Back according to main subject about /dev/net/tun I still have another but similar issue. Yesterday I have suspend my instances and shutdown lab. Today, when I try nova resume for them I have the following in /var/log/nova/nova-compute.log:
2012-05-27 05:30:01 TRACE nova.rpc.amqp libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/4 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev tap,ifname=tap4362ce16-32,script=,id=hostnet0: could not configure /dev/net/tun (tap4362ce16-32): Operation not permitted 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev tap,ifname=tap4362ce16-32,script=,id=hostnet0: Device 'tap' could not be initialized On Sat, May 26, 2012 at 11:40 PM, Dan Wendlandt <d...@nicira.com> wrote: > Hi Igor, > > I'd first access the VM via VNC and make sure it has booted and is getting > an IP address via DHCP. The easiest way to do this is using the VNC > consoles exposed via Horizon, but you can also use a tool like vncviewer > directly from the command line. > > If you think it may be an issue with security groups, running nova with the > following flag will disable security groups so you can see if that is what > is blocking the > traffic: firewall_driver=nova.virt.firewall.NoopFirewallDriver . Of course, > you'll need to restart nova-compute. With devstack, you can set this in > your localrc: LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver > . > > Dan > > > On Sat, May 26, 2012 at 11:31 AM, Igor Laskovy <igor.lask...@gmail.com> > wrote: >> >> Thank you Dan, Chris, Dean and Soheil for help. I very appreciated your >> help! >> >> Yes, I using Precise for this lab and after I have added /dev/net/tun >> to the cgroup_device_acl list I have ACTIVE state for my running >> instances. BTW, the doc >> http://openvswitch.org/openstack/documentation/ already have this >> clarification, thanks)) >> >> Well, although that the instances are running, I can't ping or ssh to >> them. >> I already doing this: >> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 >> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 >> but didn't help! >> >> On Fri, May 25, 2012 at 12:40 AM, Dan Wendlandt <d...@nicira.com> wrote: >> > Hi Igor, >> > >> > Are you running this on Precise? If so, Precise is a bit pickier than >> > previous versions about requiring a setting in /etc/libvirt/qemu.conf >> > >> > You need to add /dev/net/tun to the cgroup_device_acl list in that file, >> > and >> > restart libvirt. >> > >> > This is actually handled automatically by a branch I've pushed for >> > review in >> > devstack: https://review.openstack.org/#/c/7001/ >> > >> > It has lots of positive reviews, but still needs one more core review >> > and >> > I've been waiting a while. If you're a devstack core, please give me a >> > hand! :) >> > >> > Dan >> > >> > p.s. the root cause of needing to tweak /etc/libvirt/qemu.conf is that >> > we're using libvirt <interface type=ethernet> elements to work with >> > openvswitch. Starting in libvirt 0.9.11 (not available in precise), >> > openvswitch is integrated directly with libvirt, meaning that using >> > type=ethernet (and the workaround) is no longer necessary. >> > >> > >> > On Thu, May 24, 2012 at 1:05 PM, Igor Laskovy <igor.lask...@gmail.com> >> > wrote: >> >> >> >> Hello all from sunny Kiev)) >> >> >> >> I have built nova+quantum+openvswitch without nova-volume lab on two >> >> nodes - one controller with everything on it except nova-compute and >> >> second dedicated compute node with nova-compute: >> >> >> >> During creating VM I have error which I still can't fix: >> >> $ nova boot --image precise --flavor m1.tiny my-precise-vm3 >> >> $ nova list >> >> >> >> >> >> +--------------------------------------+----------------+--------+----------+ >> >> | ID | Name | Status | >> >> Networks | >> >> >> >> >> >> +--------------------------------------+----------------+--------+----------+ >> >> | 5a72aa9f-5743-486a-9496-130d367bc665 | my-precise-vm3 | ERROR | >> >> | >> >> >> >> >> >> +--------------------------------------+----------------+--------+----------+ >> >> >> >> # cat /var/log/libvirt/qemu/instance-00000012.log >> >> 2012-05-24 19:51:47.994+0000: starting up >> >> LC_ALL=C >> >> PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin >> >> QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 512 -smp >> >> 1,sockets=1,cores=1,threads=1 -name instance-00000012 -uuid >> >> 5a72aa9f-5743-486a-9496-130d367bc665 -nodefconfig -nodefaults -chardev >> >> >> >> >> >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000012.monitor,server,nowait >> >> -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc >> >> -no-shutdown -drive >> >> >> >> >> >> file=/var/lib/nova/instances/instance-00000012/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none >> >> -device >> >> >> >> virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 >> >> -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0 -device >> >> >> >> rtl8139,netdev=hostnet0,id=net0,mac=fa:16:3e:49:f1:a9,bus=pci.0,addr=0x3 >> >> -netdev tap,ifname=tapcdd6bc93-86,script=,id=hostnet1 -device >> >> >> >> rtl8139,netdev=hostnet1,id=net1,mac=fa:16:3e:68:94:b4,bus=pci.0,addr=0x4 >> >> -chardev >> >> >> >> file,id=charserial0,path=/var/lib/nova/instances/instance-00000012/console.log >> >> -device isa-serial,chardev=charserial0,id=serial0 -chardev >> >> pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 >> >> -usb -device usb-tablet,id=input0 -vnc 192.168.1.71:0 -k en-us -vga >> >> cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 >> >> Domain id=4 is tainted: shell-scripts >> >> char device redirected to /dev/pts/2 >> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not >> >> open /dev/net/tun: Operation not permitted >> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device >> >> 'tap' could not be initialized >> >> 2012-05-24 19:51:48.175+0000: shutting down >> >> >> >> /var/lib/nova/instances/instance-00000012# virsh create libvirt.xml >> >> error: Failed to create domain from libvirt.xml >> >> error: internal error Process exited while reading console log output: >> >> char device redirected to /dev/pts/2 >> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not >> >> open /dev/net/tun: Operation not permitted >> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device >> >> 'tap' could not be initialized >> >> >> >> Waiting any advises! >> >> >> >> -- >> >> Igor Laskovy >> >> Kiev, Ukraine >> >> >> >> _______________________________________________ >> >> Mailing list: https://launchpad.net/~openstack >> >> Post to : openstack@lists.launchpad.net >> >> Unsubscribe : https://launchpad.net/~openstack >> >> More help : https://help.launchpad.net/ListHelp >> > >> > >> > >> > >> > -- >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > Dan Wendlandt >> > Nicira, Inc: www.nicira.com >> > twitter: danwendlandt >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> >> >> >> -- >> Igor Laskovy >> Kiev, Ukraine > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Dan Wendlandt > Nicira, Inc: www.nicira.com > twitter: danwendlandt > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > -- Igor Laskovy Kiev, Ukraine _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
