On Wed, 4 Aug 2021, Sketch wrote:
What doesn't work is live migration of running VMs between hosts running
4.4.7 (or 4.4.6 before I updated) when their disks are on ceph. It appears
that vdsm attempts to launch the VM on the destination host, and it either
fails to start or dies right after starting (not entirely clear from the
logs). Then the running VM gets paused due to a storage error.
After further investigation, I've found the problem appears to be selinux
related. Setting the systems to permissive mode allows VMs to be live
migrated. I tailed the audit logs on both hosts and found a couple of
denies which probably explains the lack of useful errors in the vdsm logs,
though I'm not sure how to fix the problem.
Source host:
type=AVC msg=audit(1628052789.412:3381): avc: denied { read } for pid=570656
comm="live_migration" name="6f82b02d-8c22-4d50-a30e-53511776354c" dev="ceph"
ino=1099511715125 scontext=system_u:system_r:svirt_t:s0:c752,c884
tcontext=system_u:object_r:svirt_image_t:s0:c411,c583 tclass=file permissive=0
type=AVC msg=audit(1628052790.557:3382): avc: denied { read } for pid=570656 comm="worker"
path="/rhev/data-center/mnt/10.1.88.75,10.1.88.76,10.1.88.77:_vmstore/e8ec5645-fc1b-4d64-a145-44aa8ac5ef48/images/eb15970b-7b94-4cce-ab44-50f57850aa7f/6f82b02d-8c22-4d50-a30e-53511776354c"
dev="ceph" ino=1099511715125 scontext=system_u:system_r:svirt_t:s0:c752,c884
tcontext=system_u:object_r:svirt_image_t:s0:c411,c583 tclass=file permissive=0
# ls -lidZ
/rhev/data-center/mnt/10.1.88.75,10.1.88.76,10.1.88.77:_vmstore/e8ec5645-fc1b-4d64-a145-44aa8ac5ef48/images/eb15970b-7b94-4cce-ab44-50f57850aa7f/6f82b02d-8c22-4d50-a30e-53511776354c
1099511715125 -rw-rw----. 1 vdsm kvm
system_u:object_r:svirt_image_t:s0:c344,c764 52031193088 Aug 3 23:51
/rhev/data-center/mnt/10.1.88.75,10.1.88.76,10.1.88.77:_vmstore/e8ec5645-fc1b-4d64-a145-44aa8ac5ef48/images/eb15970b-7b94-4cce-ab44-50f57850aa7f/6f82b02d-8c22-4d50-a30e-53511776354c
Destination host:
type=AVC msg=audit(1628052787.312:1789): avc: denied { getattr } for pid=115062 comm="qemu-kvm"
name="/" dev="ceph" ino=1099511636351 scontext=system_u:system_r:svirt_t:s0:c411,c583
tcontext=system_u:object_r:cephfs_t:s0 tclass=filesystem permissive=0
# ls -lidZ /rhev/data-center/mnt/10.1.88.75,10.1.88.76,10.1.88.77:_vmstore
1099511636351 drwxr-xr-x. 3 vdsm kvm unconfined_u:object_r:cephfs_t:s0 1 Aug 3
23:14 /rhev/data-center/mnt/10.1.88.75,10.1.88.76,10.1.88.77:_vmstore
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ALFLUXTZ4ZTVGWMYLQKBABR7LSIG2QDG/
