[Openstack-operators] [Openstack] Quantum+Openvswitch: could not open /dev/net/tun: Operation not permitted

Igor Laskovy igor.laskovy at gmail.com
Sun May 27 10:00:11 UTC 2012


Back according to main subject about /dev/net/tun I still have another
but similar issue.
Yesterday I have suspend my instances and shutdown lab.
Today, when I try nova resume for them I have the following in
/var/log/nova/nova-compute.log:

2012-05-27 05:30:01 TRACE nova.rpc.amqp libvirtError: internal error
Process exited while reading console log output: char device
redirected to /dev/pts/4
2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev
tap,ifname=tap4362ce16-32,script=,id=hostnet0: could not configure
/dev/net/tun (tap4362ce16-32): Operation not permitted
2012-05-27 05:30:01 TRACE nova.rpc.amqp kvm: -netdev
tap,ifname=tap4362ce16-32,script=,id=hostnet0: Device 'tap' could not
be initialized

On Sat, May 26, 2012 at 11:40 PM, Dan Wendlandt <dan at nicira.com> wrote:
> Hi Igor,
>
> I'd first access the VM via VNC and make sure it has booted and is getting
> an IP address via DHCP.  The easiest way to do this is using the VNC
> consoles exposed via Horizon, but you can also use a tool like vncviewer
> directly from the command line.
>
> If you think it may be an issue with security groups, running nova with the
> following flag will disable security groups so you can see if that is what
> is blocking the
> traffic: firewall_driver=nova.virt.firewall.NoopFirewallDriver .  Of course,
> you'll need to restart nova-compute.  With devstack, you can set this in
> your localrc: LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
> .
>
> Dan
>
>
> On Sat, May 26, 2012 at 11:31 AM, Igor Laskovy <igor.laskovy at gmail.com>
> wrote:
>>
>> Thank you Dan, Chris, Dean and Soheil for help. I very appreciated your
>> help!
>>
>> Yes, I using Precise for this lab and after I have added /dev/net/tun
>> to the cgroup_device_acl list I have ACTIVE state for my running
>> instances. BTW, the doc
>> http://openvswitch.org/openstack/documentation/ already have this
>> clarification, thanks))
>>
>> Well, although that the instances are running, I can't ping or ssh to
>> them.
>> I already doing this:
>> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
>> but didn't help!
>>
>> On Fri, May 25, 2012 at 12:40 AM, Dan Wendlandt <dan at nicira.com> wrote:
>> > Hi Igor,
>> >
>> > Are you running this on Precise?  If so, Precise is a bit pickier than
>> > previous versions about requiring a setting in /etc/libvirt/qemu.conf
>> >
>> > You need to add /dev/net/tun to the cgroup_device_acl list in that file,
>> > and
>> > restart libvirt.
>> >
>> > This is actually handled automatically by a branch I've pushed for
>> > review in
>> > devstack: https://review.openstack.org/#/c/7001/
>> >
>> > It has lots of positive reviews, but still needs one more core review
>> > and
>> > I've been waiting a while.  If you're a devstack core, please give me a
>> > hand! :)
>> >
>> > Dan
>> >
>> > p.s.  the root cause of needing to tweak /etc/libvirt/qemu.conf is that
>> > we're using libvirt <interface type=ethernet> elements to work with
>> > openvswitch.  Starting in libvirt 0.9.11 (not available in precise),
>> > openvswitch is integrated directly with libvirt, meaning that using
>> > type=ethernet (and the workaround) is no longer necessary.
>> >
>> >
>> > On Thu, May 24, 2012 at 1:05 PM, Igor Laskovy <igor.laskovy at gmail.com>
>> > wrote:
>> >>
>> >> Hello all from sunny Kiev))
>> >>
>> >> I have built nova+quantum+openvswitch without nova-volume lab on two
>> >> nodes - one controller with everything on it except nova-compute and
>> >> second dedicated compute node with nova-compute:
>> >>
>> >> During creating VM I have error which I still can't fix:
