← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #21834

[Bug 1227912] Re: instance fails to boot with qemu guest agent set in image metadata

  Thread PreviousDate PreviousThread Next 
I have just encounter this problem in Ubuntu 14.04.1. Here's a
workaround:

# cd /var/lib/libvirtd/qemu
# mkdir -p channel/target
# chown -R libvirt-qemu:kvm channel/

(The path above is used by libvirt-manager when you create the channel.)

In /etc/apparmor.d/abstractions/libvirt-qemu at the end add:

"/var/lib/libvirt/**/*.org.qemu.guest_agent.0" rwk,

(Reload apparmor profiles).

The line in libvirt-qemu could be generated in the domain specific file
by virt-aa-helper to exactly match the name of the domain, but I cannot
see a high security risk in being a bit unspecific here (allows one qemu
to access the socket of another qemu).


** Also affects: ubuntu
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1227912

Title:
  instance fails to boot with qemu guest agent set in image metadata

Status in OpenStack Compute (Nova):
  Invalid
Status in Ubuntu:
  Confirmed

Bug description:
  I set the image metadata to enable qemu guest agent. When I bring up instance it fails to open socket due to permission.
  I observed this with devstack. 

  Here is more info

  nova  image-meta cirros-0.3.1-x86_64-uec set  hw_qemu_guest_agent=yes

  2013-09-19 15:21:55.717 ERROR nova.compute.manager [req-be5e6b88-77f8-47d5-974e-85e1f875608a demo demo] [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] Error: internal error process exited while connecting to monitor: char device redirected to /dev/pts/27 (label charserial1)
  qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/org.qemu.guest_agent.0.instance-0000000b.sock,server,nowait: Failed to bind socket: Permission denied
  chardev: opening backend "socket" failed

  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] Traceback (most recent call last):
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/compute/manager.py", line 1038, in _build_instance
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     set_access_ip=set_access_ip)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/compute/manager.py", line 1411, in _spawn
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     LOG.exception(_('Instance failed to spawn'), instance=instance)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/compute/manager.py", line 1408, in _spawn
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     block_device_info)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2071, in spawn
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     block_device_info, context=context)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 3214, in _create_domain_and_network
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 3157, in _create_domain
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 3152, in _create_domain
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     except Exception as e:
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 179, in doit
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     result = proxy_call(self._autowrap, f, *args, **kwargs)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 139, in proxy_call
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     rv = execute(f,*args,**kwargs)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 77, in tworker
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     rv = meth(*args,**kwargs)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]   File "/usr/lib/python2.7/dist-packages/libvirt.py", line 711, in createWithFlags
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]     if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] libvirtError: internal error process exited while connecting to monitor: char device redirected to /dev/pts/27 (label charserial1)
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/org.qemu.guest_agent.0.instance-0000000b.sock,server,nowait: Failed to bind socket: Permission denied
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] chardev: opening backend "socket" failed
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4] 
  2013-09-19 15:21:55.717 TRACE nova.compute.manager [instance: fccd153e-b8f7-4b09-aa25-b531fd618eb4]

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1227912/+subscriptions
  Thread PreviousDate PreviousThread Next