center/00000001-0001-0001-0001-0000000002c5/22df0943-c131-4ed8-ba9c-05923afcf8e3/images/2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25/a2b0a04d-041f-4342-9687-142cc641b35e,if=none,id=drive-virtio-disk0,format=raw,serial=2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25,cache=none,werror=stop,rerror=stop,aio=threads: Could not open '/rhev/data-center/00000001-0001-0001-0001-0000000002c5/22df0943-c131-4ed8-ba9c-05923afcf8e3/images/2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25/a2b0a04d-041f-4342-9687-142cc641b35e': Permission denied I did setup gluster permissions: gluster volume set gv1 storage.owner-uid 36 gluster volume set gv1 storage.owner-gid 36 files look fine: [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# ls -lah total 2.0G drwxr-xr-x 2 vdsm kvm 4.0K May 17 09:39 . drwxr-xr-x 11 vdsm kvm 4.0K May 17 10:40 .. -rw-rw---- 1 vdsm kvm 20G May 17 10:33 a2b0a04d-041f-4342-9687-142cc641b35e -rw-rw---- 1 vdsm kvm 1.0M May 17 09:38 a2b0a04d-041f-4342-9687-142cc641b35e.lease -rw-r--r-- 1 vdsm kvm 259 May 17 09:39 a2b0a04d-041f-4342-9687-142cc641b35e.meta I did check and vdsm user can read the file just fine. *If I change mod disk to 666 VM starts up fine.* [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# grep 36 /etc/passwd /etc/group /etc/passwd:vdsm:x:36:36:Node Virtualization Manager:/:/bin/bash /etc/group:kvm:x:36:qemu,sanlock ovirt-engine-3.6.4.1-1.el7.centos.noarch glusterfs-3.7.11-1.el7.x86_64 I also set libvirt qemu user to root, for import-to-ovirt.pl script. [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# grep ^user /etc/libvirt/qemu.conf user = "root" [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# gluster volume info gv1 Volume Name: gv1 Type: Replicate Volume ID: 062aa1a5-91e8-420d-800e-b8bc4aff20d8 Status: Started Number of Bricks: 1 x 3 = 3 Transport-type: tcp Bricks: Brick1: ovirt1-gl.j2noc.com:/ovirt-store/brick1/gv1 Brick2: ovirt2-gl.j2noc.com:/ovirt-store/brick1/gv1 Brick3: ovirt3-gl.j2noc.com:/ovirt-store/brick1/gv1 Options Reconfigured: performance.readdir-ahead: on performance.quick-read: off performance.read-ahead: off performance.io-cache: off performance.stat-prefetch: off cluster.eager-lock: enable network.remote-dio: enable cluster.quorum-type: auto cluster.server-quorum-type: server features.shard: on features.shard-block-size: 64MB storage.owner-uid: 36 storage.owner-gid: 36 [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# gluster volume status gv1 Status of volume: gv1 Gluster process TCP Port RDMA Port Online Pid ------------------------------------------------------------------------------ Brick ovirt1-gl.j2noc.com:/ovirt-store/bric k1/gv1 49152 0 Y 2046 Brick ovirt2-gl.j2noc.com:/ovirt-store/bric k1/gv1 49152 0 Y 22532 Brick ovirt3-gl.j2noc.com:/ovirt-store/bric k1/gv1 49152 0 Y 59683 NFS Server on localhost 2049 0 Y 2200 Self-heal Daemon on localhost N/A N/A Y 2232 NFS Server on ovirt3-gl.j2noc.com 2049 0 Y 65363 Self-heal Daemon on ovirt3-gl.j2noc.com N/A N/A Y 65371 NFS Server on ovirt2-gl.j2noc.com 2049 0 Y 17621 Self-heal Daemon on ovirt2-gl.j2noc.com N/A N/A Y 17629 Task Status of Volume gv1 ------------------------------------------------------------------------------ There are no active volume tasks ?? --------------030708060003050100080602 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> I'm sure I must have just missed something...<br> I just setup a new ovirt cluster with gluster & nfs data domains.<br> <br> VMs on the NFS domain startup with no issues.<br> VMs on the gluster domains complain of "Permission denied" on startup.