[Openstack-operators] [Openstack] Quantum+Openvswitch: could not open /dev/net/tun: Operation not permitted
Igor Laskovy
igor.laskovy at gmail.com
Sat Jun 2 16:58:31 UTC 2012
Guys, I really confused about this.
I have recreated nova.conf for a little another design, but issue
"could not configure > /dev/net/tun: Operation not permitted" during
resuming instances is still present!
I need just to clarify, that this happening if I will reboot/halt host
after suspending instances.
Awaiting any advice!
On Sun, May 27, 2012 at 1:00 PM, Igor Laskovy <igor.laskovy at gmail.com> wrote:
> Back according to main subject about /dev/net/tun I still have another
> but similar issue.
> Yesterday I have suspend my instances and shutdown lab.
> Today, when I try nova resume for them I have the following in
> /var/log/nova/nova-compute.log:
>
> 2012-05-27 05:30:01 TRACE nova.rpc.amqp libvirtError: internal error
> Process exited while reading console log output: char device
> redirected to /dev/pts/4
> 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev
> tap,ifname=tap4362ce16-32,script=,id=hostnet0: could not configure
> /dev/net/tun (tap4362ce16-32): Operation not permitted
> 2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev
> tap,ifname=tap4362ce16-32,script=,id=hostnet0: Device 'tap' could not
> be initialized
>
> On Sat, May 26, 2012 at 11:40 PM, Dan Wendlandt <dan at nicira.com> wrote:
>> Hi Igor,
>>
>> I'd first access the VM via VNC and make sure it has booted and is getting
>> an IP address via DHCP. The easiest way to do this is using the VNC
>> consoles exposed via Horizon, but you can also use a tool like vncviewer
>> directly from the command line.
>>
>> If you think it may be an issue with security groups, running nova with the
>> following flag will disable security groups so you can see if that is what
>> is blocking the
>> traffic: firewall_driver=nova.virt.firewall.NoopFirewallDriver . Of course,
>> you'll need to restart nova-compute. With devstack, you can set this in
>> your localrc: LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
>> .
>>
>> Dan
>>
>>
>> On Sat, May 26, 2012 at 11:31 AM, Igor Laskovy <igor.laskovy at gmail.com>
>> wrote:
>>>
>>> Thank you Dan, Chris, Dean and Soheil for help. I very appreciated your
>>> help!
>>>
>>> Yes, I using Precise for this lab and after I have added /dev/net/tun
>>> to the cgroup_device_acl list I have ACTIVE state for my running
>>> instances. BTW, the doc
>>> http://openvswitch.org/openstack/documentation/ already have this
>>> clarification, thanks))
>>>
>>> Well, although that the instances are running, I can't ping or ssh to
>>> them.
>>> I already doing this:
>>> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>>> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
>>> but didn't help!
>>>
>>> On Fri, May 25, 2012 at 12:40 AM, Dan Wendlandt <dan at nicira.com> wrote:
>>> > Hi Igor,
>>> >
>>> > Are you running this on Precise? If so, Precise is a bit pickier than
>>> > previous versions about requiring a setting in /etc/libvirt/qemu.conf
>>> >
>>> > You need to add /dev/net/tun to the cgroup_device_acl list in that file,
>>> > and
>>> > restart libvirt.
>>> >
>>> > This is actually handled automatically by a branch I've pushed for
>>> > review in
>>> > devstack: https://review.openstack.org/#/c/7001/
>>> >
>>> > It has lots of positive reviews, but still needs one more core review
>>> > and
>>> > I've been waiting a while. If you're a devstack core, please give me a
>>> > hand! :)
>>> >
>>> > Dan
>>> >
>>> > p.s. the root cause of needing to tweak /etc/libvirt/qemu.conf is that
>>> > we're using libvirt <interface type=ethernet> elements to work with
>>> > openvswitch. Starting in libvirt 0.9.11 (not available in precise),
>>> > openvswitch is integrated directly with libvirt, meaning that using
>>> > type=ethernet (and the workaround) is no longer necessary.
