[libvirt-users] the acl mode of files created by libvirtd
by Hao.Zhang
Hi, all
I use virsh save command to dump a domain, the mode is 0600,
and belongs to "root", how can i change the mode?
William
--
That night, I thanked God for seeing me thought the day of days and prayed
I would make it through tomorrow. I also promised that if some day I could
get home again, I would find a nice peaceful town and spend rest of my life
in peace.
12 years
[libvirt-users] [LXC][Openstack] Clarifications needed on usage of libvirt-lxc for openstack
by Sujay M
Hi everyone,
I've some doubts regarding the usage/working of libvirt-lxc with openstack.
I'm doing a project titled "Low density virtualization for Storage cloud"
1. Can i use libvirt for lxc with Openstack swift alone (excluding nova,
glance and keystone)? If no what other openstack components should i use
for virtualization? (Is it necessary to install openstack nova to do
virtualization with libvirt-lxc?)
2. How virtualization for storage services work ? Any good articles.
3. I want to set up a cloud storage environment with low density
virtualization ie lxc. I'm using Openstack swift (Object storage) for
storage services. I want to virtualize this. Few resources on how i can do
this using libvirt-lxc?
--
Best Regards,
Sujay M
Final year B.Tech
Computer Engineering
NITK Surathkal
contact: +918971897571
12 years
[libvirt-users] move VM disk images between storage pools on the same host
by Paul Raines
I created a new LVM type storage pool on my server and would like to move my
VM disk volumes in a directory-based pool into this new pool. But I cannot
figure out how that is done. I find plenty of information on how to migrate
live VM images from one host to another, but not on how to just move one live
from one storage pool to another on the same host.
If it cannot be done live, how an I do it non-live? I guess non-live I could
clone, but that would change the MAC address. Just seems that if libvirt
can migrate live it should be able to move a VM between storage pools
on the same host even easier.
---------------------------------------------------------------
Paul Raines http://help.nmr.mgh.harvard.edu
MGH/MIT/HMS Athinoula A. Martinos Center for Biomedical Imaging
149 (2301) 13th Street Charlestown, MA 02129 USA
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
12 years
[libvirt-users] Updating an "interface" device has no effect on network filters
by Guido Winkelmann
Hi,
I am trying to update the network filters on running guest machines (qemu
backend) without having to restart the domain.
Say I have a running domain "test" with this interface:
<interface type='bridge'>
<mac address='52:54:00:84:6d:6d'/>
<source bridge='virbr1'/>
<model type='virtio'/>
<filterref filter='clean-traffic-with-v6'>
<parameter name='IP' value='172.18.1.9'/>
<parameter name='IPV6' value='fe80::5054:ff:fe84:6d6d'/>
<parameter name='MAC' value='52:54:00:84:6d:6d'/>
</filterref>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Now I want that domain to be able to use an additional IP address for some
reason, so I write a file uppdevice.xml with this content:
<interface type='bridge'>
<mac address='52:54:00:84:6d:6d'/>
<source bridge='virbr1'/>
<model type='virtio'/>
<filterref filter='clean-traffic-with-v6'>
<parameter name='IP' value='172.18.1.9'/>
<parameter name='IP' value='172.18.1.10'/>
<parameter name='IPV6' value='fe80::5054:ff:fe84:6d6d'/>
<parameter name='MAC' value='52:54:00:84:6d:6d'/>
</filterref>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
and run
update-device test-cpu-restrict2 upddevice.xml
in virsh.
This appears to work without problems and produces no error messages (it
prints "Device updated successfully"), except the ebtables script on the host
machine does not get updated after that and consequently, the new IP address
is not usable.
Regards,
Guido
12 years
[libvirt-users] Failed to access console after launching LXC through libvirt
by unicell
Hi,
I'm trying to manage LXC instances through OpenStack, which use libvirt as
a virtualization driver layer. After launching LXC instance, I simply could
not attach to the console.
virsh # list
Id Name State
----------------------------------
14366 instance-00000078 running
virsh # console 14366
Connected to domain instance-00000078
Escape character is ^]
And it keeps stuck here.