<br> <br> 2016-05-17 14:14:51,959 ERROR [org.ovirt.engine.core.dal.dbbroker.audi<br> tloghandling.AuditLogDirector] (ForkJoinPool-1-worker-11) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM billj7-2.j2noc.com is down with error. Exit message: internal error: process exited while connecting to monitor: 2016-05-17T21:14:51.162932Z qemu-kvm: -drive file=/rhev/data-center/00000001-0001-0001-0001-0000000002c5/22df0943-c131-4ed8-ba9c-05923afcf8e3/images/2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25/a2b0a04d-041f-4342-9687-142cc641b35e,if=none,id=drive-virtio-disk0,format=raw,serial=2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25,cache=none,werror=stop,rerror=stop,aio=threads: Could not open '/rhev/data-center/00000001-0001-0001-0001-0000000002c5/22df0943-c131-4ed8-ba9c-05923afcf8e3/images/2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25/a2b0a04d-041f-4342-9687-142cc641b35e': Permission denied<br> <br> <br> I did setup gluster permissions:<br> gluster volume set gv1 storage.owner-uid 36<br> gluster volume set gv1 storage.owner-gid 36<br> <br> files look fine:<br> [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# ls -lah<br> total 2.0G<br> drwxr-xr-x 2 vdsm kvm 4.0K May 17 09:39 .<br> drwxr-xr-x 11 vdsm kvm 4.0K May 17 10:40 ..<br> -rw-rw---- 1 vdsm kvm 20G May 17 10:33 a2b0a04d-041f-4342-9687-142cc641b35e<br> -rw-rw---- 1 vdsm kvm 1.0M May 17 09:38 a2b0a04d-041f-4342-9687-142cc641b35e.lease<br> -rw-r--r-- 1 vdsm kvm 259 May 17 09:39 a2b0a04d-041f-4342-9687-142cc641b35e.meta<br> <br> I did check and vdsm user can read the file just fine.<br> <b>If I change mod disk to 666 VM starts up fine.</b><br> <br> <br> [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# grep 36 /etc/passwd /etc/group<br> /etc/passwd:vdsm:x:36:36:Node Virtualization Manager:/:/bin/bash<br> /etc/group:kvm:x:36:qemu,sanlock<br> <br> <br> ovirt-engine-3.6.4.1-1.el7.centos.noarch<br> glusterfs-3.7.11-1.el7.x86_64<br> <br> <br> I also set libvirt qemu user to root, for import-to-ovirt.pl script.<br> <br> [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# grep ^user /etc/libvirt/qemu.conf <br> user = "root"<br> <br> <br> [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# gluster volume info gv1<br> <br> Volume Name: gv1<br> Type: Replicate<br> Volume ID: 062aa1a5-91e8-420d-800e-b8bc4aff20d8<br> Status: Started<br> Number of Bricks: 1 x 3 = 3<br> Transport-type: tcp<br> Bricks:<br> Brick1: ovirt1-gl.j2noc.com:/ovirt-store/brick1/gv1<br> Brick2: ovirt2-gl.j2noc.com:/ovirt-store/brick1/gv1<br> Brick3: ovirt3-gl.j2noc.com:/ovirt-store/brick1/gv1<br> Options Reconfigured:<br> performance.readdir-ahead: on<br> performance.quick-read: off<br> performance.read-ahead: off<br> performance.io-cache: off<br> performance.stat-prefetch: off<br> cluster.eager-lock: enable<br> network.remote-dio: enable<br> cluster.quorum-type: auto<br> cluster.server-quorum-type: server<br> features.shard: on<br> features.shard-block-size: 64MB<br> storage.owner-uid: 36<br> storage.owner-gid: 36<br> <br> [root@ovirt1 prod 2ddf0d0e-6a7e-4eb9-b1d5-6d7792da0d25]# gluster volume status gv1<br> Status of volume: gv1<br> Gluster process TCP Port RDMA Port Online Pid<br> ------------------------------------------------------------------------------<br> Brick ovirt1-gl.j2noc.com:/ovirt-store/bric<br> k1/gv1 49152 0 Y 2046 <br> Brick ovirt2-gl.j2noc.com:/ovirt-store/bric<br> k1/gv1 49152 0 Y 22532<br> Brick ovirt3-gl.j2noc.com:/ovirt-store/bric<br> k1/gv1 49152 0 Y 59683<br> NFS Server on localhost 2049 0 Y 2200 <br> Self-heal Daemon on localhost N/A N/A Y 2232 <br> NFS Server on ovirt3-gl.j2noc.com 2049 0 Y 65363<br> Self-heal Daemon on ovirt3-gl.j2noc.com N/A N/A Y 65371<br> NFS Server on ovirt2-gl.j2noc.com 2049 0 Y 17621<br> Self-heal Daemon on ovirt2-gl.j2noc.com N/A N/A Y 17629<br> <br> Task Status of Volume gv1<br> ------------------------------------------------------------------------------<br> There are no active volume tasks<br> <br> <br> <br> ??<br> <br> <br> </body> </html> --------------030708060003050100080602--
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114 I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images. [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df (default perms = vdsm:kvm) qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64 Ideas??
