libvirt + glusterfs apparmor tweaks

gistfile1.txt

For a disk XML that looks like this (in the VM definition):
    <disk type='network' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source protocol='gluster' name='gv0/my-vm-image.qcow2'>
        <host name='192.168.1.100'/>
      </source>
      <target dev='sda' bus='sata'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

You may get errors like:

error: internal error: process exited while connecting to monitor: [2023-09-26 20:24:46.560376 +0000] E [MSGID: 104021] [glfs-mgmt.c:725:glfs_mgmt_getspec_cbk] 0-glfs-mgmt: failed to get the volume file [{key=gv0}, {errno=22}, {error=Invalid argument}]
2023-09-26T20:24:46.561029Z qemu-system-x86_64: -blockdev {"driver":"gluster","volume":"gv0","path":"my-vm-image.qcow2","server":[{"type":"inet","host":"192.168.1.100","port":"24007"}],"debug":4,"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Gluster connection for volume gv0, path my-vm-image.qcow2 failed to connect
hint: failed on host 192.168.1.100 and port 24007 Please refer to gluster logs for more info

In order to get gluster-backed qemu running on Ubuntu 23.xx, you have to tweak apparmor:

# /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper
# glusterfs disks
@{PROC}/*/task/*/comm rw,
/etc/nsswitch.conf r,
/etc/services r,
/proc/sys/net/ipv4/ip_local_reserved_ports r,
/tmp/** rw,
network netlink raw,

# /etc/apparmor.d/local/abstractions/libvirt-qemu
# glusterfs disks
/etc/ssl/openssl.cnf r,
/proc/sys/net/ipv4/ip_local_reserved_ports r,
/tmp/** rw,

you may have to sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper