- Package:
- libvirt-bin
- Source:
- libvirt
- Submitter:
- Gerasimos Melissaratos
- Date:
- 2023-04-17 15:57:06 UTC
- Severity:
- important
- Tags:
When two libvirt/qemu servers (say, A and B) share and NFS server, migrating a VM form A to B fails, barring access to the disk image from server B. When the VM boots on server A, it sets uid/gid on the VM disk image to libvirt-qemu:kvm. During the migration process (initiated through virt-manager) the image acquires momentarily libvirt-qemu:kvm uid/gid on server B, but then it reverts to root:root and messages about failed disk access are printed on the screen of the running VM (normal, since the image gets root:root ownership). In order to migrate the image, I have to shut down the VM on server A and boot it again on server B, beating the whole idea of migration. Wether I migrate from A->B or B->A makes no difference.
Hi, It seems there's a problem with the first instance restoring privileges _after_ the second one starts. Could you try setting user and group to "root" in /etc/libvirt/qemu.conf? This should work around the problem. Cheers, -- Guido
Was going to try it, but now, after upgrading to ii libvirt-bin 0.7.7-1 the programs for the libvirt library ii libvirt0 0.7.7-1 library for interfacing with different virtu ii qemu-kvm 0.12.3+dfsg-3 Full virtualization on x86 hardware things took an ugly turn, and I cannot even connect to the console of the virtual machine. Something seems to has broken with TLS authentication. So, I'm putting migration on the back burner for a few days to see what's going on with vnc and tls. Thanks, Gerasimos----- Αρχικό Μήνυμα ----- Από: "Guido Günther" <agx@sigxcpu.org> Προς: 571159-submitter@bugs.debian.org Απεσταλμένα: Monday, March 8, 2010 7:07:35 PM GMT +02:00 Harare / Pretoria Θέμα: Bug#571159: Possible workaround? Hi, It seems there's a problem with the first instance restoring privileges _after_ the second one starts. Could you try setting user and group to "root" in /etc/libvirt/qemu.conf? This should work around the problem. Cheers, -- Guido
As mentioned, I was going to look into the vnc+tls problem, and this is what I found. When I run "strace virt-viewer -v --debug -c qemu+tls://hostname/system slack", at the end I get the following output:
write(1, "** (virt-viewer:4703): DEBUG: Go"..., 77** (virt-viewer:4703): DEBUG: Got VNC credential request for 1 credential(s)
) = 77
getuid() = 1000
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 10
lseek(10, 0, SEEK_CUR) = 0
fstat(10, {st_mode=S_IFREG|0644, st_size=2501, ...}) = 0
mmap(NULL, 2501, PROT_READ, MAP_SHARED, 10, 0) = 0x7fbf71ec7000
lseek(10, 2501, SEEK_SET) = 2501
munmap(0x7fbf71ec7000, 2501) = 0
close(10) = 0
stat("(null)/CA/cacert.pem", 0x7fffe54c5c70) = -1 ENOENT (No such file or directory)
stat("(null)/CA/cacert.pem", 0x7fffe54c5c70) = -1 ENOENT (No such file or directory)
write(1, "** (virt-viewer:4703): DEBUG: Fa"..., 62** (virt-viewer:4703): DEBUG: Failed to set credential type 2
) = 62
close(9) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], [], 8) = 0
open("/usr/share/locale/en_US/LC_MESSAGES/libgnutls.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libgnutls.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
sendto(-1, "\25\3\2\0\2\1\0", 7, 0, NULL, 0) = -1 EBADF (Bad file descriptor)
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], [], 8) = 0
read(3, 0x249a764, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}], 2, 0) = 0 (Timeout)
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"\22\0\v\0\3\0\0\4/\1\0\0X\1\0\0\10\4\5\0\24\0\0\0(null) -"..., 180}, {NULL, 0}, {"", 0}], 3) = 180
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\34\0&\1\3\0\0\4/\1\0\0\0[\2725\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 160
read(3, 0x249a764, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"+\0\1\0", 4}, {NULL, 0}, {"", 0}], 3) = 4
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\2+\1\0\0\0\0\4\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(3, 0x249a764, 4096) = -1 EAGAIN (Resource temporarily unavailable)
close(11) = 0
exit_group(0) = ?
I notice the stat lines, they have this "(null)/CA/cacert.pem", when all other stat lines have no "null". From then on it's all error and failure. Hope this helps a bit.
Bye, Gerasimos Melissaratos
Hi Gerasimos, please file a different bug about your gtk-vnc problem including version information for virt-viewer and gtk-vnc. So we can handle that first. Thanks, -- Guido
Hi, Guido Günther wrote (28 Mar 2010 17:47:52 GMT) : What's the status on this front? Is the bug still reproducible on current Debian stable or testing/sid? Was the bug against gtk-vnc filed? Cheers, -- intrigeri
Hi, Guido Günther wrote (28 Mar 2010 17:47:52 GMT) : What's the status on this front? Is the bug still reproducible on current Debian stable or testing/sid? Was the bug against gtk-vnc filed? Cheers, -- intrigeri