[libvirt-users] some problem with snapshot by libvirt
by xingxing gao
Hi,all,i am using libvirt to manage my vm,in these days i am testing
the libvirt snapshot ,but meet some problem:
the snapshot was created from this command:
snapshot-create-as win7 --disk-only --diskspec
vda,snapshot=external --diskspec hda,snapshot=no
but when i tried to revert from the snapshot which created from the
above command ,i got error below:
virsh # snapshot-revert win7 1338041515 --force
error: unsupported configuration: revert to external disk snapshot not
supported yet
version:
virsh # version
Compiled against library: libvir 0.9.4
Using library: libvir 0.9.4
Using API: QEMU 0.9.4
Running hypervisor: QEMU 1.0.93
10 years
[libvirt-users] libvirt-1.2.0
by cool dharma06
hi,
i am using libvirt-1.2.0 which is installed from source. Which i am using
to launch instance on xen.
its working fine when i am launching vm from the root user. But i am
entered as another user means its throwing the error.
And libvirt is working fine in that user except the creating vm: Please
refer the following things:
eucalyptus@cooldharma06:/opt/i-47FD0798$ virsh -c xen:///
WARNING: gnome-keyring:: couldn't connect to:
/home/dharmalingams/.cache/keyring-r004e7/pkcs11: Permission denied
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh # version
Compiled against library: libvirt 1.2.0
Using library: libvirt 1.2.0
Using API: Xen 1.2.0
Running hypervisor: Xen 4.3.0
virsh # list
Id Name State
----------------------------------------------------
*virsh # create libvirt_sec.xml *
*error: Failed to create domain from libvirt_sec.xml*
*error: access denied*
>From the libvirtd.log:
2014-01-31 09:46:16.329+0000: 27937: error : virAccessDriverPolkitCheck:176
: access denied: Policy kit denied action org.libvirt.api.domain.write from
28281,1877379: exit status 1
2014-01-31 09:46:16.329+0000: 27937: error :
virAccessManagerSanitizeError:203 : access denied
2014-01-31 09:46:16.329+0000: 27937: error :
virAccessManagerSanitizeError:203 : access denied
Suggest me some solution to solve this one.
Thanks & Regards,
cooldharma06.
10 years, 9 months
[libvirt-users] Trouble configuring with macvtap passthrough on Debian Wheezy / Jessie
by Richard Gomes
( Posting again. Correct subject line now! )
Hello,
I'm trying to use macvtap on Debian Wheezy.
Actually, I've installed a recent version of libvirt and qemu from
Jessie, using wheezy-backports.
$ virsh version
Compiled against library: libvirt 1.2.1
Using library: libvirt 1.2.1
Using API: QEMU 1.2.1
Running hypervisor: QEMU 1.7.0
I'm trying to configure a macvtap interface like this:
<interface type='direct'>
<mac address='52:54:00:7b:05:cd'/>
<source dev='eth1' mode='passthrough'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08'
function='0x0'/>
</interface>
The interface eth1 is used exclusively by this VM, so as far as I
understand, mode 'passthrough' is enough since I'd like to "plug" the VM
straight onto a public static IP.
On my /etc/networks/interfaces, I have this:
# start :: define eth1
iface eth1 inet manual
# end :: define eth1
It does not matter whether eth1 is up or down, when I try to start the
VM, I get the following error:
Error starting domain: Cannot create macvlan devices on this
platform: Function not implemented
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 45,
in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 66,
in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1114,
in startup
self._backend.create()
File "/usr/lib/python2.7/dist-packages/libvirt.py", line 866, in
create
if ret == -1: raise libvirtError ('virDomainCreate() failed',
dom=self)
libvirtError: Cannot create macvlan devices on this platform:
Function not implemented
Trying to solve the issue, I found this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737097
I've tried to rebuild the package from Debian sources, but apparently,
macvtap is already defined, as I've reported to another mailing list.
For your information:
> I'm new to building packages from Debian sources, so I followed
> instructions from
>
> https://wiki.debian.org/HowToPackageForDebian#Building_Debian_packages
>
> $ apt-get -t wheezy-backports source libvirt
> $ cd libvirt-0.9.12.3/
> $ sudo apt-get build-dep libvirt
> $ debuild -i -us -uc -b
>
> So... yes, it works and builds without any errors.
>
> Next step now is applying the changes mentioned.
> But I'm confused because /apparently/ debian/rules is already the way
> it should be.
