[libvirt-users] How to enable apparmor security driver for libvirt
by Jackie
Hi guys,
I want to enable apparmor security driver for my libvirt env with ubuntu os.
What I do is as following:
First, I got the source code and compile it.
ubuntu@ubuntu:~/github$git clone git://libvirt.org/libvirt.git
ubuntu@ubuntu:~/github/libvirt$ dpkg -l|grep apparmor
ii apparmor 2.8.95~2430-0ubuntu5 amd64 User-space parser utility for
AppArmor
ii libapparmor-dev:amd64 2.8.95~2430-0ubuntu5.1 amd64 AppArmor
development libraries and header files
ii libapparmor-perl 2.8.95~2430-0ubuntu5 amd64 AppArmor library Perl
bindings
ii libapparmor1:amd64 2.8.95~2430-0ubuntu5.1 amd64 changehat AppArmor
library
ubuntu@ubuntu:~/github/libvirt$./autogen.sh --system --with-apparmor
ubuntu@ubuntu:~/github/libvirt$make -j8
ubuntu@ubuntu:~/github/libvirt$sudo make install
Then I configure the apparmor (security_driver = "apparmor") in
/etc/libvirt/qemu.conf, and restart libvirtd.
I thought this may be ok. But it turned out that apparmor security
driver is not loaded for my libvirt:
The output of "virsh capabilities | grep apparmor" is None.
What's the problem?
Best Regards~
Jackie
10 years
[libvirt-users] Cannot find suitable CPU model for given data
by mb
Hello all,
I have a new Sun fire X4140 server with two amd opteron 2435 CPUs running
debian jessie, libvirt 1.2.9-3, virtinst 1.0.1-3, qemu/kvm 2.1. When
attempting to create virtual machines (with --debug), I receive this:
[Thu, 20 Nov 2014 13:56:36 virt-install 1842] DEBUG (cli:234) File
"/usr/share/virt-manager/virt-install", line 876, in <module>
sys.exit(main())
File "/usr/share/virt-manager/virt-install", line 870, in main
start_install(guest, continue_inst, options)
File "/usr/share/virt-manager/virt-install", line 588, in start_install
fail(e, do_exit=False)
File "/usr/share/virt-manager/virtinst/cli.py", line 234, in fail
logging.debug("".join(traceback.format_stack()))
[Thu, 20 Nov 2014 13:56:36 virt-install 1842] ERROR (cli:235) internal
error: Cannot find suitable CPU model for given data
[Thu, 20 Nov 2014 13:56:36 virt-install 1842] DEBUG (cli:237)
Traceback (most recent call last):
File "/usr/share/virt-manager/virt-install", line 560, in start_install
dom = guest.start_install(meter=meter, noboot=options.noreboot)
File "/usr/share/virt-manager/virtinst/guest.py", line 403, in
start_install
noboot)
File "/usr/share/virt-manager/virtinst/guest.py", line 467, in
_create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib/python2.7/dist-packages/libvirt.py", line 3440, in
createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: internal error: Cannot find suitable CPU model for given data
[Thu, 20 Nov 2014 13:56:36 virt-install 1842] DEBUG (cli:248) Domain
installation does not appear to have been successful.
svm and svm_lock are present in /proc/cpuinfo, in the initial output of
virt-install with --debug, it says it will use the proper cpu:
<cpu mode="custom" match="exact">
<model>Opteron_G3</model>
</cpu>
I've tried using --cpu host, --cpu best, --cpu Opteron_G3, all fail with
the same error. Anyone know what I can do here? I'd like to stick with KVM,
but maybe Xen would work? I'm not sure if this error is coming from
libvirt, or KVM itself.
Thanks!
mb
10 years
[libvirt-users] maxvcpus
by Laszlo Hornyak
Hi list,
According to the libvirt documentation [1]
"Show maximum number of virtual CPUs for guest domains on this connection"
This may not be a complete definition.
My first guess from the above was that this returns the number of virtual
CPUs that can exist at the same time on the host, either one or several
VMs. In fact it returned 16 in my fedora 20 desktop running with KVM, while
this is not the real limit of vCPUs. I can define a VM with more than 16
vCPUs (which does not really make sense when I have only two cores, but it
looks cool) and also I can have well over 16 virtual machines running on
the host. I looked into the implementation and now I understand that each
driver returns different values, but I do not understand the constants. Can
you guys give me some hints how should I understand the output of the
command?