Initially I thought it could be a cgroup device config issue, and tried to
"echo ‘c 5:1 rwm'
>/cgroup/devices/libvirt/lxc/instance-00000078/devices.allow“, to add
/dev/console access right to the container. But it does not work, console
stilll not working.
Before the cgroup tweaking, devices.list are as follows
[root@localhost libvirt]# cat
/cgroup/devices/libvirt/lxc/instance-0000007a/devices.list
c 1:3 rwm
c 1:5 rwm
c 1:7 rwm
c 1:8 rwm
c 1:9 rwm
c 5:0 rwm
c 5:2 rwm
c 136:* rwm
I'm not quite sure what kind of issue could possibly cause this console
access issue. Cause I'm now using two different guest OS templates on two
different host OSes. Following are some symptoms I observed.
* (g) for container guest OS
* (h) for host OS
* NOTE: Ubuntu guest os are generated by lxc-create -t ubuntu, which is an
Ubuntu 12.04 based lxc template.
CentOS guest os are handcrafted by myself, taking reference of
http://wiki.1tux.org/wiki/Lxc/Installation/Guest/Centos/6
1. Ubuntu (g) launched by lxc-start on Ubuntu 12.04 host, console works
2. Ubuntu (g) launched by OpenStack / libvirt on Ubuntu 12.04 host,
console works
3. Ubuntu (g) launched by OpenStack / libvirt on CentOS 6.3 host,
console NOT works
4. CentOS (g) launched by lxc-start on Ubuntu 12.04 host, console works
5. CentOS (g) launched by OpenStack / libvirt on Ubuntu12.04 host,
console NOT works
6. CentOS (g) launched by OpenStack / libvirt on CentOS 6.3 host,
console NOT works
So somehow I feel it could be something related to LXC template rootfs, but
Host OS do make a difference (2 vs. 3). lxc-start / libvirt also makes a
difference (4 vs. 5), but that might be caused by cgroup setting.
Could someone shed me some clues to further digging this issue? Thanks!
--
Qiu Yu
12 years
[libvirt-users] A warning about "async message processing ."
by xuanmao_001
Hi, all:
when I used virsh connect host like "virsh connect qemu+tcp://root@ip_address/system",
I had a warning message about "warning: virNetClientIncomingEvent: 1660 : Something went wrong during async message processing"
But I can even operated. Is there a reason can cause the warning?
thanks.
xuanmao_001
12 years
[libvirt-users] OpenStack+libvirt+lxc: lxcContainerGetSubtree:1199 : Failed to read /proc/mounts
by unicell
Hi,
I'm running OpenStack on CentOS 6.3 to manage lxc instances. And running
into series of problem relating libvirt and lxc interaction.
For example, libvirt_lxc segfault (
https://bugzilla.redhat.com/show_bug.cgi?id=874549) which has an upstream
fix. And another bugs such as fail to start when SELinux disabled.
Finally, I decides to adopt libvirt 0.10.2, self compiled
from libvirt-0.10.2-1.fc17.src.rpm. And now coming across following message
when starting lxc container.
lxcContainerGetSubtree:1199 : Failed to read /proc/mounts: No such file or
directory
Could it be something related to my container template setting? Or host
setting? Or simply just another bug? I'm not a libvirt guy, so please, do
shed me some lights on how to fix it. Thanks very much.