>
> ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
> WITH_STORAGE_LVM = --with-storage-lvm
> WITH_STORAGE_ISCSI = --with-storage-iscsi
> WITH_STORAGE_DISK = --with-storage-disk
> WITH_UDEV = --with-udev --without-hal
> WITH_CAPNG = --with-capng
> WITH_POLKIT = --with-polkit
> * WITH_MACVTAP = --with-macvtap**
> ** WITH_NETWORK = --with-network**
> * WITH_QEMU = --with-qemu
> WITH_OPENVZ = --with-openvz
> WITH_NETCF = --with-netcf
> ifneq (,$(findstring $(DEB_HOST_ARCH), amd64 i386 ia64 mips mipsel powerpc))
> WITH_NUMA = --with-numactl
> else
> WITH_NUMA = --without-numactl
> endif
> ifneq (,$(findstring $(DEB_HOST_ARCH), ia64))
> WITH_LXC = --without-lxc
> else
> WITH_LXC = --with-lxc
> endif
> else
> WITH_STORAGE_LVM = --without-storage-lvm
> WITH_STORAGE_ISCSI = --without-storage-iscsi
> WITH_STORAGE_DISK = --without-storage-disk
> WITH_UDEV = --without-udev --with-hal
> WITH_CAPNG = --without-capng
> WITH_POLKIT = --without-polkit
> * WITH_MACVTAP = --without-macvtap**
> ** WITH_NETWORK = --without-network**
> * WITH_QEMU = --without-qemu
> WITH_LXC = --without-lxc
> WITH_NUMA = --without-numactl
> WITH_NETCF = --without-netcf
> endif
>
>
> I suppose that nothing has to be changed, correct? ... since the
> _/then/_ branch already has the change mentioned and the _/else/_
> branch probably means that nothing related to networking would be
> enabled anyway.
>
> Am I missing something ?
Thoughts?
Thanks a lot :)
--
Richard Gomes
http://rgomes.info
http://www.linkedin.com/in/rgomes
mobile: +44(77)9955-6813
inum <http://www.inum.net/>: +883(5100)0800-9804
sip:rgomes@ippi.fr
10 years, 9 months
[libvirt-users] intel quad gigabit nic and pci passthrough
by Ivan Kabaivanov
Hi all
I have a very weird case of pci passthrough.
I have a machine with 7 network interfaces, all of them intel. Four of them are on one quad giga ethernet device. If I manually unbind the devices and allow qemu to use them, with intel IOMMU working, everything works like a charm. Here's how I do it manually:
root@kybrat (x86_64) ~]$ lspci -nn | grep net
00:19.0 Ethernet controller [0200]: Intel Corporation 82579V Gigabit Network Connection [8086:1503] (rev 06)
02:00.0 Ethernet controller [0200]: Intel Corporation 82572EI Gigabit Ethernet Controller (Copper) [8086:107d] (rev 06)
05:00.0 Ethernet controller [0200]: Intel Corporation 82571EB Gigabit Ethernet Controller [8086:10a4] (rev 06)
05:00.1 Ethernet controller [0200]: Intel Corporation 82571EB Gigabit Ethernet Controller [8086:10a4] (rev 06)
06:00.0 Ethernet controller [0200]: Intel Corporation 82571EB Gigabit Ethernet Controller [8086:10a4] (rev 06)
06:00.1 Ethernet controller [0200]: Intel Corporation 82571EB Gigabit Ethernet Controller [8086:10a4] (rev 06)
0c:00.0 Ethernet controller [0200]: Intel Corporation 82572EI Gigabit Ethernet Controller (Copper) [8086:107d] (rev 06)
echo "8086 10a4" > /sys/bus/pci/drivers/pci-stub/new_id
echo "8086 107d" > /sys/bus/pci/drivers/pci-stub/new_id
echo "0000:05:00.0" > /sys/bus/pci/devices/0000\:05\:00.0/driver/unbind
echo "0000:05:00.0" > /sys/bus/pci/drivers/pci-stub/bind
echo "0000:05:00.1" > /sys/bus/pci/devices/0000\:05\:00.1/driver/unbind
echo "0000:05:00.1" > /sys/bus/pci/drivers/pci-stub/bind
echo "0000:06:00.0" > /sys/bus/pci/devices/0000\:06\:00.0/driver/unbind
echo "0000:06:00.0" > /sys/bus/pci/drivers/pci-stub/bind
echo "0000:06:00.1" > /sys/bus/pci/devices/0000\:06\:00.1/driver/unbind
echo "0000:06:00.1" > /sys/bus/pci/drivers/pci-stub/bind
echo "0000:0c:00.0" > /sys/bus/pci/devices/0000\:0c\:00.0/driver/unbind
echo "0000:0c:00.0" > /sys/bus/pci/drivers/pci-stub/bind
qemu-system-i386 -enable-kvm \
-m 2048 \
-cpu host \
-machine pc-q35-1.6 \
-drive file=/media/virtual/krym.qcow2,if=virtio \
-net none \
-device pci-assign,host=06:00.1,rombar=0 \
-device pci-assign,host=05:00.0,rombar=0 \
-device pci-assign,host=06:00.0,rombar=0 \
-device pci-assign,host=05:00.1,rombar=0 \
-device pci-assign,host=0c:00.0,rombar=0 \
-cdrom /media/virtual/asg-9.107-33.1.iso \
-boot c \
-vnc :0 \
-runas virtual \
-monitor unix:/media/virtual/control/krym/monitor,server,nowait \
-rtc base=localtime,clock=host,driftfix=none
This starts qemu and pci passthrough works nicely.