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that. On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
Nobody has any ideas or thoughts on how to troubleshoot? why does qemu group work but not kvm when qemu is part of kvm group? [root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
This smells like selinux issues, did yoi try with permissive mode? בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------030301010207060905070006 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit [root@ovirt1 prod ~]# sestatus SELinux status: disabled On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
×ת×ך×× 20 ×××× 2016 7:59 ×××׎׊,â "Bill James" <bill.james@j2.com <mailto:bill.james@j2.com>> ×ת×:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates. --------------030301010207060905070006 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> [root@ovirt1 prod ~]# sestatus<br> SELinux status:                disabled<br> <br> <br> <br> <div class="moz-cite-prefix">On 5/20/16 10:49 AM, Nir Soffer wrote:<br> </div> <blockquote cite="mid:CAMRbyyti9B5b9977Vp0di6QV_Tq-_wf18h_e46KwA9TAOCBEug@mail.gmail.com" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <p dir="ltr">This smells like selinux issues, did yoi try with permissive mode?</p> <div class="gmail_quote">×ת×ך×× 20 ×××× 2016 7:59 ×××׎׊,â "Bill James" <<a moz-do-not-send="true" href="mailto:bill.james@j2.com">bill.james@j2.com</a>> ×ת×:<br type="attribution"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Nobody has any ideas or thoughts on how to troubleshoot?<br> <br> why does qemu group work but not kvm when qemu is part of kvm group?<br> <br> [root@ovirt1 prod vdsm]# grep qemu /etc/group<br> cdrom:x:11:qemu<br> kvm:x:36:qemu,sanlock<br> qemu:x:107:vdsm,sanlock<br> <br> <br> On 5/18/16 3:47 PM, Bill James wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> another data point.<br> Changing just owner to qemu doesn't help.<br> Changing just group to qemu does. VM starts fine after that.<br> <br> <br> <br> On 05/18/2016 11:49 AM, Bill James wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Some added info. This issue seems to be just like this bug:<br> <a moz-do-not-send="true" href="https://bugzilla.redhat.com/show_bug.cgi?id=1052114" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1052114</a><br> <br> I have verified that chown qemu:qemu of disk image also fixes the startup issue.<br> I'm using raw, not qcow images.<br> <br> <br> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df<br> image: 253f9615-f111-45ca-bdce-cbc9e70406df<br> file format: raw<br> virtual size: 20G (21474836480 bytes)<br> disk size: 1.9G<br> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df<br> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df<br> <br> (default perms = vdsm:kvm)<br> <br> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64<br> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64<br> libvirt-daemon-1.2.17-13.el7_2.4.x86_64<br> <br> <br> Ideas??<br> <br> </blockquote> <br> </blockquote> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> </blockquote> <br> <p><a href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail"><span style='color:windowtext; text-decoration:none'><img border=0 width=391 height=46 src="http://home.j2.com/j2_Global_Cloud_Services/j2_Global_Email_Footer.jpg" alt="www.j2.com"></span></a></p> <p><span style='font-size:8.0pt;font-family:"Arial","sans-serif"; color:gray'>This email, its contents and attachments contain information from <a href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail">j2 Global, Inc</a>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 <a href="http://www.j2.com/">j2 Global, Inc</a>. All rights reserved. <a href="http://www.efax.com/">eFax ®</a>, <a href="http://www.evoice.com/">eVoice ®</a>, <a href="http://www.campaigner.com/">Campaigner ®</a>, <a href="http://www.fusemail.com/">FuseMail ®</a>, <a href="http://www.keepitsafe.com/">KeepItSafe ®</a> and <a href="http://www.onebox.com/">Onebox ®</a> are registered trademarks of <a href="http://www.j2.com/">j2 Global, Inc</a>. and its affiliates.</span></p></body> </html> --------------030301010207060905070006--
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode? בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[image: www.j2.com] <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
--------------070303020801020908020608 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit yes [root@ovirt2 prod .shard]# sestatus SELinux status: disabled [root@ovirt3 prod ~]# sestatus SELinux status: disabled On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com <mailto:bill.james@j2.com>> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
×ת×ך×× 20 ×××× 2016 7:59 ×××׎׊,â "Bill James" <bill.james@j2.com <mailto:bill.james@j2.com>> ×ת×:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
www.j2.com <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates. --------------070303020801020908020608 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> yes<br> <br> [root@ovirt2 prod .shard]# sestatus<br> SELinux status:                disabled<br> <br> [root@ovirt3 prod ~]# sestatus<br> SELinux status:                disabled<br> <br> <br> <br> <div class="moz-cite-prefix">On 5/20/16 11:13 AM, Nir Soffer wrote:<br> </div> <blockquote cite="mid:CAMRbyytbtnMU4kmo+zMm8Pd98XbmmDTd+NaFMdXcvmHcVrVKng@mail.gmail.com" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <div dir="ltr"> <div class="gmail_extra"> <div class="gmail_quote">On Fri, May 20, 2016 at 9:02 PM, Bill James <span dir="ltr"><<a moz-do-not-send="true" href="mailto:bill.james@j2.com" target="_blank">bill.james@j2.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> [root@ovirt1 prod ~]# sestatus<br> SELinux status:                disabled</div> </blockquote> <div><br> </div> <div>Same on ovirt2?</div> <div> </div> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div> <div class="h5"><br> <br> <br> <br> <div>On 5/20/16 10:49 AM, Nir Soffer wrote:<br> </div> <blockquote type="cite"> <p dir="ltr">This smells like selinux issues, did yoi try with permissive mode?