Closed norbertoisaac closed 3 months ago
Hi, we have an open PR to address this message from apparmor here https://github.com/canonical/lxd/pull/13544. Over there it wasn't observed that this is causing volume imports to fail.
Does the import succeed eventually?
Thank you for your response. It never succeed, long time later it says:
Importing custom volume: 100% (493.96MB/s)Error: Post "http://unix.socket/1.0/storage-pools/pool_ceph/volumes/custom?target=fdo-kvmc1h5": net/http: timeout awaiting response headers
can i add some additional info that might help? is there work around? i need to migrate several VMs with qcow2 hdds to LXD cluster thank you in advance
Please can we see sudo ps -aux --forest
output when its hanging, to see what its blocking on.
Also in a separate window before starting the import run lxc monitor --pretty
and capture the output.
Is it possible to have the server freshly rebooted before the next run to ensure a clean state?
Shure:
15:04:15 up 30 min, 1 user, load average: 0.00, 0.00, 0.06
Importing custom volume: 100% (94.10MB/s)
Jun 17 00:06:39 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582799.635:550): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.osd" name="/usr/bin/sudo" pid=424730 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:39 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582799.635:551): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.osd" name="/usr/bin/sudo" pid=424730 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:39 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582799.859:552): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.osd" name="/usr/bin/sudo" pid=424732 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:39 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582799.859:553): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.osd" name="/usr/bin/sudo" pid=424732 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:40 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582800.989:554): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.mon" name="/usr/bin/sudo" pid=424734 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:40 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582800.989:555): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.mon" name="/usr/bin/sudo" pid=424734 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:41 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582801.125:556): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.mon" name="/usr/bin/sudo" pid=424736 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 00:06:41 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718582801.125:557): apparmor="DENIED" operation="exec" class="file" profile="snap.microceph.mon" name="/usr/bin/sudo" pid=424736 comm="admin_socket" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Jun 17 07:25:35 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718609135.980:558): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache_systemd_detect_virt" name="/sys/firmware/dmi/entries/0-0/raw" pid=426971 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jun 17 14:34:34 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718634874.457:150): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=1610 comm="snap-confine" capability=12 capname="net_admin" Jun 17 14:34:34 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718634874.457:151): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=1610 comm="snap-confine" capability=38 capname="perfmon" Jun 17 14:34:34 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718634874.475:152): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=1624 comm="snap-confine" capability=12 capname="net_admin" Jun 17 14:34:34 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718634874.475:153): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=1624 comm="snap-confine" capability=38 capname="perfmon" Jun 17 14:41:36 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718635296.167:155): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=4164 comm="snap-confine" capability=12 capname="net_admin" Jun 17 14:41:36 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718635296.167:156): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" pid=4164 comm="snap-confine" capability=38 capname="perfmon" Jun 17 15:11:21 fdo-kvmc1h5 kernel: audit: type=1400 audit(1718637081.434:158): apparmor="DENIED" operation="open" class="file" profile="lxd_archive-var-snap-lxd-common-lxd-backups-lxd_backup_1228329391" name="/sys/devices/system/node/" pid=5786 comm="qemu-img" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Could you run the lxc monitor --pretty
on fdo-kvmc1h5
host please
Also does it work if you run the import directly on the fdo-kvmc1h5
host without providing --target
?
Same result without --target parameter
Could you run the
lxc monitor --pretty
onfdo-kvmc1h5
host please
all operations was from fdo-kvmc1h5
Oh wait, hang on, I only just noticed this, but you're trying to import a qcow2 file.
But lxc storage volume import
can only import files created by lxc storage volume export
(which produces a tarball file).
May I ask where you got the impression the arbitrary qcow2 files could be imported? I wonder if we need to update our docs on this matter.
The command's help text says:
lxc storage volume import default backup0.tar.gz
Create a new custom volume using backup0.tar.gz as the source.
sorry, it was a misunderstood with lxc image import
that permits qcow2 import
Then, can you help me about import qcow2 HDDs as custom volume import?, i have several VMs in a libvirt cluster with one or more extra volume
I dont believe we have first class support for that yet. @mionaalex this might be something useful to add to the roadmap.
For now I think the best way forward is to create an empty block volume of the correct size doing:
lxc launch ubuntu:24.04 v1 --vm
lxc storage volume create <pool> <vol name> --size=xGiB
lxc storage volume attach <pool <vol name> v1
You should now see it in /dev/disk/by-id/
Then convert your qcow2 file to raw using qemu-img
:
qemu-img convert -f qcow2 -O raw image.qcow2 image.raw
Then attach that external raw disk file to the VM using:
lxc config device add v1 rawfile disk source=/path/to/raw/file
You should now also see this in /dev/disk/by-id/
too.
Finally, copy the contents of the rawfile disk to the custom block volume using something like dd
tool.
Required information
Issue description
It cannot import custom .qcow2 hdd volumes. Process hanging on 100% of copy
Steps to reproduce