Now, if I try to do the same thing through libvirt, virt-install doesn't like the quad ethernet device pci passthrough and I get the error below:
virt-install --name=krym --ram=2048 --vcpus=1 --cpu=host --import --os-type=linux --disk path=/media/virtual/krym.qcow2,format=qcow2,bus=virtio --nonetworks --graphics vnc,port=5900 --virt-type=kvm --machine=q35 --accelerate --host-device=pci_0000_06_00_1 --host-device=pci_0000_05_00_0 --host-device=pci_0000_06_00_0 --host-device=pci_0000_05_00_1 --host-device=pci_0000_0c_00_0
Starting install...
ERROR Requested operation is not valid: PCI device 0000:06:00.1 is not assignable
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start krym
otherwise, please restart your installation.
If I try to use just one NIC (any NIC, as long as it's not the quad NIC), things do work:
virt-install --name=krym --ram=2048 --vcpus=1 --cpu=host --import --os-type=linux --disk path=/media/virtual/krym.qcow2,format=qcow2,bus=virtio --nonetworks --graphics vnc,port=5900 --virt-type=kvm --machine=q35 --accelerate --host-device=pci_0000_0c_00_0
Starting install...
Creating domain... | 0 B 00:00:01
Cannot open display:
Run 'virt-viewer --help' to see a full list of available command line options
Domain creation completed. You can restart your domain by running:
virsh --connect qemu:///system start krym
So I guess libvirt has some problem with the intel quad NIC.
I will appreciate any help.
Thanks,
IvanK.
10 years, 9 months
[libvirt-users] Libvirt Error Creating VMs for Nimbus Cloud
by Joshua McKee
Hello,
I am having an issue with libvirt in my Nimbus cloud setup. When I use the
Nimbus VM creation test scripts on a VMM node (using libvirt), the VM is
created without a problem. However, when I attempt to create a new VM using
Nimbus (which then tries to create the VM on the VMM node), I encounter the
following error:
---------------------------------------------------------------------------------------------------------------------------------------------
$ ./nimbus-cloud-client-022/bin/cloud-client.sh --run --name testimage
--hours 1
Launching workspace.
Workspace Factory Service:
https://yellow:8443/wsrf/services/WorkspaceFactoryService
Creating workspace "vm-035"... done.
IP address: 172.29.99.20
Hostname: pub02
Start time: Fri Jan 31 13:48:57 MST 2014
Shutdown time: Fri Jan 31 14:48:57 MST 2014
Termination time: Fri Jan 31 14:50:57 MST 2014
Waiting for updates.