</p> <div class="gmail_quote">×ת×ך×× 20 ×××× 2016 7:59 ×××׎׊,â "Bill James" <<a moz-do-not-send="true" href="mailto:bill.james@j2.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:bill.james@j2.com">bill.james@j2.com</a></a>> ×ת×:<br type="attribution"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Nobody has any ideas or thoughts on how to troubleshoot?<br> <br> why does qemu group work but not kvm when qemu is part of kvm group?<br> <br> [root@ovirt1 prod vdsm]# grep qemu /etc/group<br> cdrom:x:11:qemu<br> kvm:x:36:qemu,sanlock<br> qemu:x:107:vdsm,sanlock<br> <br> <br> On 5/18/16 3:47 PM, Bill James wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> another data point.<br> Changing just owner to qemu doesn't help.<br> Changing just group to qemu does. VM starts fine after that.<br> <br> <br> <br> On 05/18/2016 11:49 AM, Bill James wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Some added info. This issue seems to be just like this bug:<br> <a moz-do-not-send="true" href="https://bugzilla.redhat.com/show_bug.cgi?id=1052114" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1052114</a><br> <br> I have verified that chown qemu:qemu of disk image also fixes the startup issue.<br> I'm using raw, not qcow images.<br> <br> <br> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df<br> image: 253f9615-f111-45ca-bdce-cbc9e70406df<br> file format: raw<br> virtual size: 20G (21474836480 bytes)<br> disk size: 1.9G<br> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df<br> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df<br> <br> (default perms = vdsm:kvm)<br> <br> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64<br> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64<br> libvirt-daemon-1.2.17-13.el7_2.4.x86_64<br> <br> <br> Ideas??<br> <br> </blockquote> <br> </blockquote> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> </blockquote> <br> </div> </div> <p><a moz-do-not-send="true" href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm..." target="_blank"><span style="color:windowtext;text-decoration:none"><img moz-do-not-send="true" src="http://home.j2.com/j2_Global_Cloud_Services/j2_Global_Email_Footer.jpg" alt="www.j2.com" height="46" border="0" width="391"></span></a></p> <p><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray">This email, its contents and attachments contain information from <a moz-do-not-send="true" href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm..." target="_blank">j2 Global, Inc</a>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 <a moz-do-not-send="true" href="http://www.j2.com/" target="_blank">j2 Global, Inc</a>. All rights reserved. <a moz-do-not-send="true" href="http://www.efax.com/" target="_blank">eFax ®</a>, <a moz-do-not-send="true" href="http://www.evoice.com/" target="_blank">eVoice ®</a>, <a moz-do-not-send="true" href="http://www.campaigner.com/" target="_blank">Campaigner ®</a>, <a moz-do-not-send="true" href="http://www.fusemail.com/" target="_blank">FuseMail ®</a>, <a moz-do-not-send="true" href="http://www.keepitsafe.com/" target="_blank">KeepItSafe ®</a> and <a moz-do-not-send="true" href="http://www.onebox.com/" target="_blank">Onebox ®</a> are ! registere d trademarks of <a moz-do-not-send="true" href="http://www.j2.com/" target="_blank">j2 Global, Inc</a>. and its affiliates.</span></p> </div> </blockquote> </div> <br> </div> </div> </blockquote> <br> <p><a href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail"><span style='color:windowtext; text-decoration:none'><img border=0 width=391 height=46 src="http://home.j2.com/j2_Global_Cloud_Services/j2_Global_Email_Footer.jpg" alt="www.j2.com"></span></a></p> <p><span style='font-size:8.0pt;font-family:"Arial","sans-serif"; color:gray'>This email, its contents and attachments contain information from <a href="http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail">j2 Global, Inc</a>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 <a href="http://www.j2.com/">j2 Global, Inc</a>. All rights reserved. <a href="http://www.efax.com/">eFax ®</a>, <a href="http://www.evoice.com/">eVoice ®</a>, <a href="http://www.campaigner.com/">Campaigner ®</a>, <a href="http://www.fusemail.com/">FuseMail ®</a>, <a href="http://www.keepitsafe.com/">KeepItSafe ®</a> and <a href="http://www.onebox.com/">Onebox ®</a> are registered trademarks of <a href="http://www.j2.com/">j2 Global, Inc</a>. and its affiliates.</span></p></body> </html> --------------070303020801020908020608--
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of: ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode? בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" < <bill.james@j2.com> bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[image: www.j2.com] <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
[image: www.j2.com] <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
attached output from one host. others look similar. On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com <mailto:bill.james@j2.com>> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com <mailto:bill.james@j2.com>> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com <mailto:bill.james@j2.com>> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
www.j2.com <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
www.j2.com <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employeeemail>
This email, its contents and attachments contain information from j2 Global, Inc <http://www.j2.com/?utm_source=j2global&utm_medium=xsell-referral&utm_campaign=employemail>. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc <http://www.j2.com/>. All rights reserved. eFax ® <http://www.efax.com/>, eVoice ® <http://www.evoice.com/>, Campaigner ® <http://www.campaigner.com/>, FuseMail ® <http://www.fusemail.com/>, KeepItSafe ® <http://www.keepitsafe.com/> and Onebox ® <http://www.onebox.com/> are ! registere d trademarks of j2 Global, Inc <http://www.j2.com/>. and its affiliates.
