I have a fresh Open Nebula 3.2.1 installation which I'm trying to get working and manage some freshly-installed debian squeeze kvm hosts.
My problem is that when Open Nebula deploys VMs the KVM process does not have access to the /dev/kvm device on the host.
I've set up everything according to documentation:
root@onhost1:~# ls -al /dev/kvm
crw-rw---- 1 root kvm 10, 232 Feb 8 11:24 /dev/kvm
root@onhost1:~# id oneadmin
uid=500(oneadmin) gid=500(oneadmin) groups=500(oneadmin),106(kvm),108(libvirt)
libvirt/qemu.conf has:
user = "oneadmin"
group = "oneadmin"
When libvirt creates VMs they do not have any of the secondary groups set so the process doesn't have access to /dev/kvm via file permissions. OK, fair enough, though the Open Nebula documentation seems to indicate it should be set up this way.
I've tried mounting cgroups to try and resolve this problem. After I do so, the kvm process has the following cgroup entry:
1:devices,cpu:/libvirt/qemu/one-29
corresponding to:
/dev/cgroup/libvirt/qemu/one-29/devices.list:c 10:232 rwm
My lack of understanding of how cgroups work indicate to me that this ought to allow the process to access /dev/kvm, but no go.
I can make things work by adding an ACL entry (setfacl -m u:oneadmin:rw /dev/kvm) but that doesn't Seem Right. Shouldn't Open Nebula/libvirt be handling this?
- What are the Correct Changes to make?
- Should the documentation be changed?
- Have I missed something?