Problem with vm-035: Unexpected issue
STDERR: 2014-01-31 13:48:44,412 - WARNING - no qemu_img configuration,
copy-on-write support is disabled
libvir: QEMU error : Domain not found: no domain with matching name
'wrksp-33'
libvir: error : An error occurred, but the cause is unknown
2014-01-31 13:48:45,587 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
2014-01-31 13:48:45,587 - ERROR - An error occurred, but the cause is
unknown
Traceback (most recent call last):
File
"/opt/nimbus/src/python/workspacecontrol/defaults/lvrt/lvrt_common.py",
line 123, in create
newvm = self._vmm().createXML(xml, 0)
File "/usr/lib/python2.7/dist-packages/libvirt.py", line 2189, in
createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed',
conn=self)
libvirtError: An error occurred, but the cause is unknown
2014-01-31 13:48:45,589 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
Traceback (most recent call last):
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 155, in _common_withnetsecurity
_common_withtmplease(nic_set, kernel, local_file_set, c, netsecurity,
platform, justprint)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 174, in _common_withtmplease
platform.create(local_file_set, nic_set, kernel)
File
"/opt/nimbus/src/python/workspacecontrol/defaults/lvrt/lvrt_common.py",
line 128, in create
raise UnexpectedError(shorterr)
UnexpectedError: Problem creating the VM: An error occurred, but the cause
is unknown
2014-01-31 13:48:45,589 - ERROR - Creation problem: going to back out tmp
space lease
2014-01-31 13:48:45,589 - ERROR - Backed out tmp space lease
2014-01-31 13:48:45,589 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
Traceback (most recent call last):
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 137, in _common_withnetbootstrap
_common_withnetsecurity(vm_name, nic_set, kernel, local_file_set, p, c,
netsecurity, platform, justprint)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 164, in _common_withnetsecurity
raise e
UnexpectedError: Problem creating the VM: An error occurred, but the cause
is unknown
2014-01-31 13:48:45,589 - ERROR - Creation problem: going to back out net
security
2014-01-31 13:48:45,606 - ERROR - Backed out net security
2014-01-31 13:48:45,606 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
Traceback (most recent call last):
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 119, in _common_withnics
_common_withnetbootstrap(vm_name, nic_set, kernel, local_file_set, p,
c, netsecurity, platform, justprint)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 146, in _common_withnetbootstrap
raise e
UnexpectedError: Problem creating the VM: An error occurred, but the cause
is unknown
2014-01-31 13:48:45,607 - ERROR - Creation problem: going to back out net
bootstrap
2014-01-31 13:48:45,607 - ERROR - Backed out net bootstrap
2014-01-31 13:48:45,607 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
Traceback (most recent call last):
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 96, in _common
_common_withnics(vm_name, nic_set, kernel, local_file_set, p, c,
localnet, netbootstrap, netsecurity, platform, justprint)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 128, in _common_withnics
raise e
UnexpectedError: Problem creating the VM: An error occurred, but the cause
is unknown
2014-01-31 13:48:45,607 - ERROR - Creation problem: going to back out net
leases
2014-01-31 13:48:45,607 - ERROR - Backed out net leases
2014-01-31 13:48:45,608 - ERROR - Problem creating the VM: An error
occurred, but the cause is unknown
Traceback (most recent call last):
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core.py", line 79,
in core
_core(vm_name, action, p, c)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core.py", line 168,
in _core
wc_core_creation.create(vm_name, p, c, async, editing, images, kernels,
localnet, netbootstrap, netlease, netsecurity, persistence, platform)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 16, in create
_create_local(vm_name, p, c, async, editing, images, kernels, localnet,
netbootstrap, netlease, netsecurity, persistence, platform)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 31, in _create_local
_common(local_file_set, vm_name, p, c, editing, kernels, localnet,
netbootstrap, netlease, netsecurity, persistence, platform,
justprint=justprint)
File "/opt/nimbus/src/python/workspacecontrol/main/wc_core_creation.py",
line 107, in _common
raise e
UnexpectedError: Problem creating the VM: An error occurred, but the cause
is unknown
Problem executing: Problem creating the VM: An error occurred, but the
cause is unknown
Exiting with error code: 4
Workspace "vm-035" did NOT reach target state "Running"
Problem running 'vm-035'.
---------------------------------------------------------------------------------------------------------------------------------------------
I checked /var/log/libvirtd.log, and found the following:
---------------------------------------------------------------------------------------------------------------------------------------------
2014-01-31 20:48:39.311+0000: 2888: info : libvirt version: 0.9.8
2014-01-31 20:48:39.311+0000: 2888: error : virNetSocketReadWire:1006 : End
of file while reading data: Input/output error
---------------------------------------------------------------------------------------------------------------------------------------------
I don't know if this is relevant, but I also noticed this warning when
creating the VM through the test scripts mentioned above:
---------------------------------------------------------------------------------------------------------------------------------------------
2014-01-31 05:41:44.018+0000: 1351: warning : qemuDomainObjTaint:1134 :
Domain id=1 name='control-test' uuid=95f2d398-6b98-5359-7597-b0f596aae996
is tainted: high-privileges
---------------------------------------------------------------------------------------------------------------------------------------------
I assumed this was a permissions issue, but I double checked and everything
seems in order. I did not have this issue on my previous Nimbus cloud setup.
