Guys, I really confused about this. I have recreated nova.conf for a little another design, but issue "could not configure > /dev/net/tun: Operation not permitted" during resuming instances is still present! I need just to clarify, that this happening if I will reboot/halt host after suspending instances.
Awaiting any advice! On Sun, May 27, 2012 at 1:00 PM, Igor Laskovy <igor.lask...@gmail.com> wrote: > Back according to main subject about /dev/net/tun I still have another > but similar issue. > Yesterday I have suspend my instances and shutdown lab. > Today, when I try nova resume for them I have the following in > /var/log/nova/nova-compute.log: > > 2012-05-27 05:30:01 TRACE nova.rpc.amqp libvirtError: internal error > Process exited while reading console log output: char device > redirected to /dev/pts/4 > 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev > tap,ifname=tap4362ce16-32,script=,id=hostnet0: could not configure > /dev/net/tun (tap4362ce16-32): Operation not permitted > 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev > tap,ifname=tap4362ce16-32,script=,id=hostnet0: Device 'tap' could not > be initialized > > On Sat, May 26, 2012 at 11:40 PM, Dan Wendlandt <d...@nicira.com> wrote: >> Hi Igor, >> >> I'd first access the VM via VNC and make sure it has booted and is getting >> an IP address via DHCP. The easiest way to do this is using the VNC >> consoles exposed via Horizon, but you can also use a tool like vncviewer >> directly from the command line. >> >> If you think it may be an issue with security groups, running nova with the >> following flag will disable security groups so you can see if that is what >> is blocking the >> traffic: firewall_driver=nova.virt.firewall.NoopFirewallDriver . Of course, >> you'll need to restart nova-compute. With devstack, you can set this in >> your localrc: LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver >> . >> >> Dan >> >> >> On Sat, May 26, 2012 at 11:31 AM, Igor Laskovy <igor.lask...@gmail.com> >> wrote: >>> >>> Thank you Dan, Chris, Dean and Soheil for help. I very appreciated your >>> help! >>> >>> Yes, I using Precise for this lab and after I have added /dev/net/tun >>> to the cgroup_device_acl list I have ACTIVE state for my running >>> instances. BTW, the doc >>> http://openvswitch.org/openstack/documentation/ already have this >>> clarification, thanks)) >>> >>> Well, although that the instances are running, I can't ping or ssh to >>> them. >>> I already doing this: >>> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 >>> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 >>> but didn't help! >>> >>> On Fri, May 25, 2012 at 12:40 AM, Dan Wendlandt <d...@nicira.com> wrote: >>> > Hi Igor, >>> > >>> > Are you running this on Precise? If so, Precise is a bit pickier than >>> > previous versions about requiring a setting in /etc/libvirt/qemu.conf >>> > >>> > You need to add /dev/net/tun to the cgroup_device_acl list in that file, >>> > and >>> > restart libvirt. >>> > >>> > This is actually handled automatically by a branch I've pushed for >>> > review in >>> > devstack: https://review.openstack.org/#/c/7001/ >>> > >>> > It has lots of positive reviews, but still needs one more core review >>> > and >>> > I've been waiting a while. If you're a devstack core, please give me a >>> > hand! :) >>> > >>> > Dan >>> > >>> > p.s. the root cause of needing to tweak /etc/libvirt/qemu.conf is that >>> > we're using libvirt <interface type=ethernet> elements to work with >>> > openvswitch. Starting in libvirt 0.9.11 (not available in precise), >>> > openvswitch is integrated directly with libvirt, meaning that using >>> > type=ethernet (and the workaround) is no longer necessary. >>> > >>> > >>> > On Thu, May 24, 2012 at 1:05 PM, Igor Laskovy <igor.lask...