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar.
Your qemu runs as *root*: root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm Here is the output from normal installation: qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group. Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms. Maybe you can configure gluster to treat root as vdsm using option translate-uid 0=36 See http://www.gluster.org/community/documentation/index.php/Translators/feature... But a better solution is to run qemu as qemu. Adding Sahina to advise about gluster configuration. Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote:
Some added info. This issue seems to be just like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1052114
I have verified that chown qemu:qemu of disk image also fixes the startup issue. I'm using raw, not qcow images.
[root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df image: 253f9615-f111-45ca-bdce-cbc9e70406df file format: raw virtual size: 20G (21474836480 bytes) disk size: 1.9G [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df
(default perms = vdsm:kvm)
qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 libvirt-daemon-1.2.17-13.el7_2.4.x86_64
Ideas??
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
I had added user = "root" because we use the import-to-ovirt.pl to move Vms from our old virtual platform to ovirt. My understanding was that was required for the to work. Is that not true or is the import script not worth the headaches caused? (https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/) [root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user /etc/libvirt/qemu.conf user = "root" I'm assuming that's what sets the qemu user. When I first tried using that script without setting "user = root" it didn't work. On 5/20/16 1:16 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar. Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See http://www.gluster.org/community/documentation/index.php/Translators/feature...
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote:
another data point. Changing just owner to qemu doesn't help. Changing just group to qemu does. VM starts fine after that.
On 05/18/2016 11:49 AM, Bill James wrote: > Some added info. This issue seems to be just like this bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1052114 > > I have verified that chown qemu:qemu of disk image also fixes the startup issue. > I'm using raw, not qcow images. > > > [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info 253f9615-f111-45ca-bdce-cbc9e70406df > image: 253f9615-f111-45ca-bdce-cbc9e70406df > file format: raw > virtual size: 20G (21474836480 bytes) > disk size: 1.9G > [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l 253f9615-f111-45ca-bdce-cbc9e70406df > -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 253f9615-f111-45ca-bdce-cbc9e70406df > > (default perms = vdsm:kvm) > > qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 > qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 > libvirt-daemon-1.2.17-13.el7_2.4.x86_64 > > > Ideas?? >
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
On Fri, May 20, 2016 at 11:48 PM, Bill James <bill.james@j2.com> wrote:
I had added user = "root" because we use the import-to-ovirt.pl to move Vms from our old virtual platform to ovirt. My understanding was that was required for the to work. Is that not true or is the import script not worth the headaches caused? (https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/)
I don't know anything about this solution, adding Richard to add more info. If you run 3.6, you can use v2v to import from other systems. Adding Shahar to add into on v2v. Nir
[root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user /etc/libvirt/qemu.conf user = "root"
I'm assuming that's what sets the qemu user.
When I first tried using that script without setting "user = root" it didn't work.
On 5/20/16 1:16 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar.
Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See http://www.gluster.org/community/documentation/index.php/Translators/feature...
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב:
Nobody has any ideas or thoughts on how to troubleshoot?
why does qemu group work but not kvm when qemu is part of kvm group?