libvirtd log with LIBVIRT_DEBUG=1
--
2012-11-08 12:41:10.106+0000: 28362: info : libvirt version: 0.10.2,
package: 1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:41:10.106+0000: 28362: error : virLXCControllerRun:1418 :
error receiving signal from container: Input/output error
2012-11-08 12:41:10.222+0000: 24641: error : virNetDevSetOnline:536 :
Cannot get interface flags on 'veth0': No such device
2012-11-08 12:41:10.227+0000: 24641: error : virNWFilterDHCPSnoopEnd:2131 :
internal error ifname "veth0" not in key map
2012-11-08 12:41:10.229+0000: 24641: error : virNetDevGetIndex:653 : Unable
to get index for interface veth0: No such device
2012-11-08 12:41:10.370+0000: 24640: error : virLXCProcessStop:701 :
internal error Invalid PID -1 for container
2012-11-08 12:41:10.370+0000: 24640: error : virLXCProcessStop:701 :
internal error Invalid PID -1 for container
2012-11-08 12:48:26.136+0000: 30706: info : libvirt version: 0.10.2,
package: 1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:48:26.136+0000: 30706: error : virDomainObjParseNode:10094 :
XML error: unexpected root element <domain>, expecting <domstatus>
2012-11-08 12:48:50.878+0000: 30695: error : virNetSocketReadWire:1176 :
Cannot recv data: Connection reset by peer
2012-11-08 12:48:50.977+0000: 30698: error : virLXCProcessStart:1145 :
internal error guest failed to start: PATH=/bin:/sbin TERM=linux
container=lxc-libvirt container_uuid=ecc871cb-58be-4ae4-b216-a8a62b894a7f
LIBVIRT_LXC_UUID=ecc871cb-58be-4ae4-b216-a8a62b894a7f
LIBVIRT_LXC_NAME=instance-00000077 LIBVIRT_LXC_CMDLINE=console=ttyS0
/sbin/init
2012-11-08 12:48:50.863+0000: 1: info : libvirt version: 0.10.2, package:
1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:48:50.863+0000: 1: error : lxcContainerGetSubtree:1199 :
Failed to read /proc/mounts: No such file or directory
2012-11-08 12:48:50.863+0000: 31202: info : libvirt version: 0.10.2,
package: 1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:48:50.863+0000: 31202: error : virLXCControllerRun:1418 :
error receiving signal from container: Input/output error
2012-11-08 12:48:50.979+0000: 30698: error : virNetDevSetOnline:536 :
Cannot get interface flags on 'veth0': No such device
2012-11-08 12:48:50.984+0000: 30698: error : virNWFilterDHCPSnoopEnd:2131 :
internal error ifname "veth0" not in key map
2012-11-08 12:48:50.986+0000: 30698: error : virNetDevGetIndex:653 : Unable
to get index for interface veth0: No such device
2012-11-08 12:48:51.127+0000: 30695: error : virLXCProcessStop:701 :
internal error Invalid PID -1 for container
2012-11-08 12:48:51.128+0000: 30695: error : virLXCProcessStop:701 :
internal error Invalid PID -1 for container
2012-11-08 12:48:54.709+0000: 30695: error : virNetSocketReadWire:1184 :
End of file while reading data: Input/output error
2012-11-08 12:48:54.710+0000: 30695: error : virNetSocketReadWire:1184 :
End of file while reading data: Input/output error
lxc log
--
tail -f lxc/instance-00000077.log
2012-11-08 12:48:50.723+0000: starting up
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:stderr /usr/libexec/libvirt_lxc
--name instance-00000077 --console 21 --security=none --handshake 24
--background --veth veth1
PATH=/bin:/sbin TERM=linux container=lxc-libvirt
container_uuid=ecc871cb-58be-4ae4-b216-a8a62b894a7f
LIBVIRT_LXC_UUID=ecc871cb-58be-4ae4-b216-a8a62b894a7f
LIBVIRT_LXC_NAME=instance-00000077 LIBVIRT_LXC_CMDLINE=console=ttyS0
/sbin/init
2012-11-08 12:48:50.863+0000: 1: info : libvirt version: 0.10.2, package:
1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:48:50.863+0000: 1: error : lxcContainerGetSubtree:1199 :
