search

Mirantis / virtlet

Kubernetes CRI implementation for running VM workloads
Apache License 2.0
739 stars 128 forks source link

demo.sh - VM not booting #885

Closed GregoryVds closed 5 years ago

GregoryVds commented 5 years ago

Hi,

I am trying to run demo.sh, but the Cirros VM is not booting. It fails on CreateContainer() it seems.

I have the following error message in virtlet-pod-libvirt.log:

2019-06-17 14:51:31.205+0000: 2478: error : virNetSocketReadWire:1811 : End of file while reading data: Input/output error
2019-06-17 14:51:41.196+0000: 2478: error : virNetSocketReadWire:1811 : End of file while reading data: Input/output error
2019-06-17 14:51:41.244+0000: 2479: error : virCommandWait:2601 : internal error: Child process (LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOME=/root /vmwrapper -help) unexpected exit status 126: libvirt:  error : cannot execute binary /vmwrapper: Permission denied

2019-06-17 14:51:41.244+0000: 2479: warning : virQEMUCapsLogProbeFailure:5246 : Failed to probe capabilities for /vmwrapper: internal error: Child process (LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOME=/root /vmwrapper -help) unexpected exit status 126: libvirt:  error : cannot execute binary /vmwrapper: Permission denied
$ kubectl exec virtlet-jgjmv -c libvirt -n kube-system -- virsh list --all
 Id    Name                           State
----------------------------------------------------

If that matter, I am able to successfully boot a VM as follow:

kubectl exec virtlet-jgjmv -n kube-system -it -c libvirt -- /vmwrapper -m 2048 -enable-kvm -nographic /var/lib/virtlet/images/links/cirros

(Note that I get the same error with VIRTLET_DEMO_BRANCH=master ./demo.sh) I am on Ubuntu 18.04

Any idea what might be wrong? Thanks for the help.

jellonek commented 5 years ago

Looking on error : cannot execute binary /vmwrapper: Permission denied - do you have SELinux enabled?

GregoryVds commented 5 years ago

Indeed that was it, apparmor denying perm:

$ tail -n1 /var/log/kern.log
Jun 18 16:40:43 greg kernel: [25695.612896] audit: type=1400 audit(1560868843.268:123): apparmor="DENIED" operation="exec" profile="/usr/sbin/libvirtd" name="/vmwrapper" pid=6908 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=64055 ouid=0

The VM is booting with apparmor disabled.

Thanks for the quick reply!

jellonek commented 5 years ago

It should also be working if you would apply https://github.com/Mirantis/virtlet/tree/master/deploy/apparmor