[root@ovirt1 prod vdsm]# grep qemu /etc/group cdrom:x:11:qemu kvm:x:36:qemu,sanlock qemu:x:107:vdsm,sanlock
On 5/18/16 3:47 PM, Bill James wrote: > > another data point. > Changing just owner to qemu doesn't help. > Changing just group to qemu does. VM starts fine after that. > > > > On 05/18/2016 11:49 AM, Bill James wrote: >> >> Some added info. This issue seems to be just like this bug: >> https://bugzilla.redhat.com/show_bug.cgi?id=1052114 >> >> I have verified that chown qemu:qemu of disk image also fixes the >> startup issue. >> I'm using raw, not qcow images. >> >> >> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img >> info 253f9615-f111-45ca-bdce-cbc9e70406df >> image: 253f9615-f111-45ca-bdce-cbc9e70406df >> file format: raw >> virtual size: 20G (21474836480 bytes) >> disk size: 1.9G >> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l >> 253f9615-f111-45ca-bdce-cbc9e70406df >> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 >> 253f9615-f111-45ca-bdce-cbc9e70406df >> >> (default perms = vdsm:kvm) >> >> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 >> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 >> libvirt-daemon-1.2.17-13.el7_2.4.x86_64 >> >> >> Ideas?? >> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
maybe the other doc is old but it says: "And a feature I intentionally removed in RHEL 7 was importing KVM → KVM" which is what I am doing. raw disk KVM to ovirt. Yes I can copy the disk image over the top of a ovirt disk image, but the import script seemed cleaner. Does virt-v2v try to convert the KVM image to KVM image or does it just import it? On 5/20/16 2:44 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 11:48 PM, Bill James <bill.james@j2.com> wrote:
I had added user = "root" because we use the import-to-ovirt.pl to move Vms from our old virtual platform to ovirt. My understanding was that was required for the to work. Is that not true or is the import script not worth the headaches caused? (https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/) I don't know anything about this solution, adding Richard to add more info.
If you run 3.6, you can use v2v to import from other systems. Adding Shahar to add into on v2v.
Nir
[root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user /etc/libvirt/qemu.conf user = "root"
I'm assuming that's what sets the qemu user.
When I first tried using that script without setting "user = root" it didn't work.
On 5/20/16 1:16 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar. Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See http://www.gluster.org/community/documentation/index.php/Translators/feature...
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote:
[root@ovirt1 prod ~]# sestatus SELinux status: disabled
Same on ovirt2?
On 5/20/16 10:49 AM, Nir Soffer wrote:
This smells like selinux issues, did yoi try with permissive mode?
בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> כתב: > Nobody has any ideas or thoughts on how to troubleshoot? > > why does qemu group work but not kvm when qemu is part of kvm group? > > [root@ovirt1 prod vdsm]# grep qemu /etc/group > cdrom:x:11:qemu > kvm:x:36:qemu,sanlock > qemu:x:107:vdsm,sanlock > > > On 5/18/16 3:47 PM, Bill James wrote: >> another data point. >> Changing just owner to qemu doesn't help. >> Changing just group to qemu does. VM starts fine after that. >> >> >> >> On 05/18/2016 11:49 AM, Bill James wrote: >>> Some added info. This issue seems to be just like this bug: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1052114 >>> >>> I have verified that chown qemu:qemu of disk image also fixes the >>> startup issue. >>> I'm using raw, not qcow images. >>> >>> >>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img >>> info 253f9615-f111-45ca-bdce-cbc9e70406df >>> image: 253f9615-f111-45ca-bdce-cbc9e70406df >>> file format: raw >>> virtual size: 20G (21474836480 bytes) >>> disk size: 1.9G >>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l >>> 253f9615-f111-45ca-bdce-cbc9e70406df >>> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 >>> 253f9615-f111-45ca-bdce-cbc9e70406df >>> >>> (default perms = vdsm:kvm) >>> >>> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 >>> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 >>> libvirt-daemon-1.2.17-13.el7_2.4.x86_64 >>> >>> >>> Ideas?? >>> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
On Sat, May 21, 2016 at 12:53 AM, Bill James <bill.james@j2.com> wrote:
maybe the other doc is old but it says: "And a feature I intentionally removed in RHEL 7 was importing KVM → KVM" which is what I am doing. raw disk KVM to ovirt.
Yes I can copy the disk image over the top of a ovirt disk image, but the import script seemed cleaner.
Does virt-v2v try to convert the KVM image to KVM image or does it just import it?
ovirt-4.0 beta released 2 days ago support this. One issue, a new package is needed which is not required yet by vdsm, you will have to install it manually from here: https://github.com/oVirt/ovirt-imageio/archive/master.zip To install the package, do: cd ovirt-imageio/common make rpm yum install dist/ovirt-imageio-common-0.1-1.noarch.rpm This issue will be resolved soon. Nir
On 5/20/16 2:44 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 11:48 PM, Bill James <bill.james@j2.com> wrote:
I had added user = "root" because we use the import-to-ovirt.pl to move Vms from our old virtual platform to ovirt. My understanding was that was required for the to work. Is that not true or is the import script not worth the headaches caused?
(https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/)
I don't know anything about this solution, adding Richard to add more info.
If you run 3.6, you can use v2v to import from other systems. Adding Shahar to add into on v2v.
Nir
[root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user /etc/libvirt/qemu.conf user = "root"
I'm assuming that's what sets the qemu user.
When I first tried using that script without setting "user = root" it didn't work.
On 5/20/16 1:16 PM, Nir Soffer wrote:
On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.james@j2.com> wrote:
attached output from one host. others look similar.
Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See
http://www.gluster.org/community/documentation/index.php/Translators/feature...