Thanks,
Josh
10 years, 9 months
[libvirt-users] Looks like blockpull does not accept a subset of the entire chain of backing files
by Richard Gomes
Hello
If I'm not terribly mistaken, looks like libvirt 1.2.1 does not provide
ability of merging only a subset of the entire chain of backing files.
So, if I have a chain like this:
root <- a <-b <- c <- d <- active
... and I'd like to obtain a chain like this:
root <- c <- d <- active
... looks like it's not supported, since I'm trying the command
/ //virsh blockpull domain --path /path/to/c
--bandwidth 30 --base /path/to/root// (1)
/
... but it complains because /--path /path/to/c/ is not recognized,
since only /--path /path/to/active/ is acceptable:
/ //virsh blockpull domain --path /path/to/active
--bandwidth 30 --base /path/to/root// (2)
/
So, command (1) fails but command (2) succeeds.
The point is: How could I obtain the results I'm trying to achieve via
command (1) ?
I'm new to libvirt, but the article below made me think that what I'm
trying to do would be possible:
http://kashyapc.fedorapeople.org/virt/lc-2012/snapshots-handout.html (
see section on /blockpull/ )
Thoughts?
For your information, my environment is:
Compiled against library: libvirt 1.2.1
Using library: libvirt 1.2.1
Using API: QEMU 1.2.1
Running hypervisor: QEMU 1.7.0
Running against daemon: 1.2.1
Thanks
--
Richard Gomes
http://rgomes.info
http://www.linkedin.com/in/rgomes
mobile: +44(77)9955-6813
inum <http://www.inum.net/>: +883(5100)0800-9804
sip:rgomes@ippi.fr
10 years, 9 months
[libvirt-users] Dynamically setting permanent memory libvirt-lxc
by mallu mallu
I'm trying to permanently change memory allocation for a libvirt-lxc domain. So far I tried changing memory in memory.limit_in_bytes under /cgroup/memory/libvirt/lxc/<container>/. This didn't help. It appears that libvirt is not reading changes in cgroup.
My requirements are
1) Be able to dynamically change memory of a LXC domain without reboot
2) The memory change must survive LXC domain reboot.
Any help would be greatly appreciated
10 years, 9 months
[libvirt-users] libvirt-sandbox question.
by Christopher Stone
I hope this question isn't considered too off topic for this list, I am
trying to reach the libvirt-sandbox developers, but I could not find a
libvirt-sandbox specific mailing list, and it seemed to me that
libvirt-sandbox was a part of libvirt itself.
I am trying to port libvirt-sandbox to run on a CentOS 6.5 system. This
wasn't too hard but, I had to do the following:
I have used the CentOS repo addon ElRepo to upgrade the kernel to 3.10.28.
CentOS normally runs a 2.6.32 kernel.
I upgraded glib2 from 2.36 to 2.38.2. I did this by building 2.38.2 from
source and installing it into /usr/local. Thus, the 2.36 version still
exists in /lib64 and the normal CentOS applications use this version.
I built libvirt 1.2.1 from source and installed it into /usr/local. I used:
./configure --with-lxc --with-selinux --with-secdriver-selinux
--prefix=/usr/local
I built libvirt-glib 0.1.7 from source and installed it into /usr/local. I
used:
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --prefix=/usr/local
I build libvirt-sandbox 0.5.1 from source and installed it into /usr/local.
