On Fri, May 20, 2016 at 11:48 PM, Bill James <bill.ja...@j2.com> wrote: > I had added user = "root" because we use the import-to-ovirt.pl to move Vms > from our old virtual platform to ovirt. > My understanding was that was required for the to work. > Is that not true or is the import script not worth the headaches caused? > (https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/)
I don't know anything about this solution, adding Richard to add more info. If you run 3.6, you can use v2v to import from other systems. Adding Shahar to add into on v2v. Nir > [root@ovirt3 prod 4c4bfdf7-bc70-41b2-ab58-710ff8e850bf]# grep ^user > /etc/libvirt/qemu.conf > user = "root" > > I'm assuming that's what sets the qemu user. > > > > When I first tried using that script without setting "user = root" it didn't > work. > > > > > On 5/20/16 1:16 PM, Nir Soffer wrote: >> >> On Fri, May 20, 2016 at 10:41 PM, Bill James <bill.ja...@j2.com> wrote: >>> >>> attached output from one host. others look similar. >> >> Your qemu runs as *root*: >> >> root root root root qemu qemu qemu qemu /usr/libexec/qemu-kvm >> >> Here is the output from normal installation: >> >> qemu qemu qemu qemu qemu qemu qemu >> qemu /usr/libexec/qemu-kvm >> >> I guess that gluster is configure with "option root-squashing on" so you >> practically run as "nobody", and you are not in the kvm group. >> >> Running qemu as root is also a security risk, if there is a security bug >> in qemu >> a vm can use it to compromise your host or other vms. >> >> Maybe you can configure gluster to treat root as vdsm using >> >> option translate-uid 0=36 >> >> See >> http://www.gluster.org/community/documentation/index.php/Translators/features >> >> But a better solution is to run qemu as qemu. >> >> Adding Sahina to advise about gluster configuration. >> >> Nir >> >>> >>> >>> >>> On 5/20/16 11:47 AM, Nir Soffer wrote: >>> >>> On Fri, May 20, 2016 at 9:25 PM, Bill James <bill.ja...@j2.com> wrote: >>>> >>>> yes >>>> >>>> [root@ovirt2 prod .shard]# sestatus >>>> SELinux status: disabled >>>> >>>> [root@ovirt3 prod ~]# sestatus >>>> SELinux status: disabled >>> >>> >>> Can you share output of: >>> >>> ps -e -o euser,user,suser,fuser,egroup,rgroup,sgroup,fgroup,cmd | egrep >>> 'qemu|libvirt' >>> ps auxe | egrep 'qemu|libvirt' >>> >>>> >>>> >>>> >>>> >>>> On 5/20/16 11:13 AM, Nir Soffer wrote: >>>> >>>> On Fri, May 20, 2016 at 9:02 PM, Bill James <bill.ja...@j2.com> wrote: >>>>> >>>>> [root@ovirt1 prod ~]# sestatus >>>>> SELinux status: disabled >>>> >>>> >>>> Same on ovirt2? >>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 5/20/16 10:49 AM, Nir Soffer wrote: >>>>> >>>>> This smells like selinux issues, did yoi try with permissive mode? >>>>> >>>>> בתאריך 20 במאי 2016 7:59 אחה״צ, "Bill James" <bill.ja...@j2.com> כתב: >>>>>> >>>>>> Nobody has any ideas or thoughts on how to troubleshoot? >>>>>> >>>>>> why does qemu group work but not kvm when qemu is part of kvm group? >>>>>> >>>>>> [root@ovirt1 prod vdsm]# grep qemu /etc/group >>>>>> cdrom:x:11:qemu >>>>>> kvm:x:36:qemu,sanlock >>>>>> qemu:x:107:vdsm,sanlock >>>>>> >>>>>> >>>>>> On 5/18/16 3:47 PM, Bill James wrote: >>>>>>> >>>>>>> another data point. >>>>>>> Changing just owner to qemu doesn't help. >>>>>>> Changing just group to qemu does. VM starts fine after that. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 05/18/2016 11:49 AM, Bill James wrote: >>>>>>>> >>>>>>>> Some added info. This issue seems to be just like this bug: >>>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1052114 >>>>>>>> >>>>>>>> I have verified that chown qemu:qemu of disk image also fixes the >>>>>>>> startup issue. >>>>>>>> I'm using raw, not qcow images. >>>>>>>> >>>>>>>> >>>>>>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# qemu-img >>>>>>>> info 253f9615-f111-45ca-bdce-cbc9e70406df >>>>>>>> image: 253f9615-f111-45ca-bdce-cbc9e70406df >>>>>>>> file format: raw >>>>>>>> virtual size: 20G (21474836480 bytes) >>>>>>>> disk size: 1.9G >>>>>>>> [root@ovirt2 prod a7af2477-4a19-4f01-9de1-c939c99e53ad]# ls -l >>>>>>>> 253f9615-f111-45ca-bdce-cbc9e70406df >>>>>>>> -rw-rw---- 1 qemu qemu 21474836480 May 18 11:38 >>>>>>>> 253f9615-f111-45ca-bdce-cbc9e70406df >>>>>>>> >>>>>>>> (default perms = vdsm:kvm) >>>>>>>> >>>>>>>> qemu-img-ev-2.3.0-31.el7_2.4.1.x86_64 >>>>>>>> qemu-kvm-ev-2.3.0-31.el7_2.4.1.x86_64 >>>>>>>> libvirt-daemon-1.2.17-13.el7_2.4.x86_64 >>>>>>>> >>>>>>>> >>>>>>>> Ideas?? >>>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>>>> >>>>> This email, its contents and attachments contain information from j2 >>>>> Global, Inc. and/or its affiliates which may be privileged, confidential >>>>> or >>>>> otherwise protected from disclosure. The information is intended to be for >>>>> the addressee(s) only. If you are not an addressee, any disclosure, copy, >>>>> distribution, or use of the contents of this message is prohibited. If you >>>>> have received this email in error please notify the sender by reply e-mail >>>>> and delete the original message and any copies. © 2015 j2 Global, Inc. All >>>>> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® >>>>> and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its >>>>> affiliates. >>>> >>>> >>>> >>>> This email, its contents and attachments contain information from j2 >>>> Global, Inc. and/or its affiliates which may be privileged, confidential or >>>> otherwise protected from disclosure. The information is intended to be for >>>> the addressee(s) only. If you are not an addressee, any disclosure, copy, >>>> distribution, or use of the contents of this message is prohibited. If you >>>> have received this email in error please notify the sender by reply e-mail >>>> and delete the original message and any copies. © 2015 j2 Global, Inc. All >>>> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® >>>> and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its >>>> affiliates. >>> >>> >>> >>> This email, its contents and attachments contain information from j2 >>> Global, Inc. and/or its affiliates which may be privileged, confidential or >>> otherwise protected from disclosure. The information is intended to be for >>> the addressee(s) only. If you are not an addressee, any disclosure, copy, >>> distribution, or use of the contents of this message is prohibited. If you >>> have received this email in error please notify the sender by reply e-mail >>> and delete the original message and any copies. © 2015 j2 Global, Inc. All >>> rights reserved. eFax ®, eVoice ®, Campaigner ®, FuseMail ®, KeepItSafe ® >>> and Onebox ® are ! registere d trademarks of j2 Global, Inc. and its >>> affiliates. > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