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
On 5/20/16 11:47 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.james@j2.com> wrote:
yes
[root@ovirt2 prod .shard]# sestatus SELinux status: disabled
[root@ovirt3 prod ~]# sestatus SELinux status: disabled
Can you share output of:
ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu|libvirt' ps auxe | egrep 'qemu|libvirt'
On 5/20/16 11:13 AM, Nir Soffer wrote:
On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.james@j2.com> wrote: > > [root@ovirt1 prod ~]# sestatus > SELinux status: disabled
Same on ovirt2?
> > > > On 5/20/16 10:49 AM, Nir Soffer wrote: > > This smells like selinux issues, did yoi try with permissive mode? > > בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.james@j2.com> > כתב: >> >> Nobody has any ideas or thoughts on how to troubleshoot? >> >> why does qemu group work but not kvm when qemu is part of kvm group? >> >> [root@ovirt1 prod vdsm]# grep qemu /etc/group >> cdrom:x:11:qemu >> kvm:x:36:qemu,sanlock >> qemu:x:107:vdsm,sanlock >> >> >> On 5/18/16 3:47 PM, Bill James wrote: >>> >>> another data point. >>> Changing just owner to qemu doesn't help. >>> Changing just group to qemu does. VM starts fine after that. >>> >>> >>> >>> On 05/18/2016 11:49 AM, Bill James wrote: >>>> >>>> Some added info. This issue seems to be just like this bug: >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1052114 >>>> >>>> I have verified that chown qemu:qemu of disk image also fixes the >>>> startup issue. >>>> I'm using raw, not qcow images. >>>> >>>> >>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img >>>> info 253f9615-f111-45ca-bdce-cbc9e70406df >>>> image: 253f9615-f111-45ca-bdce-cbc9e70406df >>>> file format: raw >>>> virtual size: 20G (21474836480 bytes) >>>> disk size: 1.9G >>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l >>>> 253f9615-f111-45ca-bdce-cbc9e70406df >>>> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 >>>> 253f9615-f111-45ca-bdce-cbc9e70406df >>>> >>>> (default perms = vdsm:kvm) >>>> >>>> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 >>>> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 >>>> libvirt-daemon-1.2.17-13.el7_2.4.x86_64 >>>> >>>> >>>> Ideas?? >>>> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > > This email, its contents and attachments contain information from j2 > Global, Inc. and/or its affiliates which may be privileged, > confidential or > otherwise protected from disclosure. The information is intended to > be for > the addressee(s) only. If you are not an addressee, any disclosure, > copy, > distribution, or use of the contents of this message is prohibited. > If you > have received this email in error please notify the sender by reply > e-mail > and delete the original message and any copies. © 2015 j2 Global, > Inc. All > rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, > KeepItSafe ® > and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its > affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. © 2015 j2 Global, Inc. All rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
On Fri, May 20, 2016 at 02:53:02PM -0700, Bill James wrote:
maybe the other doc is old but it says: "And a feature I intentionally removed in RHEL 7 was importing KVM → KVM" which is what I am doing. raw disk KVM to ovirt.
Yes I can copy the disk image over the top of a ovirt disk image, but the import script seemed cleaner.
Does virt-v2v try to convert the KVM image to KVM image or does it just import it?
Virt-v2v will now refuse to do this at all (except if you "trick" it as I did in my blog posting), but if we allowed it then it would make all kinds of modifications inside the guest which you don't need and have at least the potential to break things. The import-to-ovirt.pl script is/was intended as a simple import script which you should use instead in the case where guests already run on KVM and therefore don't need driver etc conversion/ installation. As Nir said in the other reply, oVirt 4.0 has native import functionality and the import script is not needed at all for KVM -> oVirt imports. Virt-v2v should only be used for foreign hypervisor imports, such as VMware, Xen or Hyper-V to oVirt. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org
thank you very much for the reply. My main question now is does it required to use "user = root" in qemu.conf for the import script to work? I know in my earlier testing I got a permissions error when doing import until I added the root user line. I guess I'll take it out and give it a try. On 05/21/2016 01:52 AM, Richard W.M. Jones wrote:
On Fri, May 20, 2016 at 02:53:02PM -0700, Bill James wrote:
maybe the other doc is old but it says: "And a feature I intentionally removed in RHEL 7 was importing KVM → KVM" which is what I am doing. raw disk KVM to ovirt.
Yes I can copy the disk image over the top of a ovirt disk image, but the import script seemed cleaner.
Does virt-v2v try to convert the KVM image to KVM image or does it just import it? Virt-v2v will now refuse to do this at all (except if you "trick" it as I did in my blog posting), but if we allowed it then it would make all kinds of modifications inside the guest which you don't need and have at least the potential to break things.
The import-to-ovirt.pl script is/was intended as a simple import script which you should use instead in the case where guests already run on KVM and therefore don't need driver etc conversion/ installation.
As Nir said in the other reply, oVirt 4.0 has native import functionality and the import script is not needed at all for KVM -> oVirt imports.
