Nfs pool in kvm



Hi everybody,

via virsh pool-define-as we created a pool using an NFS storage. The pool could be started and is visible in both UVMM and virsh.

<pool type='netfs'>
  <capacity unit='bytes'>5892566810624</capacity>
  <allocation unit='bytes'>2482581798912</allocation>
  <available unit='bytes'>3409985011712</available>
    <host name='s01'/>
    <dir path='/volume1/isopool'/>
    <format type='auto'/>

When we start a guest-system, having an ISO-file mounted from that nfs pool, we got a permission denied message:

Fehler beim Starten der Domain: internal error: process exited while connecting to monitor: 2018-01-16T15:52:13.799517Z qemu-system-x86_64: -drive file=/mnt/isopool/UIU-PE10-Capture-64.iso,format=raw,if=none,id=drive-ide0-0-0,readonly=on: Could not open '/mnt/isopool/UIU-PE10-Capture-64.iso': Permission denied

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/", line 88, in cb_wrapper
    callback(asyncjob, *args, **kwargs)

We already changed the ownership to libvirt-qemu user and the permissions file and folder 0777.

The error seems to be a well known behaviour, when selinux is involved. Often we got the suggestion to
setsebool -P virt_use_nfs 1
UCS is not using selinux, right? Because the setsebool command could not be found on our UCS 4.2.



Yes, UCS does not use (or support) SELinux.

Please be aware that if you use NFS, you must synchronize the numeric user and group identifiers used by Qemu/kvm, e.g. ‘libvirt-qemu’. Otherwise the libvirt daemons will “fight” over the right UID/GID when re-labeling files when a VM is started or stopped.
The qemu process runs as user libvirt-qemu and libvirtd tries to change the permissions of the files so qemu is able to open them. libvirtd is running as user root, which has the permission CAP_FOWNER to change the ownership of files, but this does not work if you use root-squashing with NFS. Make sure sure to use no_root_squash in /etc/exports on your NFS server!

Also check the setting of “user”, “group”, “dynamic_ownership” in /etc/libvirt/qemu.conf.

You should check the permissions of /mnt/isopool/UIU-PE10-Capture-64.iso manually.