[Users] ovirt VM start fails - Perm Denied error

Dan Kenigsberg danken at redhat.com
Mon Feb 13 14:40:30 UTC 2012


On Mon, Feb 13, 2012 at 08:57:23AM -0500, Keith Robertson wrote:
> On 02/13/2012 08:33 AM, Deepak C Shetty wrote:
> >On 02/13/2012 03:16 PM, Dan Kenigsberg wrote:
> >>On Sun, Feb 12, 2012 at 11:58:05PM +0530, Deepak C Shetty wrote:
> >>>Hi,
> >>>    I have tried this multiple times and i hit the same error.
> >>>
> >>>I have 3 storage domains  created (iso, data and export) all
> >>>connected to the DC with DC status as Up and
> >>>1 host with status as Up and the same (only) host acting as SPM.
> >>>
> >>>I used the engine-iso-uploader utility to upload my .iso to
> >>>the iso domain.
> >>>Created a new VM and attached a vdisk of type sparse (thin-prov) and
> >>>click on "Run Once",
> >>>where i select "Attach CD" and select my .iso, and change boot order
> >>>to boot from CD, then disk.
> >>>
> >>>But i get this error...
> >>>
> >>>VM first-ovirt-vm is down. Exit message internal error process
> >>>exited while connecting to monitor: qemu-kvm: -drive file=/rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw:
> >>>could not open disk image /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso:
> >>>Permission denied .
> >>>
> >>>I am unable to figure out why.. bcos the user.group perms for the
> >>>.iso are fine.
> >>>In fact i logged into the system serving the nfs share and
> >>>added 0777 perms
> >>>still i get the same error. Here is the snip of how the perms for
> >>>.iso look like...
> >>>
> >>>ll /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>>-rwxr-xr-x. 1 vdsm kvm 3757047808 Feb 13 04:24 /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>would you try `ls -lZ` ? Does your /var/log/audit/audit.log shows an
> >>selinux problem? What's `getenforce`? And `getsebool virt_use_nfs`?
> >>
> >>What is `groups qemu`?
> >>Does
> >>    su - qemu -s /bin/bash -c 'strings your.iso'
> >>work for you?
> >>
> >>Regards,
> >>Dan.
> >>
> >>
> >
> >Hello Dan,
> >    Here is the output you requested...
> >
> >[root at llm56 ~]# ls -lZ /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >-rwxr-xr-x. vdsm kvm system_u:object_r:nfs_t:s0       /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >
> >[root at llm56 ~]# getenforce
> >Enforcing
> >
> >[root at llm56 ~]# getsebool virt_use_nfs
> >virt_use_nfs --> off

Vdsm SHOULD configure this to "on" when it first starts, by running

    /usr/sbin/semanage  boolean -m -S targeted -F /dev/stdin  << _EOF
virt_use_nfs=1
_EOF
   /usr/sbin/setsebool virt_use_nfs on

Please try running this as root to understand why it failed. qemu cannot
use NFS when this is off and selinux is enforcing.



> >
> >[root at llm56 ~]# groups qemu
> >qemu : qemu kvm
> >
> >Also `su - qemu -s /bin/bash -c 'strings your.iso'`
> >
> >worked for me.. dumped loads of strings on the screen.
> >
> >_______________________________________________
> >Users mailing list
> >Users at ovirt.org
> >http://lists.ovirt.org/mailman/listinfo/users
> Perhaps I missed that snippet of logs, but is llm56 the hyper-visor?
> 
> Also, here is another litmus test to help shake out some common NFS
> issues.  Do the following from the hyper-visor:
> 1. temporarily give user vdsm in /etc/passwd a login shell (e.g. /bin/bash)
> 2. mkdir /mnt/testmount
> 3. mount <nfs server here>:/path/to/iso/storage/domain /mnt/testmount
> 4. su - vdsm <-- Really important.

unrelated comment:
if you add '-s /bin/bash' you can avoid steps 1 and 8.

> 5. cd 35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111
> 6. touch test.txt
> 7. strings Fedora-16-x86_64-DVD.iso
> 8. reset vdsm in /etc/passwd to nologin
> 
> Do 6 and 7 work?
> 
> Cheers,
> Keith



More information about the Users mailing list