On Fri, May 20, 2016 at 10:41 PM, Bill James <[email protected]> wrote:
>
> attached output from one host. others look similar.
Your qemu runs as *root*:
root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm
Here is the output from normal installation:
qemu qemu qemu qemu qemu qemu qemu
qemu /usr/libexec/qemu-kvm
I guess that gluster is configure with "option root-squashing on" so you
practically run as "nobody", and you are not in the kvm group.
Running qemu as root is also a security risk, if there is a security bug in qemu
a vm can use it to compromise your host or other vms.
Maybe you can configure gluster to treat root as vdsm using
option translate-uid 0=36
See
http://www.gluster.org/community/documentation/index.php/Translators/features
But a better solution is to run qemu as qemu.
Adding Sahina to advise about gluster configuration.
Nir
>
>
>
>
> On 5/20/16 11:47 AM, Nir Soffer wrote:
>
> On Fri, May 20, 2016 at 9:25 PM, Bill James <[email protected]> wrote:
>>
>> yes
>>
>> [root@ovirt2 prod .shard]# sestatus
>> SELinux status: disabled
>>
>> [root@ovirt3 prod ~]# sestatus
>> SELinux status: disabled
>
>
> Can you share output of:
>
> ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep
> 'qemu|libvirt'
> ps auxe | egrep 'qemu|libvirt'
>
>>
>>
>>
>>
>>
>> On 5/20/16 11:13 AM, Nir Soffer wrote:
>>
>> On Fri, May 20, 2016 at 9:02 PM, Bill James <[email protected]> wrote:
>>>
>>> [root@ovirt1 prod ~]# sestatus
>>> SELinux status: disabled
>>
>>
>> Same on ovirt2?
>>
>>>
>>>
>>>
>>>
>>>
>>> On 5/20/16 10:49 AM, Nir Soffer wrote:
>>>
>>> This smells like selinux issues, did yoi try with permissive mode?
>>>
>>> בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <[email protected]> כתב:
>>>>
>>>> Nobody has any ideas or thoughts on how to troubleshoot?
>>>>
>>>> why does qemu group work but not kvm when qemu is part of kvm group?
>>>>
>>>> [root@ovirt1 prod vdsm]# grep qemu /etc/group
>>>> cdrom:x:11:qemu
>>>> kvm:x:36:qemu,sanlock
>>>> qemu:x:107:vdsm,sanlock
>>>>
>>>>
>>>> On 5/18/16 3:47 PM, Bill James wrote:
>>>>>
>>>>> another data point.
>>>>> Changing just owner to qemu doesn't help.
>>>>> Changing just group to qemu does. VM starts fine after that.
>>>>>
>>>>>
>>>>>
>>>>> On 05/18/2016 11:49 AM, Bill James wrote:
>>>>>>
>>>>>> Some added info. This issue seems to be just like this bug:
>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1052114
>>>>>>
>>>>>> I have verified that chown qemu:qemu of disk image also fixes the
>>>>>> startup issue.
>>>>>> I'm using raw, not qcow images.
>>>>>>
>>>>>>
>>>>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img info
>>>>>> 253f9615-f111-45ca-bdce-cbc9e70406df
>>>>>> image: 253f9615-f111-45ca-bdce-cbc9e70406df
>>>>>> file format: raw
>>>>>> virtual size: 20G (21474836480 bytes)
>>>>>> disk size: 1.9G
>>>>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l
>>>>>> 253f9615-f111-45ca-bdce-cbc9e70406df
>>>>>> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38
>>>>>> 253f9615-f111-45ca-bdce-cbc9e70406df
>>>>>>
>>>>>> (default perms = vdsm:kvm)
>>>>>>
>>>>>> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64
>>>>>> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64
>>>>>> libvirt-daemon-1.2.17-13.el7_2.4.x86_64
>>>>>>
>>>>>>
>>>>>> Ideas??
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> [email protected]
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>> This email, its contents and attachments contain information from j2
>>> Global, Inc. and/or its affiliates which may be privileged, confidential or
>>> otherwise protected from disclosure. The information is intended to be for
>>> the addressee(s) only. If you are not an addressee, any disclosure, copy,
>>> distribution, or use of the contents of this message is prohibited. If you
>>> have received this email in error please notify the sender by reply e-mail
>>> and delete the original message and any copies. © 2015 j2 Global, Inc. All
>>> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ®
>>> and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its
>>> affiliates.
>>
>>
>>
>> This email, its contents and attachments contain information from j2 Global,
>> Inc. and/or its affiliates which may be privileged, confidential or
>> otherwise protected from disclosure. The information is intended to be for
>> the addressee(s) only. If you are not an addressee, any disclosure, copy,
>> distribution, or use of the contents of this message is prohibited. If you
>> have received this email in error please notify the sender by reply e-mail
>> and delete the original message and any copies. © 2015 j2 Global, Inc. All
>> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ®
>> and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its
>> affiliates.
>
>
>
> This email, its contents and attachments contain information from j2 Global,
> Inc. and/or its affiliates which may be privileged, confidential or otherwise
> protected from disclosure. The information is intended to be for the
> addressee(s) only. If you are not an addressee, any disclosure, copy,
> distribution, or use of the contents of this message is prohibited. If you
> have received this email in error please notify the sender by reply e-mail
> and delete the original message and any copies. © 2015 j2 Global, Inc. All
> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® and
> Onebox ® are ! registere d trademarks of j2 Global, Inc. and its affiliates.
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