Failed to read /proc/mounts: No such file or directory
2012-11-08 12:48:50.863+0000: 31202: info : libvirt version: 0.10.2,
package: 1.el6 (Unknown, 2012-11-08-20:20:52, localhost)
2012-11-08 12:48:50.863+0000: 31202: error : virLXCControllerRun:1418 :
error receiving signal from container: Input/output error
libvirt xml
--
<domain type='lxc'>
<name>instance-00000077</name>
<uuid>ecc871cb-58be-4ae4-b216-a8a62b894a7f</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=ttyS0</cmdline>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source
dir='/home/stack/nova_state/instances/instance-00000077/rootfs'/>
<target dir='/'/>
</filesystem>
<interface type='bridge'>
<mac address='fa:16:3e:40:ec:11'/>
<source bridge='br100'/>
<filterref filter='nova-instance-instance-00000077-fa163e40ec11'>
<parameter name='DHCPSERVER' value='10.48.253.1'/>
<parameter name='IP' value='10.48.253.2'/>
<parameter name='PROJMASK' value='255.255.255.0'/>
<parameter name='PROJNET' value='10.48.253.0'/>
</filterref>
</interface>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
cat /proc/mounts
--
[root@localhost libvirt]# cat /proc/mounts
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
devtmpfs /dev devtmpfs
rw,nosuid,relatime,size=32967000k,nr_inodes=8241750,mode=755 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
/dev/sda2 / ext4 rw,relatime,barrier=1,data=ordered 0 0
/proc/bus/usb /proc/bus/usb usbfs rw,relatime 0 0
/dev/mapper/xenvg-home /home ext4 rw,relatime,barrier=1,data=ordered 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
none /noah/tmp tmpfs rw,relatime,mode=755 0 0
cgroup /cgroup/cpuset cgroup rw,relatime,cpuset 0 0
cgroup /cgroup/cpu cgroup rw,relatime,cpu 0 0
cgroup /cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
cgroup /cgroup/memory cgroup rw,relatime,memory 0 0
cgroup /cgroup/devices cgroup rw,relatime,devices 0 0
cgroup /cgroup/freezer cgroup rw,relatime,freezer 0 0
cgroup /cgroup/net_cls cgroup rw,relatime,net_cls 0 0
cgroup /cgroup/blk_io cgroup rw,relatime,blkio 0 0
cgroup /cgroup/ns cgroup rw,relatime,ns 0 0
/dev/nbd15 /home/stack/nova_state/instances/instance-00000070/rootfs ext3
rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
/dev/nbd14 /home/stack/nova_state/instances/instance-00000071/rootfs ext3
rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
/dev/nbd13 /home/stack/nova_state/instances/instance-00000073/rootfs ext3
rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
/dev/nbd12 /home/stack/nova_state/instances/instance-00000075/rootfs ext3
rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
/dev/nbd11 /home/stack/nova_state/instances/instance-00000076/rootfs ext3
rw,relatime,errors=continue,barrier=1,data=ordered 0 0
/dev/nbd10 /home/stack/nova_state/instances/instance-00000077/rootfs ext3
rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
--
Qiu Yu
12 years
[libvirt-users] Problems when filtering on icmpv6
by Guido Winkelmann
Hi,
I am trying to prevent my qemu guest machines from sending IPv6 router
advertisements over their network device. To that end, I have written this
filter definition:
<filter name='no-ipv6-router-advertisement' chain='root' priority='-690'>
<rule action='drop' direction='out' priority='600'>
<icmpv6 type='134'/>
</rule>
<rule action='drop' direction='out' priority='600'>
<icmpv6 type='153'/>
</rule>
</filter>
As soon as I try to use this filter, though, I get the following error (in
virsh):
error: Error while building firewall: Some rules could not be created for
interface vnet0: Failure to execute command '$IPT -A libvirt-out -m physdev --
physdev-out vnet0 -g FP-vnet0' : 'ip6tables: No chain/target/match by that
name.'.
