The kvm device is always available when stx is installed on labs (as long as the virtualization functions are enabled in the BIOS) and on virtual machines if Nested Virtualization is enabled ("Enable VT-x/AMD-V" on Virtualbox).
The problem here is no longer if the char device exists, but who owns it and which permissions are set. The Debian migration is incomplete on what regards /dev/kvm permissions and it will be handled as part as this bug fix.
---------------------------------------------------------------------------------------------------
For reference, on a CentOS installation where the stx-libvirt-master-centos-* is the image used for the libvirt container, the users/groups and kvm device permissions are the following:
That is not quiet what is currently seen on a stx debian installation:
Host:
$sudo cat /etc/group | egrep 'nova|libvirt|qemu|kvm'
nova:x:162:nova
libvirt:x:991:nova
kvm:x:102:
$ sudo cat /etc/passwd | egrep 'nova|libvirt|qemu|kvm'
nova:x:994:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
$ ls -lha /dev/kvm
crw-rw---- 1 root 36 10, 232 dez 14 20:25 /dev/kvm
Even after switching the libvirt container image to be the stx-libvirt-master-debian-*, some mismatch persists:
$ ls -lha /dev/kvm
crw-rw---- 1 root uuidd 10, 232 dez 14 23:54 /dev/kvm
This is probably because the user/group is not aligned from within the new container.
Container:
# cat /etc/passwd | egrep 'nova|libvirt|qemu|kvm'
nova:x:994:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
libvirt-qemu:x:64055:109:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin
# cat /etc/group | egrep 'nova|libvirt|qemu|kvm'
nova:x:162:nova
libvirt:x:991:nova
kvm:x:109:nova
libvirt-qemu:x:64055:libvirt-qemu
Apparently we need to align the kvm group inside the container with the group on the host.
And also seems like we missed a couple of libvirt packages when porting it to Debian, mainly the libvirt-daemon-system [1] that has a post-install script which creates the libvirt-qemu user accordingly.
The kvm device is always available when stx is installed on labs (as long as the virtualization functions are enabled in the BIOS) and on virtual machines if Nested Virtualization is enabled ("Enable VT-x/AMD-V" on Virtualbox).
The problem here is no longer if the char device exists, but who owns it and which permissions are set. The Debian migration is incomplete on what regards /dev/kvm permissions and it will be handled as part as this bug fix.
------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- - master- centos- * is the image used for the libvirt container, the users/groups and kvm device permissions are the following:
For reference, on a CentOS installation where the stx-libvirt-
Host: qemu|kvm' qemu|kvm' 994:162: OpenStack Nova Daemons: /var/lib/ nova:/sbin/ nologin /sbin/nologin
$ sudo cat /etc/group | egrep 'nova|libvirt|
nova:x:162:nova
libvirt:x:991:nova
kvm:x:36:qemu
qemu:x:107:
$ sudo cat /etc/passwd | egrep 'nova|libvirt|
nova:x:
qemu:x:107:107:qemu user:/:
$ ls -lha /dev/kvm
crw-rw-rw- 1 root kvm 10, 232 Dez 15 12:11 /dev/kvm
Container: qemu|kvm' qemu|kvm' /sbin/nologin 42424:42424: nova user:/var/ lib/nova: /usr/sbin/ nologin
# cat /etc/group | egrep 'nova|libvirt|
kvm:x:36:qemu,nova
qemu:x:107:
libvirt:x:993:
nova:x:42424:
# cat /etc/passwd | egrep 'nova|libvirt|
qemu:x:107:107:qemu user:/:
nova:x:
That is not quiet what is currently seen on a stx debian installation: qemu|kvm' qemu|kvm' 994:162: OpenStack Nova Daemons: /var/lib/ nova:/sbin/ nologin
Host:
$sudo cat /etc/group | egrep 'nova|libvirt|
nova:x:162:nova
libvirt:x:991:nova
kvm:x:102:
$ sudo cat /etc/passwd | egrep 'nova|libvirt|
nova:x:
$ ls -lha /dev/kvm
crw-rw---- 1 root 36 10, 232 dez 14 20:25 /dev/kvm
Even after switching the libvirt container image to be the stx-libvirt- master- debian- *, some mismatch persists:
$ ls -lha /dev/kvm
crw-rw---- 1 root uuidd 10, 232 dez 14 23:54 /dev/kvm
This is probably because the user/group is not aligned from within the new container. qemu|kvm' 994:162: OpenStack Nova Daemons: /var/lib/ nova:/sbin/ nologin qemu:x: 64055:109: Libvirt Qemu,,, :/var/lib/ libvirt: /usr/sbin/ nologin qemu|kvm' qemu:x: 64055:libvirt- qemu
Container:
# cat /etc/passwd | egrep 'nova|libvirt|
nova:x:
libvirt-
# cat /etc/group | egrep 'nova|libvirt|
nova:x:162:nova
libvirt:x:991:nova
kvm:x:109:nova
libvirt-
Apparently we need to align the kvm group inside the container with the group on the host. daemon- system [1] that has a post-install script which creates the libvirt-qemu user accordingly.
And also seems like we missed a couple of libvirt packages when porting it to Debian, mainly the libvirt-
Will be working on it now.
[1] https:/ /salsa. debian. org/libvirt- team/libvirt/ -/blob/ debian/ 7.0.0-3/ debian/ libvirt- daemon- system. postinst