<!DOCTYPE html>
<html><head>
    <meta charset="UTF-8">
<style type="text/css">.mceResizeHandle {position: absolute;border: 1px solid black;background: #FFF;width: 5px;height: 5px;z-index: 10000}.mceResizeHandle:hover {background: #000}img[data-mce-selected] {outline: 1px solid black}img.mceClonedResizable, table.mceClonedResizable {position: absolute;outline: 1px dashed black;opacity: .5;z-index: 10000}
</style></head><body style=""><div>
<p id="yui_3_10_3_1_1674644304297_2291">Hi,<br>I want to take a Live-snapshot.</p>
<p> The instances are  not switched off.</p>
<p>Ubuntu 20.04</p>
<p># Ansible managed</p>
<p>DISTRIB_ID="OSA"<br>DISTRIB_RELEASE="25.2.0"<br>DISTRIB_CODENAME="Yoga"<br>DISTRIB_DESCRIPTION="OpenStack-Ansible"</p>
<p>nova-25.0.2.dev8.dist-info</p>
<p>Compiled against library: libvirt 8.0.0<br>Using library: libvirt 8.0.0<br>Using API: QEMU 8.0.0<br>Running hypervisor: QEMU 4.2.1</p>
<p>ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser utility for AppArmor</p>
<p>I've also<br>Adjusted virt-aa-helper:</p>
<p>#include <tunables/global></p>
<p>profile virt-aa-helper /usr/lib/libvirt/virt-aa-helper flags=(complain) {<br>  #include <abstractions/base><br>  #include <abstractions/openssl></p>
<p>  # needed for searching directories<br>  capability dac_override,<br>  capability dac_read_search,</p>
<p>  # needed for when disk is on a network filesystem<br>  network inet,<br>  network inet6,</p>
<p>  deny @{PROC}/[0-9]*/mounts r,<br>  @{PROC}/[0-9]*/net/psched r,<br>  owner @{PROC}/[0-9]*/status r,<br>  @{PROC}/filesystems r,</p>
<p>  # Used when internally running another command (namely apparmor_parser)<br>  @{PROC}/@{pid}/fd/ r,</p>
<p>  # allow reading libnl's classid file<br>  /etc/libnl{,-3}/classid r,</p>
<p>  # for gl enabled graphics<br>  /dev/dri/{,*} r,</p>
<p>  # for hostdev<br>  /sys/devices/ r,<br>  /sys/devices/** r,<br>  /sys/bus/usb/devices/ r,<br>  deny /dev/sd* r,<br>  deny /dev/vd* r,<br>  deny /dev/dm-* r,<br>  deny /dev/drbd[0-9]* r,<br>  deny /dev/dasd* r,<br>  deny /dev/nvme* r,<br>  deny /dev/zd[0-9]* r,<br>  deny /dev/mapper/ r,<br>  deny /dev/mapper/* r,</p>
<p>  /usr/lib/libvirt/virt-aa-helper mr,<br>  /{usr/,}sbin/apparmor_parser Ux,</p>
<p>  /etc/apparmor.d/libvirt/* r,<br>  /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,</p>
<p>  # for backingstore -- allow access to non-hidden files in @{HOME} as well<br>  # as storage pools<br>  audit deny @{HOME}/.* mrwkl,<br>  audit deny @{HOME}/.*/ rw,<br>  audit deny @{HOME}/.*/** mrwkl,<br>  audit deny @{HOME}/bin/ rw,<br>  audit deny @{HOME}/bin/** mrwkl,<br>  @{HOME}/ r,<br>  @{HOME}/** r,<br>  /var/lib/libvirt/images/ rw,<br>  /var/lib/libvirt/images/** rw,<br>  # nova base images (LP: <a href="https://bugs.launchpad.net/bugs/907269" title="Mapped device was not found (we can only inject raw disk images): /dev/mapper/nbd15p1) : Precise A1 and E2">#907269</a>)<br>  /var/lib/nova/images/** rw,<br>  /var/lib/nova/instances/_base/** rw,<br>  # nova snapshots (LP: <a href="https://bugs.launchpad.net/bugs/1244694" title="[SRU] Creating snapshot fails due to nonexistent temporary directory">#1244694</a>)<br>  /var/lib/nova/instances/snapshots/** rw,</p>
<p>}</p>
<p>Filesystem: OCFS2</p>
<p>[keystone_authtoken]<br>insecure = False<br>auth_type = password<br>auth_url =<br>www_authenticate_uri =<br>project_domain_id = default<br>user_domain_id = default<br>project_name = service<br>username = nova<br>password =<br>region_name = RegionOne<br>service_token_roles_required = False<br>service_token_roles = service<br>service_type = compute<br>memcached_servers =<br>token_cache_time = 300</p>
<p>[libvirt]<br>inject_partition = -2<br>inject_password = False<br>inject_key = False<br>virt_type = kvm<br>live_migration_with_native_tls = true<br>live_migration_scheme = tls<br>live_migration_inbound_addr = xxx.xxx.xxx.xxx<br>hw_disk_discard = ignore<br>disk_cachemodes =<br>iscsi_use_multipath = True</p>
<p> </p>
<p> </p>
<p>Jan 25 09:46:07 bc2bl13 libvirtd[154472]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -r -u libvirt-c6aa0368-8ae5-4fe4-8ae5-93a92329aa74) unexpected exit status 1: 2023-01-25 09:46:07.871+0000: 376129: info : libvirt version: 8.0.0, package: 1ubuntu7.1~cloud0 (Openstack Ubuntu Testing Bot <openstack-testing-bot@ubuntu.com> Wed, 25 May 2022 14:51:12 +0000)<br> 2023-01-25 09:46:07.871+0000: 376129: info : hostname: bc2bl13<br> 2023-01-25 09:46:07.871+0000: 376129: error : virDomainDiskDefMirrorParse:8800 : unsupported configuration: unknown mirror job type ''<br> virt-aa-helper: error: could not parse XML<br> virt-aa-helper: error: could not get VM definition<br>Jan 25 09:46:07 bc2bl13 libvirtd[154472]: internal error: cannot update AppArmor profile 'libvirt-c6aa0368-8ae5-4fe4-8ae5-93a92329aa74'<br>Jan 25 09:46:07 bc2bl13 libvirtd[154472]: Unable to restore security label on /var/lib/nova/instances/snapshots/tmpej9y72fr/c8d4bb94296746d6bff6b747386b4a90.delta</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</div></body></html>