Virt-v2v should only be used for foreign hypervisor imports, such as VMware, Xen or Hyper-V to oVirt.
Rich.
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.
On Mon, May 23, 2016 at 09:00:48AM -0700, Bill James wrote:
thank you very much for the reply. My main question now is does it required to use "user = root" in qemu.conf for the import script to work?
I haven't knowingly modified qemu.conf in my life, so likely the answer is no. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW
I just tried importing using the import script and got this error: [root@ovirt1 prod ~]# import-to-ovirt.pl /mnt/tmp/puppetdb.j2noc.com.disk.xm /rhev/data-center/mnt/j2hqnap02:_vol_ovirt__inside__export_exportTemplates libvirt needs authentication to connect to libvirt URI qemu:///system (see also: http://libvirt.org/auth.html http://libvirt.org/uri.html) Please enter your authentication name: vdsm@ovirt Please enter your password: could not create appliance through libvirt. Try running qemu directly without libvirt using this environment variable: export LIBGUESTFS_BACKEND=direct Original error from libvirt: internal error: process exited while connecting to monitor: 2016-05-24T18:10:21.651694Z qemu-kvm: -drive file=/tmp/libguestfsWx9FbI/overlay1,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=unsafe: Could not open '/tmp/libguestfsWx9FbI/overlay1': Permission denied [code=1 domain=10] at /usr/local/bin/import-to-ovirt.pl line 233. I believe this is the same error that prompted me to use "user = root" in qemu.conf, but sounds like there is a better resolution? [root@ovirt1 prod qemu]# less guestfs-7ogk4gszrvsyv7j7.log 2016-05-24 18:10:21.617+0000: starting up libvirt version: 1.2.17, package: 13.el7_2.4 (CentOS BuildSystem <http://bugs.centos.org>, 2016-03-31-16:56:26, worker1.bsys.centos.org), qemu version: 2.3.0 (qemu-kvm-ev-2.3.0-31.el7_2.4.1) LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none TMPDIR=/var/tmp /usr/libexec/qemu-kvm -name guestfs-7ogk4gszrvsyv7j7 -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu host -m 500 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid ceeecdda-e44e-4227-990d-84261d0161aa -nographic -no-user-config -nodefaults -device sga -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-guestfs-7ogk4gszrvsyv7j7/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-reboot -no-acpi -boot strict=on -kernel /var/tmp/.guestfs-0/appliance.d/kernel -initrd /var/tmp/.guestfs-0/appliance.d/initrd -append panic=1 console=ttyS0 udevtimeout=6000 udev.event-timeout=6000 no_timer_check acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 TERM=screen -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 -drive file=/tmp/libguestfsWx9FbI/overlay1,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=unsafe -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 -drive file=/tmp/libguestfsWx9FbI/overlay2,if=none,id=drive-scsi0-0-1-0,format=qcow2,cache=unsafe -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=1,lun=0,drive=drive-scsi0-0-1-0,id=scsi0-0-1-0 -chardev socket,id=charserial0,path=/tmp/libguestfsWx9FbI/console.sock -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,path=/tmp/libguestfsWx9FbI/guestfsd.sock -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.libguestfs.channel.0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on Domain id=5 is tainted: custom-argv Domain id=5 is tainted: host-cpu 2016-05-24T18:10:21.651694Z qemu-kvm: -drive file=/tmp/libguestfsWx9FbI/overlay1,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=unsafe: Could not open '/tmp/libguestfsWx9FbI/overlay1': Permission denied 2016-05-24 18:10:21.825+0000: shutting down [root@ovirt1 prod ~]# ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep 'qemu-kvm'|head -2 qemu qemu qemu qemu qemu qemu qemu qemu /usr/libexec/qemu-kvm -name billj6-1.j2noc.com -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu SandyBridge -m size=2097152k,slots=16,maxmem=4294967296k -realtime mlock=off -smp 1,maxcpus=16,sockets=16,cores=1,threads=1 -numa node,nodeid=0,cpus=0,mem=2048 -uuid 60ded316-aa18-4eda-9c52-16016d026e1a -smbios type=1,manufacturer=oVirt,product=oVirt Node,version=7-2.1511.el7.centos.2.10,serial=30343536-3138-584D-51.... On 05/23/2016 09:17 AM, Richard W.M. Jones wrote:
On Mon, May 23, 2016 at 09:00:48AM -0700, Bill James wrote:
thank you very much for the reply. My main question now is does it required to use "user = root" in qemu.conf for the import script to work? I haven't knowingly modified qemu.conf in my life, so likely the answer is no.
Rich.
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.
As it says in the error message:
Try running qemu directly without libvirt using this environment variable: export LIBGUESTFS_BACKEND=direct
Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html
participants (3)
-
Bill James -
Nir Soffer -
Richard W.M. Jones