permission denied when accessing libvirt_pool location, files getting saved as root.

[sudhakso]

System Information

NAME="Ubuntu" VERSION="20.04.2 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.2 LTS" VERSION_ID="20.04"

Consuming v0.6.11 (latest)

Running as regular user "demo" (non sudo user)

Linux distribution

openSUSE 42.2/ Centos7/ Ubuntu.. Ubuntu

Terraform version

terraform -v

demo@dev:~$ terraform -v Terraform v1.0.11 on linux_amd64

• provider registry.terraform.io/dmacvicar/libvirt v0.6.11
• provider registry.terraform.io/hashicorp/template v2.2.0

Provider and libvirt versions

terraform-provider-libvirt -version

v0.6.11

If that gives you "was not built correctly", get the Git commit hash from your local provider repository:

git describe --always --abbrev=40 --dirty

---

Checklist

• [ ] Is your issue/contribution related with enabling some setting/option exposed by libvirt that the plugin does not yet support, or requires changing/extending the provider terraform schema?

  • [ ] Make sure you explain why this option is important to you, why it should be important to everyone. Describe your use-case with detail and provide examples where possible.
  • [ ] If it is a very special case, consider using the XSLT support in the provider to tweak the definition instead of opening an issue
  • [ ] Maintainers do not have expertise in every libvirt setting, so please, describe the feature and how it is used. Link to the appropriate documentation

• [ ] Is it a bug or something that does not work as expected? Please make sure you fill the version information below:

Description of Issue/Question

libvirt_volume.ubuntu-qcow2: Creating... libvirt_cloudinit_disk.commoninit: Creating... libvirt_cloudinit_disk.commoninit: Still creating... [10s elapsed] libvirt_volume.ubuntu-qcow2: Still creating... [10s elapsed] libvirt_cloudinit_disk.commoninit: Still creating... [20s elapsed] libvirt_volume.ubuntu-qcow2: Still creating... [20s elapsed] libvirt_volume.ubuntu-qcow2: Creation complete after 22s [id=/var/lib/libvirt/images/ubuntu-qcow2] libvirt_cloudinit_disk.commoninit: Creation complete after 22s [id=/var/lib/libvirt/images/commoninit.iso;bfdc388a-5da9-4a0f-873a-c14319a9468c] libvirt_domain.domain-ubuntu: Creating... ╷ │ Error: Error creating libvirt domain: internal error: process exited while connecting to monitor: 2021-11-27T18:02:45.717932Z qemu-system-x8664: -blockdev {"driver":"file","filename":"/var/lib/libvirt/images/ubuntu-qcow2","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}: Could not open '### /var/lib/libvirt/images/ubuntu-qcow2': Permission denied_ │ │ with libvirt_domain.domain-ubuntu, │ on main.tf line 86, in resource "libvirt_domain" "domain-ubuntu": │ 86: resource "libvirt_domain" "domain-ubuntu" {

Running as 'demo' user. demo@dev:~$ id uid=1001(demo) gid=1001(demo) groups=1001(demo),108(kvm),138(libvirt)

Setup

(Please provide the full main.tf file for reproducing the issue (Be sure to remove sensitive information)

demo@dev:~$ cat main.tf terraform {

required_version = ">= 0.13"

required_providers {

libvirt = {

  source  = "dmacvicar/libvirt"

  version = "0.6.11"

}

}

}

instance the provider

provider "libvirt" {

uri = "qemu:///session"

}

We fetch the latest ubuntu release image from their mirrors

resource "libvirt_volume" "ubuntu-qcow2" {

name = "ubuntu-qcow2"

pool = "default"

source = "https://cloud-images.ubuntu.com/releases/xenial/release/ubuntu-16.04-server-cloudimg-amd64-disk1.img"

format = "qcow2"

}

data "template_file" "user_data" {

template = file("${path.module}/cloud_init.cfg")

}

data "template_file" "network_config" {

template = file("${path.module}/network_config.cfg")

}

for more info about paramater check this out

https://github.com/dmacvicar/terraform-provider-libvirt/blob/master/website/docs/r/cloudinit.html.markdown

Use CloudInit to add our ssh-key to the instance

you can add also meta_data field

resource "libvirt_cloudinit_disk" "commoninit" {

name = "commoninit.iso"

user_data = data.template_file.user_data.rendered

network_config = data.template_file.network_config.rendered

pool = "default"

}

Create the machine

resource "libvirt_domain" "domain-ubuntu" {

name = "${terraform.workspace}-test-10"

memory = "512"

vcpu = 1

cloudinit = libvirt_cloudinit_disk.commoninit.id

network_interface {

network_name = "default"

}

IMPORTANT: this is a known bug on cloud images, since they expect a console

we need to pass it

https://bugs.launchpad.net/cloud-images/+bug/1573095

console {

type        = "pty"

target_port = "0"

target_type = "serial"

}

console {

type        = "pty"

target_type = "virtio"

target_port = "1"

}

disk {

volume_id = libvirt_volume.ubuntu-qcow2.id

}

graphics {

type        = "spice"

listen_type = "address"

autoport    = true

}

}

IPs: use wait_for_lease true or after creation use terraform refresh and terraform show for the ips of domain

Steps to Reproduce Issue

(Include debug logs if possible and relevant).

terraform apply with main.tf

---

Additional information:

Do you have SELinux or Apparmor/Firewall enabled? Some special configuration? Have you tried to reproduce the issue without them enabled?

No they are not enabled.

[sudhakso]

The steps documented here https://github.com/dmacvicar/terraform-provider-libvirt/commit/22f096d9 addresses the issue.