>>> >
>>> >
>>> > On Thu, May 24, 2012 at 1:05 PM, Igor Laskovy <igor.laskovy at gmail.com>
>>> > wrote:
>>> >>
>>> >> Hello all from sunny Kiev))
>>> >>
>>> >> I have built nova+quantum+openvswitch without nova-volume lab on two
>>> >> nodes - one controller with everything on it except nova-compute and
>>> >> second dedicated compute node with nova-compute:
>>> >>
>>> >> During creating VM I have error which I still can't fix:
>>> >> $ nova boot --image precise --flavor m1.tiny my-precise-vm3
>>> >> $ nova list
>>> >>
>>> >>
>>> >> +--------------------------------------+----------------+--------+----------+
>>> >> | ID | Name | Status |
>>> >> Networks |
>>> >>
>>> >>
>>> >> +--------------------------------------+----------------+--------+----------+
>>> >> | 5a72aa9f-5743-486a-9496-130d367bc665 | my-precise-vm3 | ERROR |
>>> >> |
>>> >>
>>> >>
>>> >> +--------------------------------------+----------------+--------+----------+
>>> >>
>>> >> # cat /var/log/libvirt/qemu/instance-00000012.log
>>> >> 2012-05-24 19:51:47.994+0000: starting up
>>> >> LC_ALL=C
>>> >> PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
>>> >> QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 512 -smp
>>> >> 1,sockets=1,cores=1,threads=1 -name instance-00000012 -uuid
>>> >> 5a72aa9f-5743-486a-9496-130d367bc665 -nodefconfig -nodefaults -chardev
>>> >>
>>> >>
>>> >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000012.monitor,server,nowait
>>> >> -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc
>>> >> -no-shutdown -drive
>>> >>
>>> >>
>>> >> file=/var/lib/nova/instances/instance-00000012/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
>>> >> -device
>>> >>
>>> >> virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
>>> >> -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0 -device
>>> >>
>>> >> rtl8139,netdev=hostnet0,id=net0,mac=fa:16:3e:49:f1:a9,bus=pci.0,addr=0x3
>>> >> -netdev tap,ifname=tapcdd6bc93-86,script=,id=hostnet1 -device
>>> >>
>>> >> rtl8139,netdev=hostnet1,id=net1,mac=fa:16:3e:68:94:b4,bus=pci.0,addr=0x4
>>> >> -chardev
>>> >>
>>> >> file,id=charserial0,path=/var/lib/nova/instances/instance-00000012/console.log
>>> >> -device isa-serial,chardev=charserial0,id=serial0 -chardev
>>> >> pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1
>>> >> -usb -device usb-tablet,id=input0 -vnc 192.168.1.71:0 -k en-us -vga
>>> >> cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
>>> >> Domain id=4 is tainted: shell-scripts
>>> >> char device redirected to /dev/pts/2
>>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not
>>> >> open /dev/net/tun: Operation not permitted
>>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device
>>> >> 'tap' could not be initialized
>>> >> 2012-05-24 19:51:48.175+0000: shutting down
>>> >>
>>> >> /var/lib/nova/instances/instance-00000012# virsh create libvirt.xml
>>> >> error: Failed to create domain from libvirt.xml
>>> >> error: internal error Process exited while reading console log output:
>>> >> char device redirected to /dev/pts/2
>>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not
>>> >> open /dev/net/tun: Operation not permitted
>>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device
>>> >> 'tap' could not be initialized
>>> >>
>>> >> Waiting any advises!
>>> >>
>>> >> --
>>> >> Igor Laskovy
>>> >> Kiev, Ukraine
>>> >>
>>> >> _______________________________________________
>>> >> Mailing list: https://launchpad.net/~openstack
>>> >> Post to : openstack at lists.launchpad.net
>>> >> Unsubscribe : https://launchpad.net/~openstack
>>> >> More help : https://help.launchpad.net/ListHelp
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> > Dan Wendlandt
>>> > Nicira, Inc: www.nicira.com
>>> > twitter: danwendlandt
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> >
>>>
>>>
>>>
>>> --
>>> Igor Laskovy
>>> Kiev, Ukraine
>>
>>
>>
>>
>> --
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Dan Wendlandt
>> Nicira, Inc: www.nicira.com
>> twitter: danwendlandt
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>
>
>
> --
> Igor Laskovy
> Kiev, Ukraine
--
Igor Laskovy
Kiev, Ukraine
More information about the Openstack-operators
mailing list