>> >> $ nova boot --image precise --flavor m1.tiny  my-precise-vm3
>> >> $ nova list
>> >>
>> >>
>> >> +--------------------------------------+----------------+--------+----------+
>> >> |                  ID                  |      Name      | Status |
>> >> Networks |
>> >>
>> >>
>> >> +--------------------------------------+----------------+--------+----------+
>> >> | 5a72aa9f-5743-486a-9496-130d367bc665 | my-precise-vm3 | ERROR  |
>> >>  |
>> >>
>> >>
>> >> +--------------------------------------+----------------+--------+----------+
>> >>
>> >> # cat /var/log/libvirt/qemu/instance-00000012.log
>> >> 2012-05-24 19:51:47.994+0000: starting up
>> >> LC_ALL=C
>> >> PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
>> >> QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 512 -smp
>> >> 1,sockets=1,cores=1,threads=1 -name instance-00000012 -uuid
>> >> 5a72aa9f-5743-486a-9496-130d367bc665 -nodefconfig -nodefaults -chardev
>> >>
>> >>
>> >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000012.monitor,server,nowait
>> >> -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc
>> >> -no-shutdown -drive
>> >>
>> >>
>> >> file=/var/lib/nova/instances/instance-00000012/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
>> >> -device
>> >>
>> >> virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
>> >> -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0 -device
>> >>
>> >> rtl8139,netdev=hostnet0,id=net0,mac=fa:16:3e:49:f1:a9,bus=pci.0,addr=0x3
>> >> -netdev tap,ifname=tapcdd6bc93-86,script=,id=hostnet1 -device
>> >>
>> >> rtl8139,netdev=hostnet1,id=net1,mac=fa:16:3e:68:94:b4,bus=pci.0,addr=0x4
>> >> -chardev
>> >>
>> >> file,id=charserial0,path=/var/lib/nova/instances/instance-00000012/console.log
>> >> -device isa-serial,chardev=charserial0,id=serial0 -chardev
>> >> pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1
>> >> -usb -device usb-tablet,id=input0 -vnc 192.168.1.71:0 -k en-us -vga
>> >> cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
>> >> Domain id=4 is tainted: shell-scripts
>> >> char device redirected to /dev/pts/2
>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not
>> >> open /dev/net/tun: Operation not permitted
>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device
>> >> 'tap' could not be initialized
>> >> 2012-05-24 19:51:48.175+0000: shutting down
>> >>
>> >> /var/lib/nova/instances/instance-00000012# virsh create libvirt.xml
>> >> error: Failed to create domain from libvirt.xml
>> >> error: internal error Process exited while reading console log output:
>> >> char device redirected to /dev/pts/2
>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: could not
>> >> open /dev/net/tun: Operation not permitted
>> >> kvm: -netdev tap,ifname=tap24b9f3da-8b,script=,id=hostnet0: Device
>> >> 'tap' could not be initialized
>> >>
>> >> Waiting any advises!
>> >>
>> >> --
>> >> Igor Laskovy
>> >> Kiev, Ukraine
>> >>
>> >> _______________________________________________
>> >> Mailing list: https://launchpad.net/~openstack
>> >> Post to     : openstack at lists.launchpad.net
>> >> Unsubscribe : https://launchpad.net/~openstack
>> >> More help   : https://help.launchpad.net/ListHelp
>> >
>> >
>> >
>> >
>> > --
>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> > Dan Wendlandt
>> > Nicira, Inc: www.nicira.com
>> > twitter: danwendlandt
>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >
>>
>>
>>
>> --
>> Igor Laskovy
>> Kiev, Ukraine
>
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dan Wendlandt
> Nicira, Inc: www.nicira.com
> twitter: danwendlandt
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>



-- 
Igor Laskovy
Kiev, Ukraine



More information about the Openstack-operators mailing list