I used:
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure
As a test, I am able to run the libvirt lxc helloworld example:
[root@scwnet1 lxc_helloworld]# virsh -c lxc:/// define helloworld.xml
Domain helloworld defined from helloworld.xml
[root@scwnet1 lxc_helloworld]# virsh -c lxc:/// start helloworld
Domain helloworld started
[root@scwnet1 lxc_helloworld]# virsh -c lxc:/// list
Id Name State
----------------------------------------------------
9819 helloworld running
[root@scwnet1 lxc_helloworld]# virsh -c lxc:/// console helloworld
Connected to domain helloworld
Escape character is ^]
sh-4.1# exit
exit
Next, I try to use libvirt-sandbox, and I get the following error:
[root@scwnet1 tests]# /usr/local/bin/virt-sandbox -c lxc:/// /bin/sh
Unable to start sandbox: Failed to create domain: unsupported
configuration: Unable to find security driver for label selinux
My libvirt config.log shows the SELinux security driver as yes:
configure:71172: Configuration summary
configure:71174: =====================
configure:71176:
configure:71178: Drivers
configure:71180:
configure:71182: Xen: no
configure:71184: QEMU: yes
configure:71186: UML: yes
configure:71188: OpenVZ: yes
configure:71190: VMware: yes
configure:71192: VBox: yes
configure:71194: XenAPI: no
configure:71196: xenlight: no
configure:71198: LXC: yes
configure:71200: PHYP: no
configure:71202: ESX: yes
configure:71204: Hyper-V: no
configure:71206: Parallels: yes
configure:71208: Test: yes
configure:71210: Remote: yes
configure:71212: Network: yes
configure:71214: Libvirtd: yes
configure:71216: Interface: yes
configure:71218: macvtap: yes
configure:71220: virtport: yes
configure:71222:
configure:71224: Storage Drivers
configure:71226:
configure:71228: Dir: yes
configure:71230: FS: yes
configure:71232: NetFS: yes
configure:71234: LVM: yes
configure:71236: iSCSI: yes
configure:71238: SCSI: yes
configure:71240: mpath: yes
configure:71242: Disk: yes
configure:71244: RBD: no
configure:71246: Sheepdog: no
configure:71248: Gluster: no
configure:71250:
configure:71252: Security Drivers
configure:71254:
configure:71256: SELinux: yes (/sys/fs/selinux)
configure:71258: AppArmor: no (install profiles: no)
configure:71260:
configure:71262: Driver Loadable Modules
configure:71264:
configure:71267: dlopen: -ldl
configure:71273:
configure:71275: Libraries
configure:71277:
configure:71296: apparmor: no
configure:71326: attr: yes (CFLAGS='' LIBS='-lattr')
configure:71356: audit: yes (CFLAGS='' LIBS='-laudit')
configure:71386: avahi: yes (CFLAGS='-D_REENTRANT '
LIBS='-lavahi-common -lavahi-client ')
configure:71416: blkid: yes (CFLAGS='-I/usr/include/blkid
-I/usr/include/uuid ' LIBS='-lblkid ')
configure:71446: capng: yes (CFLAGS='' LIBS='-lcap-ng')
configure:71476: curl: yes (CFLAGS='-DCURL_DISABLE_TYPECHECK '
LIBS='-lcurl ')
configure:71506: dbus: no
configure:71536: fuse: no
configure:71566: glusterfs: no
configure:71596: hal: no
configure:71626: netcf: yes (CFLAGS=' ' LIBS='-lnetcf ')
configure:71656: numactl: yes (CFLAGS='' LIBS='-lnuma')
configure:71686: openwsman: no
configure:71716: pciaccess: yes (CFLAGS=' ' LIBS='-lpciaccess ')
configure:71746: readline: yes (CFLAGS='' LIBS='-lreadline')
configure:71776: sanlock: yes (CFLAGS='' LIBS='-lsanlock_client')
configure:71806: sasl: yes (CFLAGS='' LIBS='-lsasl2')
configure:71836: selinux: yes (CFLAGS='' LIBS='-lselinux')
configure:71866: ssh2: no
configure:71897: udev: yes (CFLAGS=' ' LIBS='-ludev ')
configure:71927: yajl: yes (CFLAGS='' LIBS='-lyajl')
configure:71940: libxml: -I/usr/include/libxml2 -lxml2
configure:71942: dlopen: -ldl
configure:71948: openwsman: no
configure:71952: gnutls: -DGCRYPT_NO_DEPRECATED -lgnutls -lgcrypt
configure:71958: firewalld: no
configure:71965: polkit: /usr/bin/pkcheck (version 1)
configure:71976: xen: no
configure:71983: xenapi: no
configure:71990: xenlight: no
configure:71994: pcap: -lpcap
configure:72001: nl: -lnl
configure:72011: mscom: no
configure:72015: xdr:
configure:72025: rbd: no
configure:72029:
configure:72031: Test suite