I am (trying to) use this filter by including it in here:
<filter name='clean-traffic-with-v6' chain='root'>
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-ip-spoofing'/>
<filterref filter='no-dhcp-server'/>
<rule action='accept' direction='out' priority='-650'>
<mac protocolid='ipv4'/>
</rule>
<filterref filter='allow-incoming-ipv4'/>
<filterref filter='no-ipv6-spoofing'/>
<filterref filter='no-ipv6-router-advertisement'/>
<filterref filter='no-dhcpv6-server'/>
<rule action='accept' direction='out' priority='-600'>
<mac protocolid='ipv6'/>
</rule>
<filterref filter='allow-incoming-ipv6'/>
<filterref filter='no-arp-spoofing'/>
<rule action='accept' direction='inout' priority='-500'>
<mac protocolid='arp'/>
</rule>
<filterref filter='no-other-l2-traffic'/>
<filterref filter='qemu-announce-self'/>
</filter>
Without the line
<filterref filter='no-ipv6-router-advertisement'/>
this filter works fine.
When running a domain with this filter without the no-ipv6-router-
advertisement filterref, my ip6tables look like this:
# ip6tables-save
# Generated by ip6tables-save v1.4.13 on Wed Nov 7 17:46:32 2012
*mangle
:PREROUTING ACCEPT [146:12680]
:INPUT ACCEPT [103:9704]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [172:14184]
:POSTROUTING ACCEPT [172:14184]
COMMIT
# Completed on Wed Nov 7 17:46:32 2012
# Generated by ip6tables-save v1.4.13 on Wed Nov 7 17:46:32 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:libvirt-host-in - [0:0]
:libvirt-in - [0:0]
:libvirt-in-post - [0:0]
:libvirt-out - [0:0]
-A INPUT -j libvirt-host-in
-A FORWARD -j libvirt-in
-A FORWARD -j libvirt-out
-A FORWARD -j libvirt-in-post
COMMIT
# Completed on Wed Nov 7 17:46:32 2012
This is with libvirt 0.10.2.
Does anybody have an idea what is happening here or how I could debug this
further?
Regards,
Guido
12 years
[libvirt-users] libvirt with lxc: internal error The 'cpuacct', 'devices' & 'memory' cgroups controllers must be mounted
by unicell
Hi,
I'm running OpenStack to manage LXC instance through libvirt. The same
setting runs perfectly well on Ubuntu 12.04, while on CentOS 6u3, libvirt
dumped following message when starting lxc instance.
virsh -c lxc:/// start instance-00000032
error: internal error The 'cpuacct', 'devices' & 'memory' cgroups
controllers must be mounted
Really appreciated if someone could shed some lights. Seems to some libvirt
/ cgroup settings related.
$ cat /proc/mounts
..
none /cgroup cgroup
rw,relatime,net_prio,perf_event,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset
0 0
..
$ chkconfig --list | grep cg
cgconfig 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cgred 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xml definition
--
<domain type="lxc">
<uuid>252a2dc5-452c-4e9c-a593-8c386c9f47e6</uuid>
<name>instance-00000032</name>
<memory>524288</memory>
<vcpu>2</vcpu>
<os>
<type>exe</type>
<cmdline>console=ttyS0</cmdline>
<init>/sbin/init</init>
</os>
<clock offset="utc"/>
<devices>
<filesystem type="mount">
<source
dir="/home/stack/nova_state/instances/instance-00000032/rootfs"/>
<target dir="/"/>
</filesystem>
<interface type="bridge">
<mac address="fa:16:3e:73:67:54"/>
<source bridge="br100"/>
<filterref filter="nova-instance-instance-00000032-fa163e736754">
<parameter name="IP" value="10.0.0.8"/>
<parameter name="DHCPSERVER" value="10.0.0.1"/>
<parameter name="PROJNET" value="10.0.0.0"/>
<parameter name="PROJMASK" value="255.255.255.0"/>
</filterref>
</interface>
<console type="pty"/>
</devices>
</domain>
Log message with LIBVIRT_DEBUG=1 if that is helpful.
http://pastebin.com/LjZ6Euma
--
Qiu Yu
12 years
