I’ve followed the WiKi to install OpenNebula for a quick run, but when it tries to make a VM, it’s engaging the libvirtd daemon, which itself runs as root, to create the VM then fails with a “can’t canonicalize path” message. Checking further it seems virsh, or some function in it, is trying to access the NFS mount as root. I have squash_root enabled and for security reasons I need to keep it. But then how do I get around it? Should I just point VM creation to the node’s existing datastore (ie SAN, DAS) or is there a way around this to allow VM creation on the NFS mount wo/ using no_root_squash?
The direct VM creation on the node works without an NFS mounted but for future NFS usage, I would like to resolve it so it can use NFS successfully. I considered running libvirtd as a non-root user but it unsurprisingly asked for root credentials to start up.
[oneadmin@mdskvm-p01 ~]$ virsh --connect qemu:///system create /var/lib/one//datastores/0/38/deployment.0
error: Failed to create domain from /var/lib/one//datastores/0/38/deployment.0
error: can’t canonicalize path ‘/var/lib/one//datastores/0/38/disk.1’: Permission denied
[oneadmin@mdskvm-p01 ~]$ ps -ef|grep -i libvirtd
root 12564 1 0 00:18 ? 00:00:00 /usr/sbin/libvirtd
oneadmin 14853 12479 0 00:23 pts/1 00:00:00 grep --color=auto -i libvirtd
As oneadmin, I tested file creation on the NFS and it’s working fine as oneadmin. I synced the permissions of the mount point to the remote /var/lib/one from the controller but this didn’t help either. Any chance as well to disable canonicalization of paths in libvirtd ?