configure:72033:
configure:72035: Coverage: no
configure:72037: Alloc OOM: no
configure:72039:
configure:72041: Miscellaneous
configure:72043:
configure:72045: Debug: yes
configure:72047: Use -Werror: no
My libvirt capabilites shows this:
[root@scwnet1 tests]# virsh -c lxc:/// capabilities
<capabilities>
<host>
<uuid>20b4e77c-3fb8-dc11-968d-c8600070189e</uuid>
<cpu>
<arch>x86_64</arch>
</cpu>
<power_management>
<suspend_mem/>
<suspend_disk/>
</power_management>
<topology>
<cells num='1'>
<cell id='0'>
<memory unit='KiB'>8334880</memory>
<cpus num='4'>
<cpu id='0' socket_id='0' core_id='0' siblings='0-1'/>
<cpu id='1' socket_id='0' core_id='1' siblings='0-1'/>
<cpu id='2' socket_id='0' core_id='2' siblings='2-3'/>
<cpu id='3' socket_id='0' core_id='3' siblings='2-3'/>
</cpus>
</cell>
</cells>
</topology>
<secmodel>
<model>none</model>
<doi>0</doi>
</secmodel>
</host>
<guest>
<os_type>exe</os_type>
<arch name='x86_64'>
<wordsize>64</wordsize>
<emulator>/usr/local/libexec/libvirt_lxc</emulator>
<domain type='lxc'>
</domain>
</arch>
</guest>
<guest>
<os_type>exe</os_type>
<arch name='i686'>
<wordsize>32</wordsize>
<emulator>/usr/local/libexec/libvirt_lxc</emulator>
<domain type='lxc'>
</domain>
</arch>
</guest>
</capabilities>
I am not sure if secmodel none is the problem.
Can someone give me some direction on how to fix this?
Cheers,
Chris.
10 years, 9 months
[libvirt-users] dropping capabilities in lxc containers
by Thierry Parmentelat
Hi there
I’m not quite proficient with libvirt yet, and have been using it so far primarily to manage lxc containers
I was hoping to find a means to configure the set of capabilities that guests should drop, but came across a few web pages suggesting these were set in stone in the code
is this correct, or is there a means to tweak this set from the host via the xml config or a virsh command ?
any hint / pointer to documentation in this respect would be most appreciated
— Thierry
10 years, 9 months
[libvirt-users] Libvirt-LXC + systemd + user namespace
by Jan Olszak
Hi there!
I am trying to turn on user namespace by adding following lines to the
config:
<idmap>
<uid start='0' target='0' count='100000'/>
<gid start='0' target='0' count='100000'/>
</idmap>
As you can see the root in container is mapped to the root outside. I was
expected to see no difference after adding this lines, but unfortunately
there are some (see details below).
Am I missing something or is there a problem with system, libvirt or kernel?
Full libvirt config:
<domain type='lxc'>
<name>test_with_idmap</name>
<memory>102400</memory>
<os>
<type>exe</type>
<init>/usr/lib/systemd/systemd</init>
</os>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<idmap>
<uid start='0' target='0' count='100000'/>
<gid start='0' target='0' count='100000'/>
</idmap>
<devices>
<console type='pty'/>
<filesystem type='mount'>
<source dir='/guest'/>
<target dir='/'/>
</filesystem>
</devices>
</domain>
root:~> uname -a
Linux localhost 3.10.19-01077-g4a19d28-dirty #5 SMP PREEMPT Mon Jan 13
12:56:09 CET 2014 armv7l GNU/Linux
root:~> libvirtd --version
libvirtd (libvirt) 1.2.1
root:~> systemd --version
systemd 204
After adding idmap to config systemd can't start many of its services, in
particular:
Failed to mount Debug File System.
Failed to mount Configuration File System.
Failed to mount FUSE Control File System.
Failed to start udev Kernel Device Manager.
Failed to start Remount Root and Kernel File Systems.
Failed to start Journal Service.
systemctl status says:
ExecMount=/bin/mount debugfs /sys/kernel/debug -t debugfs (code=exited,
status=32)
ExecMount=/bin/mount configfs /sys/kernel/config -t configfs (code=exited,
status=32) ExecMount=/bin/mount fusectl /sys/fs/fuse/connections -t fusectl
(code=exited, status=32) ExecStart=/usr/lib/systemd/systemd-udevd
(code=exited,status=206/OOM_ADJUST)
ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited,status=1/FAILURE)
ExecStart=/usr/lib/systemd/systemd-journald (code=exited,
status=218/CAPABILITIES)
Thanks!
10 years, 9 months
