qemu-system-x86_64: Permission denied on OpenShift
324 views
Skip to first unread message
Marek Libra
Feb 16, 2018, 7:22:47 AM2/16/18
to kubevirt-dev
Hi,
while playing with APBs, I'm failing to start a VM on OpenShift 3.9 - failed on permissions to execute qemu-system-x86_64.Using Kubevirt v0.3.0-alpha.1.
The cluster is started via run_latest_build.sh from [1] and kubevirt is provisioned as follows:
PUBLIC_IP=192.168.122.80 ORIGIN_VERSION=v3.9.0-alpha.3 ./run_latest_build.sh
oc login -u system:admin
oc adm policy add-cluster-role-to-user cluster-admin system:admin
# deploy kubevirt
oc project kube-system
oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:kubevirt-privileged
oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:kubevirt-controller
oc apply -f https://github.com/kubevirt/kubevirt/releases/download/v0.3.0-alpha.1/kubevirt.yaml
oc create -f vm-ephemeral.yml
oc logs virt-launcher-testvm-ephemeral-----qnkqx -c compute
```
level=info
timestamp=2018-02-16T11:53:26.540766Z pos=virt-launcher.go:119
component=virt-launcher msg="Watchdog file created at
/var/run/kubevirt/watchdog-files/kube-system_testvm-ephemeral"
level=info timestamp=2018-02-16T11:53:26.541199Z pos=client.go:164 component=virt-launcher msg="Registered libvirt event notify callback"
level=info timestamp=2018-02-16T11:53:26.541301Z pos=virt-launcher.go:57 component=virt-launcher msg="Marked as ready"
level=info timestamp=2018-02-16T11:53:26.542146Z pos=monitor.go:224 component=virt-launcher msg="Monitoring loop: rate 1s start timeout 5m0s"
level=info timestamp=2018-02-16T11:53:27.543943Z pos=monitor.go:180 component=virt-launcher msg="Still missing PID for qemu, Process qemu not found in /proc"
level=info timestamp=2018-02-16T11:53:27.723810Z pos=manager.go:233 component=virt-launcher namespace=kube-system name=testvm-ephemeral kind= uid=ee2c2a52-130f-11e8-9e21-525400888a20 msg="Domain defined."
level=info timestamp=2018-02-16T11:53:27.725468Z pos=client.go:148 component=virt-launcher msg="Libvirt event 0 with reason 0 received"
level=info timestamp=2018-02-16T11:53:28.066660Z pos=client.go:131 component=virt-launcher msg="domain status: 3:11"
level=info timestamp=2018-02-16T11:53:28.070719Z pos=client.go:157 component=virt-launcher msg="processed event"
level=error timestamp=2018-02-16T11:53:28.094592Z pos=manager.go:261 component=virt-launcher namespace=kube-system name=testvm-ephemeral kind= uid=ee2c2a52-130f-11e8-9e21-525400888a20 reason="virError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: libvirt: error : cannot execute binary /usr/bin/qemu-system-x86_64: Permission denied')" msg="Starting the VM failed."
```
level=info timestamp=2018-02-16T11:53:26.541199Z pos=client.go:164 component=virt-launcher msg="Registered libvirt event notify callback"
level=info timestamp=2018-02-16T11:53:26.541301Z pos=virt-launcher.go:57 component=virt-launcher msg="Marked as ready"
level=info timestamp=2018-02-16T11:53:26.542146Z pos=monitor.go:224 component=virt-launcher msg="Monitoring loop: rate 1s start timeout 5m0s"
level=info timestamp=2018-02-16T11:53:27.543943Z pos=monitor.go:180 component=virt-launcher msg="Still missing PID for qemu, Process qemu not found in /proc"
level=info timestamp=2018-02-16T11:53:27.723810Z pos=manager.go:233 component=virt-launcher namespace=kube-system name=testvm-ephemeral kind= uid=ee2c2a52-130f-11e8-9e21-525400888a20 msg="Domain defined."
level=info timestamp=2018-02-16T11:53:27.725468Z pos=client.go:148 component=virt-launcher msg="Libvirt event 0 with reason 0 received"
level=info timestamp=2018-02-16T11:53:28.066660Z pos=client.go:131 component=virt-launcher msg="domain status: 3:11"
level=info timestamp=2018-02-16T11:53:28.070719Z pos=client.go:157 component=virt-launcher msg="processed event"
level=error timestamp=2018-02-16T11:53:28.094592Z pos=manager.go:261 component=virt-launcher namespace=kube-system name=testvm-ephemeral kind= uid=ee2c2a52-130f-11e8-9e21-525400888a20 reason="virError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: libvirt: error : cannot execute binary /usr/bin/qemu-system-x86_64: Permission denied')" msg="Starting the VM failed."
```
Fabian Deutsch
Feb 16, 2018, 3:09:22 PM2/16/18
to Marek Libra, Artyom Lukianov, Lukas Bednar, Gal Ben Haim, kubevirt-dev
I think this is around an SCC issues.
Maybe Artyom, Lukas, or Gal can point you to the solution.--
You received this message because you are subscribed to the Google Groups "kubevirt-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubevirt-dev+unsubscribe@googlegroups.com.
To post to this group, send email to kubevi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubevirt-dev/CAGg6-xjvPaDjkMKbtwJ-E_8oNKjy1tO8iZzA9ZV_tLpfHB8xDQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Artyom Lukianov
Feb 16, 2018, 4:58:31 PM2/16/18
to Fabian Deutsch, Marek Libra, Lukas Bednar, Gal Ben Haim, kubevirt-dev
It looks like SELinux issue, can you set SELinux to permissive mode on all nodes and try again?
Marek Libra
Feb 20, 2018, 6:47:59 AM2/20/18
to Artyom Lukianov, Fabian Deutsch, Lukas Bednar, Gal Ben Haim, kubevirt-dev
Reply all
Reply to author
Forward
0 new messages