Best regards,
Laszlo
[1] : http://libvirt.org/sources/virshcmdref/html/sect-maxvcpus.html
--
EOF
10 years
Re: [libvirt-users] virsh net-start default fails
by Michal Privoznik
On 22.10.2014 00:03, David Roundy wrote:
> Hi Michal,
>
> I am attaching debug logs.
>
> David
Well, I can see the error message there, but not the reason. Does the
/etc/libvirt/qemu/networks/default.xml file exist?
Michal
10 years
[libvirt-users] Whether Virsh migrate VM works with xen hypervisor??
by Ajitha Robert
Hi all
By referring https://libvirt.org/migration.html.. I tried VM migration
between two libvirt machines
I tried instance migration with ssh, tls and tcp. In all three I got the
same error as " this function is not supported by the connection driver"
*Eg*
migrate --live domuname xen+tls://desthostname/system
error: this function is not supported by the connection driver:
virDomainMigrate3
My question is Whether live migration is supported with Xen hypervisor.
--
*Regards,Ajitha R*
10 years
[libvirt-users] Connecting libvirt remotely using tls: TLS handshake failed : packet with unexpected length +gnutls_handhsake Error
by Ajitha Robert
Hi all,
I am facing an error while connecting libvirt remotely using tls.. I
have created CA, client and server certificates with RSA 1024 bit
using Openssl. I am using debian linux flavor in both client and
server.
*Original Error:*
(When trying to connect remote libvirt)
virsh -c xen+tls://destinationipaddr/system
error: failed to connect to the hypervisor
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
In source code i found the error line. the return value is 21
./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);
*Below are log details*
*client(Initiator of ssl connection ) :*
virNetTLSSessionHandshake:1351 : Ret=-21
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
*In the server side,
*
virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake
failed Could not negotiate a supported cipher suite.
Please guide me for solving this error
--
*Regards,Ajitha R*
10 years
[libvirt-users] Unable to start container after OS upgrade
by mallu mallu
I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated
/bin/mknod: `/dev/lp2': Operation not permitted
/bin/chown: cannot access `/dev/lp2': No such file or directory
/bin/mknod: `/dev/lp3': Operation not permitted
/bin/chown: cannot access `/dev/lp3': No such file or directory
/bin/mknod: `/dev/net/tun': Operation not permitted
/bin/mknod: `/dev/ppp': Operation not permitted
/bin/mknod: `/dev/fuse': Operation not permitted
/sbin/start_udev: line 269: /proc/sys/kernel/hotplug: Read-only file system
udevd[71]: file_contexts: invalid context system_u:object_r:device_t:s0
udevd[71]: file_contexts: invalid context system_u:object_r:device_t:s0
udevd[71]: matchpathcon(/dev/.udev/rules.d) failed
udevd[71]: matchpathcon(/dev/.udev/rules.d) failed
[ OK ]
Setting hostname vm1292ussac1-goagent1.cust.aops-eds.com: [ OK ]
Checking filesystems
[ OK ]
mount: can't find / in /etc/fstab or /etc/mtab
Mounting local filesystems: [ OK ]
/etc/rc.d/rc.sysinit: line 606: plymouth: command not found
Enabling /etc/fstab swaps: [ OK ]
init: kexec-disable main process (139) terminated with status 1
10 years
[libvirt-users] Problem with the use of domfsfreeze mountpoint option
by Payes Anand
Hi everybody,
I am having a problem with the use of domfsfreeze command.
It is freezing all the filesystems present on the domain,
instead of freezing just the mountpoints provided.
I am issuing the command--
# virsh domfsfreeze <domain> --mountpoint <mountpoint>
Output was-- Froze 3 filesystem(s)
I want to freeze a particular mount point on the VM, so that i can
take a snapshot using my own snapshot feature.
Using library: libvirt 1.2.5
Using API: QEMU 1.2.5
Running hypervisor: QEMU 2.0.0
--Upgraded libvirt to 1.2.10, but that also didn't solve the problem.
Am i missing something over here?
Any help would be greatly appreciated.
Best Regards,
Payes
10 years
[libvirt-users] Do not attempt to add physical NIC to virbr0
by Sagar Shedge
Hi,
I got this NOTE on most of the link. But I am not getting reason for this.
Why someone should not add physical NIC to virbr0. I tried to add my eth1
to virbr0 and it get added.
So whether it affects to some functionality of NAT network?
--
Sagar Dilip Shedge,
Pune.
With Regards.
10 years
