[libvirt-users] Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
Hi Daniel, I noticed that the patch "Add support for hotplug/unplug of disk devices in LXC" you wrote had been merged into libvirt of version 1.0.2. But when I used this function, it report an error with details as following: ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied ubuntu@lxc:~$ cat disk.xml <disk type='block' device='disk'> <driver type='raw' cache='none'/> <source dev='/dev/dm-0'/> <target dev='sdb' bus='scsi'/> </disk> ubuntu@lxc:~$ ll /dev/dm-0 brw-rw---- 1 root disk 252, 0 Jul 15 03:39 /dev/dm-0 ubuntu@lxc:~$ dpkg -l|grep libvirt ii libvirt-bin 1.0.2-0ubuntu11 programs for the libvirt library ii libvirt0 1.0.2-0ubuntu11 library for interfacing with different virtualization systems ii python-libvirt 1.0.2-0ubuntu11 libvirt Python bindings And in this lxc vm, through dmesg the following information can be seen: ubuntu@lxc2:~$ dmesg [433287.227288] type=1400 audit(1373874475.861:55): apparmor="DENIED" operation="mknod" info="Failed name lookup" error=-13 parent=1 profile="/usr/sbin/libvirtd" name="dev/sdb" pid=1541 comm="libvirtd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 What's the real problem and How can I fix it. I really appreciate your help. Thanks! -------------- Best regards! GuanQiang 2013-07-15
On 07/15/2013 04:01 PM, hzguanqiang wrote:
Hi Daniel,
I noticed that the patch "Add support for hotplug/unplug of disk devices in LXC" you wrote had been merged into libvirt of version 1.0.2. But when I used this function, it report an error with details as following:
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ cat disk.xml <disk type='block' device='disk'> <driver type='raw' cache='none'/> <source dev='/dev/dm-0'/> <target dev='sdb' bus='scsi'/> </disk>
You should use attach-disk not attach-device. vir attach-disk instance-0000002c /dev/dm-0 sdb Thanks
Hi, Gao Feng I've tried what you said, but still exists the problem: ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
On 07/15/2013 04:01 PM, hzguanqiang wrote:
Hi Daniel,
I noticed that the patch "Add support for hotplug/unplug of disk devices in LXC" you wrote had been merged into libvirt of version 1.0.2. But when I used this function, it report an error with details as following:
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml error: Failed to attach device from disk.xml error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ cat disk.xml <disk type='block' device='disk'> <driver type='raw' cache='none'/> <source dev='/dev/dm-0'/> <target dev='sdb' bus='scsi'/> </disk>
You should use attach-disk not attach-device.
vir attach-disk instance-0000002c /dev/dm-0 sdb
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain? I just posted a patchset to fix the problem that failed to create device when user namespace enabled. BTW, does it work well if you directly write the configuration to the xml of lxc domain? Thanks
于 2013/7/15 17:32, Gao feng 写道:
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain? I just posted a patchset to fix the problem that failed to create device when user namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works. And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following: <domain type='lxc' id='13071'> <name>instance-0000002b</name> <uuid>cf76c280-ac9c-44a6-94e3-237b46a7a68b</uuid> <memory unit='KiB'>2097152</memory> <currentMemory unit='KiB'>2097152</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> <cmdline>console=tty0 console=ttyS0</cmdline> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator> <filesystem type='mount' accessmode='passthrough'> <source dir='/opt/stack/data/nova/instances/cf76c280-ac9c-44a6-94e3-237b46a7a68b/rootfs'/> <target dir='/'/> </filesystem> <interface type='bridge'> <mac address='fa:16:3e:7a:1b:c8'/> <source bridge='br100'/> <target dev='veth0'/> <filterref filter='nova-instance-instance-0000002b-fa163e7a1bc8'/> </interface> <console type='pty' tty='/dev/pts/2'> <source path='/dev/pts/2'/> <target type='lxc' port='0'/> <alias name='console0'/> </console> </devices> <seclabel type='none'/> </domain> I still don't understand why I can't hotplug attach disk device for the lxc domain. Expect more detailed answer, Thanks!
On 07/16/2013 01:29 PM, Guan Qiang wrote:
于 2013/7/15 17:32, Gao feng 写道:
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain? I just posted a patchset to fix the problem that failed to create device when user namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works.
And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following:
...
I still don't understand why I can't hotplug attach disk device for the lxc domain. Expect more detailed answer, Thanks!
it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/. I don't know if this will help you, you can have a try. change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd, and add /proc/ rw. Thanks!
On 07/17/2013 04:15 PM, Gao feng wrote:
On 07/16/2013 01:29 PM, Guan Qiang wrote:
于 2013/7/15 17:32, Gao feng 写道:
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain? I just posted a patchset to fix the problem that failed to create device when user namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works.
And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following:
...
I still don't understand why I can't hotplug attach disk device for the lxc domain. Expect more detailed answer, Thanks!
it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/.
I don't know if this will help you, you can have a try.
change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd, and add /proc/ rw.
ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ & /etc/init.d/apparmor restart should work, but libvirtd will run out of apparmor's control.
On 2013-07-17 17:47, Gao feng <gaofeng@cn.fujitsu.com> wrote:
On 07/17/2013 04:15 PM, Gao feng wrote: On 07/16/2013 01:29 PM, Guan Qiang wrote:
于 2013/7/15 17:32, Gao feng 写道:
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb error: Failed to attach disk error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain? I just posted a patchset to fix the problem that failed to create device when user namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works.
And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following:
...
I still don't understand why I can't hotplug attach disk device for the lxc domain. Expect more detailed answer, Thanks!
it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/.
I don't know if this will help you, you can have a try.
change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd, and add /proc/ rw.
ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ & /etc/init.d/apparmor restart should work, but libvirtd will run out of apparmor's control.
Yes, it works. Thanks for help. ------------------ Best regards! GuanQiang 2013-07-19
participants (3)
-
Gao feng -
Guan Qiang -
hzguanqiang