Errors when running VM

Wed May 27 17:55:25 2015 [Z0][DiM][I]: New VM state is ACTIVE.
Wed May 27 17:55:25 2015 [Z0][LCM][I]: New VM state is PROLOG.
Wed May 27 17:57:17 2015 [Z0][LCM][I]: New VM state is BOOT
Wed May 27 17:57:17 2015 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/10/deployment.0
Wed May 27 17:57:18 2015 [Z0][VMM][I]: ExitCode: 0
Wed May 27 17:57:18 2015 [Z0][VMM][I]: Successfully execute network driver operation: pre.
Wed
May 27 17:57:23 2015 [Z0][VMM][I]: Command execution fail: cat <<
EOT | /var/tmp/one/vmm/kvm/deploy
’/var/lib/one//datastores/0/10/deployment.0’ ‘localhost’ 10 localhost
Wed May 27 17:57:23 2015 [Z0][VMM][I]: error: Failed to create domain from /var/lib/one//datastores/0/10/deployment.0
Wed May 27 17:57:23 2015 [Z0][VMM][I]: error: Unable to add port vnet0 to OVS bridge eth0: Operation not permitted
Wed May 27 17:57:23 2015 [Z0][VMM][E]: Could not create domain from /var/lib/one//datastores/0/10/deployment.0
Wed May 27 17:57:23 2015 [Z0][VMM][I]: ExitCode: 255
Wed May 27 17:57:23 2015 [Z0][VMM][I]: Failed to execute virtualization driver operation: deploy.
Wed
May 27 17:57:23 2015 [Z0][VMM][E]: Error deploying virtual machine:
Could not create domain from /var/lib/one//datastores/0/10/deployment.0
Wed May 27 17:57:23 2015 [Z0][DiM][I]: New VM state is FAILED

You are interested in this error:

Wed May 27 17:57:23 2015 [Z0][VMM][I]: error: Unable to add port vnet0 to
OVS bridge eth0: Operation not permitted

Check the configuration of libvirt and the oneadmin account.

hi, we encountered similar problems on Ubuntu, so maybe this is helpful:
The problem is that sudo must be used for some commands, in our case the user oneadmin could not apply ebtables firewall-rules, when migrating a VM to another host. We had to update all sudo-configs to allow use of the command, without a password prompt (which causes a similar error).
We had to add the rules below to all sudo-configs, by using visudo.

add:

oneadmin ALL = NOPASSWD: /sbin/iptables
oneadmin ALL = NOPASSWD: /sbin/ebtables

The additional NOPASSWD lines for ebtables/iptables, should be at the end of the sudoers file, or should be loaded later. We solved the issue by creating a file called /etc/sudoers.d/FILENAME (so it will be loaded last, and will not be updated by Ubuntu or Opennebula)

In your case, looks oneadmin is not allowed to reconfigure an interface, if you add the command to /etc/sudoers like we did, it should work.

Hope this helps!

UPDATE: this is what Ruben pointed at:

2.5. Configure Qemu
The oneadmin user must be able to manage libvirt as root:

cat << EOT > /etc/libvirt/qemu.conf
user = "oneadmin"
group = "oneadmin"
dynamic_ownership = 0
EOT

Restart libvirt to capture these changes:

service libvirt-bin restart

(Source: http://docs.opennebula.org/4.12/design_and_installation/quick_starts/qs_ubuntu_kvm.html)

hi, I having made as you spoke but didn’t help

hi Sasha,

the extra rules in the sudoers file are needed for oneadmin to be able to apply firewall rules for live migration of a VM, your error is similar but is caused by something else (probably, oneadmin is not allowed to reconfigure an interface).

In your case, oneadmin is not allowed to add vnet0 to a networking bridge. Are you allowed to use a commands like:

$ su - oneadmin
$ whoami (should return “oneadmin”)
$ ovs-vsctl show

As can be seen in this thread:
https://www.redhat.com/archives/libvirt-users/2013-April/msg00076.html
and the most probable solution:
https://www.redhat.com/archives/libvirt-users/2013-April/msg00077.html

Make sure to check the logs for the VM your trying to create, in /var/log/one/123.log (for VM 123) and oned.log.
If the error is similar as in the redhat-thread, just disable apparmor and try to deploy the VM again.
If that doesnt work, post the errors you get in your logs and post the details.

Here is the offi apparmor debugging page: https://wiki.ubuntu.com/DebuggingApparmor
Here is how to disable/remove apparmor: http://www.techytalk.info/disable-and-remove-apparmor-on-ubuntu-based-linux-distributions/
(Note, don’t forget to remove the apparmor commands from your
/etc/default/grub file if these were set during the installation of the
apparmor application. After changing the file execute the command
update-grub to update the grub-loader.)

hi, Roland
in log error of the virtual machine shows problems with drivers, when you enter ovs-vsctl show command from oneadmin there are no access rights

hi Sascha,

in the terminal windows on the right, where you are root, the openvswitch command works ok (root is allowed to manage openvswitch-stuff)
In the terminal on the left, where you’re oneadmin, you can see that the same command using user oneadmin does not work (no permission to manage openvswitch-stuff.)

When deploying a VM, oneadmin needs to be able to use those commands to be able to perform the VM deployment, that seems to be whats messing it up.

In the 2nd screenshot, you deploy a VM without a network interface, so there is no need for oneadmin using openvswitch commands, so the ovs-error does not appear now.
Instead you get an error using an image, so it seems like you have some permission problems in /var/lib/one
Can you post the rights (ls -ltr) of the folder /var/lib/one/datastores/1 ?

command: ls -ltr /var/lib/one/datastores/1

For the ovs-commands I found a threat with details about proper configuration of rights for oneadmin:
http://openvswitch.org/pipermail/discuss/2014-May/013905.html

Suggestion is to add this, using visudo:

oneadmin ALL=(ALL) NOPASSWD: /usr/bin/ovs-vsctl, /usr/bin/ovs-ofctl, /usr/bin/ovs-dpctl, /sbin/iptables, /sbin/ebtables

This should allow oneadmin to use those commands when (re)configuring interfaces for a VM.

But in your case, mainly because of the “permission denied” when trying to use an image, there seems to be something wrong with permissions on a larger scale, like the entire /var/lib/one folder and everything in it (including images).