@gmail.com> >>> > wrote: >>> >> >>> >> Hello all from sunny Kiev)) >>> >> >>> >> I have built nova+quantum+openvswitch without nova-volume lab on two >>> >> nodes - one controller with everything on it except nova-compute and >>> >> second dedicated compute node with nova-compute: >>> >> >>> >> During creating VM I have error which I still can't fix: >>> >> $ nova boot --image precise --flavor m1.tiny my-precise-vm3 >>> >> $ nova list >>> >> >>> >> >>> >> +--------------------------------------+----------------+--------+----------+ >>> >> | ID | Name | Status | >>> >> Networks | >>> >> >>> >> >>> >> +--------------------------------------+----------------+--------+----------+ >>> >> | 5a72aa9f-5743-486a-9496-130d367bc665 | my-precise-vm3 | ERROR | >>> >> | >>> >> >>> >> >>> >> +--------------------------------------+----------------+--------+----------+ >>> >> >>> >> # cat /var/log/libvirt/qemu/instance-00000012.log >>> >> 2012-05-24 19:51:47.994+0000: starting up >>> >> LC_ALL=C >>> >> PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin >>> >> QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 512 -smp >>> >> 1,sockets=1,cores=1,threads=1 -name instance-00000012 -uuid >>> >> 5a72aa9f-5743-486a-9496-130d367bc665 -nodefconfig -nodefaults -chardev >>> >> >>> >> >>> >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000012.monitor,server,nowait >>> >> -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc >>> >> -no-shutdown -drive >>> >> >>> >> >>> >> file=/var/lib/nova/instances/instance-00000012/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none >>> >> -device >>> >> >>> >> virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 >>> >> -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0 -device >>> >> >>> >> rtl8139,netdev=hostnet0,id=net0,mac=fa:16:3e:49:f1:a9,bus=pci.0,addr=0x3 >>> >> -netdev tap,ifname=tapcdd6bc93-86,script=,id=hostnet1 -device >>> >> >>> >> rtl8139,netdev=hostnet1,id=net1,mac=fa:16:3e:68:94:b4,bus=pci.0,addr=0x4 >>> >> -chardev >>> >> >>> >> file,id=charserial0,path=/var/lib/nova/instances/instance-00000012/console.log >>> >> -device isa-serial,chardev=charserial0,id=serial0 -chardev >>> >> pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 >>> >> -usb -device usb-tablet,id=input0 -vnc 192.168.1.71:0 -k en-us -vga >>> >> cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 >>> >> Domain id=4 is tainted: shell-scripts >>> >> char device redirected to /dev/pts/2 >>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not >>> >> open /dev/net/tun: Operation not permitted >>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device >>> >> 'tap' could not be initialized >>> >> 2012-05-24 19:51:48.175+0000: shutting down >>> >> >>> >> /var/lib/nova/instances/instance-00000012# virsh create libvirt.xml >>> >> error: Failed to create domain from libvirt.xml >>> >> error: internal error Process exited while reading console log output: >>> >> char device redirected to /dev/pts/2 >>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not >>> >> open /dev/net/tun: Operation not permitted >>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device >>> >> 'tap' could not be initialized >>> >> >>> >> Waiting any advises! >>> >> >>> >> -- >>> >> Igor Laskovy >>> >> Kiev, Ukraine >>> >> >>> >> _______________________________________________ >>> >> Mailing list: https://launchpad.net/~openstack >>> >> Post to : openstack@lists.launchpad.net >>> >> Unsubscribe : https://launchpad.net/~openstack >>> >> More help : https://help.launchpad.net/ListHelp >>> > >>> > >>> > >>> > >>> > -- >>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> > Dan Wendlandt >>> > Nicira, Inc: www.nicira.com >>> > twitter: danwendlandt >>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> > >>> >>> >>> >>> -- >>> Igor Laskovy >>> Kiev, Ukraine >> >> >> >> >> -- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> Dan Wendlandt >> Nicira, Inc: www.nicira.com >> twitter: danwendlandt >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > > > > -- > Igor Laskovy > Kiev, Ukraine -- Igor Laskovy Kiev, Ukraine _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
