SELinux for Kubevirt on Centos

Posted on August 31, 2017 by Adam Young

Without disabling SELinux enforcement, an attempt to deploy a VM generates the following audit message:

type=AVC msg=audit(1504194626.938:877): avc: denied { transition } for pid=9574 comm="libvirtd" path="/usr/local/bin/qemu-system-x86_64" dev="dm-19" ino=31526884 scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:svirt_tcg_t:s0:c408,c741 tclass=process

Running this through audit2allow provides a little more visibility into the problem:

#============= spc_t ==============
 
#!!!! The file '/usr/local/bin/qemu-system-x86_64' is mislabeled on your system.  
#!!!! Fix with $ restorecon -R -v /usr/local/bin/qemu-system-x86_64
allow spc_t svirt_tcg_t:process transition;

This is probably due to running as much of the virtualization machinery in containers. /usr/local/bin/qemu-system-x86_64 comes from inside the libvirt container. It does not exist on the base OS filesystem. Thus, just running restorecon won’t do much.

Continue reading →

Deploying Kubevirt on Origin Master

Posted on August 25, 2017 by Adam Young

Now that I have a functional OpenShift Origin built from source, I need to deploy KubeVirt on top of it.

Here are my notes. This is rough, and not production quality yet, but should get you started.

Continue reading →

Running OpenShift Origin built from source

Posted on August 23, 2017 by Adam Young

Kubernetes is moving from Third Party Resources to the Aggregated API Server.Â In order to work with this and continue to deploy on OpenShift Origin, we need to move from working with the shipped and stable version that is in Fedora 26 to the development version in git.Â Here are my notes to get it up and running.

Continue reading →

Customizing the KubeVirt Manifests

Posted on August 21, 2017 by Adam Young

My cloud may not look like your cloud. The contract between the application deployment and the Kubernetes installation is a set of manifest files that guide Kubernetes in selecting, naming, and exposing resources. In order to make the generation of the Manifests sane in KubeVirt, we’ve provided a little bit of build system support.

Continue reading →

Docker without sudo on Centos 7

Posted on August 9, 2017 by Adam Young

I have been geting prepped to build the OpenShift origin codebase on Centos 7.Â I started from a fairly minimal VM which did not have docker or Development Tools installed.Â Once I thought I had all the prerequisites, I kicked off the build and got

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

This seems to be due to the fact thatÂ the ayoung user does not have permissions to read/write on the domain socket.Â /var/run/docker.sock

Continue reading →

What is minishift ssh anyway?

Posted on August 8, 2017 by Adam Young

The documentation says that to access a minishift-deployed VM you can use `minishift ssh` to log in, but what if you want to use other tooling (like Ansible) to get in there? How can you use standard ssh commands to connect?

Continue reading →

Adding External IPs for Minishift

Posted on August 4, 2017 by Adam Young

In the interest of simplifying the development and deployment of Kubevirt, we decided to make sure it was possible to run with minishift.Â After downloading and running the minishift binary, I had a working minishift cluster.Â However, in order to deploy the api-server to the cluster, I needed an external IP;Â otherwise I’d get the error:

Error: service "" is invalid spec.externalIPs: Forbidden: externalIPs have been disabled

Here is how I got around this error.

Continue reading →

Redeploying just virt-controller for Kubevirt development

Posted on July 7, 2017 by Adam Young

Bottom line up front:

cluster/vagrant/sync_build.sh
cluster/kubectl.sh delete -f manifests/virt-controller.yaml
cluster/kubectl.sh create -f manifests/virt-controller.yaml

Continue reading →

Running Kubevirt functional tests in Gogland

Posted on June 29, 2017 by Adam Young

When tests fail, as they often will, the debugger can greatly shorten the time it takes to figure out why.Â The Kubevirt functional tests run essentially as a remote client.Â Getting a debuggable setup is not that different from my earlier post on running virt-launcher in the debugger.

Continue reading →

Running virt-controller locally

Posted on June 23, 2017 by Adam Young

While developing Kubevirt, I often want to step through my code. My most recent tasks have involved the virt-controller process. Here’s how I debug them.
Continue reading →

Adam Young's Web Log

The Notebook of a Programmer Climber Musician Ex-Soldier Woodworker and a few other things

Category Archives: Software

SELinux for Kubevirt on Centos

Deploying Kubevirt on Origin Master

Running OpenShift Origin built from source

Customizing the KubeVirt Manifests

Docker without sudo on Centos 7

What is minishift ssh anyway?

Adding External IPs for Minishift

Redeploying just virt-controller for Kubevirt development

Running Kubevirt functional tests in Gogland

Running virt-controller locally