Last active
September 26, 2023 20:54
-
-
Save yostinso/56020294e19fbfe59910f5ea29c962b7 to your computer and use it in GitHub Desktop.
libvirt + glusterfs apparmor tweaks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For a disk XML that looks like this (in the VM definition): | |
<disk type='network' device='disk'> | |
<driver name='qemu' type='qcow2' cache='none'/> | |
<source protocol='gluster' name='gv0/my-vm-image.qcow2'> | |
<host name='192.168.1.100'/> | |
</source> | |
<target dev='sda' bus='sata'/> | |
<address type='drive' controller='0' bus='0' target='0' unit='0'/> | |
</disk> | |
You may get errors like: | |
error: internal error: process exited while connecting to monitor: [2023-09-26 20:24:46.560376 +0000] E [MSGID: 104021] [glfs-mgmt.c:725:glfs_mgmt_getspec_cbk] 0-glfs-mgmt: failed to get the volume file [{key=gv0}, {errno=22}, {error=Invalid argument}] | |
2023-09-26T20:24:46.561029Z qemu-system-x86_64: -blockdev {"driver":"gluster","volume":"gv0","path":"my-vm-image.qcow2","server":[{"type":"inet","host":"192.168.1.100","port":"24007"}],"debug":4,"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Gluster connection for volume gv0, path my-vm-image.qcow2 failed to connect | |
hint: failed on host 192.168.1.100 and port 24007 Please refer to gluster logs for more info | |
In order to get gluster-backed qemu running on Ubuntu 23.xx, you have to tweak apparmor: | |
# /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper | |
# glusterfs disks | |
@{PROC}/*/task/*/comm rw, | |
/etc/nsswitch.conf r, | |
/etc/services r, | |
/proc/sys/net/ipv4/ip_local_reserved_ports r, | |
/tmp/** rw, | |
network netlink raw, | |
# /etc/apparmor.d/local/abstractions/libvirt-qemu | |
# glusterfs disks | |
/etc/ssl/openssl.cnf r, | |
/proc/sys/net/ipv4/ip_local_reserved_ports r, | |
/tmp/** rw, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you may have to
sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper