Hi,
I installed OpenNebula 5.4 on a fresh Ubuntu 16.04 LTS install. The datastores are NFS mounted on /one-datastores. Therefore I changed the DATASTORE_LOCATION in /etc/one/oned.conf to /one-datastores.
While reading the documentation about storage, I saw the qcow2 transfer manager setting. Since I am using qcow2 images, I decided to change the system and image datastore to use TM_MAD=“qcow2”.
However, deploying a VM fails:
Mon Aug 28 11:54:44 2017 [Z0][VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy '/one-datastores/0/4/deployment.0' 'one001' 4 one001
Mon Aug 28 11:54:44 2017 [Z0][VMM][I]: error: Failed to create domain from /one-datastores/0/4/deployment.0
Mon Aug 28 11:54:44 2017 [Z0][VMM][I]: error: internal error: early end of file from monitor, possible problem: 2017-08-28T09:54:43.731706Z qemu-system-x86_64: -drive file=/one-datastores/0/4/disk.0,format=qcow2,if=none,id=drive-virtio-disk0,cache=none: Could not open backing file: Could not open '/one-datastores/1/c879c62e0d049be8768a7a658786f7b6': Permission denied
Mon Aug 28 11:54:44 2017 [Z0][VMM][E]: Could not create domain from /one-datastores/0/4/deployment.0
Mon Aug 28 11:54:44 2017 [Z0][VMM][I]: ExitCode: 255
Mon Aug 28 11:54:44 2017 [Z0][VMM][I]: Failed to execute virtualization driver operation: deploy.
Mon Aug 28 11:54:44 2017 [Z0][VMM][E]: Error deploying virtual machine: Could not create domain from /one-datastores/0/4/deployment.0
I found that the cause of this, is Apparmor kicking in. To test this, I created the file /etc/apparmor.d/tunables/home.d/opennebula with the contents: @{HOMEDIRS}+=/one-datastores. After restarting Apparmor and Opennebula, deploying the VM actually works.
On other systems on which Apparmor is enabled, deploying VMs works out of the box. It turned out that these systems use the “shared” transfer manager setting. So I deleted the Apparmor file above, changed the system and image datastore transfer manager to shared and… the VM deploys out of the box.
So obviously, there is a difference in how shared and qcow2 transfer managers act. The documentation says:
shared, images are exported in a shared filesystem
qcow2, like shared but specialized for the qcow2 format
But it seems that there is more to that.
My concrete question is:
- Is this behaviour expected or is it a bug?
- Could someone of the Opennebula team eleborate some more about the differences between shared and qcow2?
Thanks,
Remy
P.S. I get the very same result when the datastore is NFS mounted on /var/lib/one/datastores and if I use local storage in stead of NFS.