SELinux for Kubevirt on Centos

Without disabling SELinux enforcement, an attempt to deploy a VM generates the following audit message:

type=AVC msg=audit(1504194626.938:877): avc: denied { transition } for pid=9574 comm="libvirtd" path="/usr/local/bin/qemu-system-x86_64" dev="dm-19" ino=31526884 scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:svirt_tcg_t:s0:c408,c741 tclass=process

Running this through audit2allow provides a little more visibility into the problem:

#============= spc_t ==============
 
#!!!! The file '/usr/local/bin/qemu-system-x86_64' is mislabeled on your system.  
#!!!! Fix with $ restorecon -R -v /usr/local/bin/qemu-system-x86_64
allow spc_t svirt_tcg_t:process transition;

This is probably due to running as much of the virtualization machinery in containers. /usr/local/bin/qemu-system-x86_64 comes from inside the libvirt container. It does not exist on the base OS filesystem. Thus, just running restorecon won’t do much.

Continue reading

Adding External IPs for Minishift

In the interest of simplifying the development and deployment of Kubevirt, we decided to make sure it was possible to run with minishift.  After downloading and running the minishift binary, I had a working minishift cluster.  However, in order to deploy the api-server to the cluster, I needed an external IP;  otherwise I’d get the error:

Error: service "" is invalid spec.externalIPs: Forbidden: externalIPs have been disabled

Here is how I got around this error.

Continue reading

Manually Deploying Kubevirt on OpenShift Origin

It has been enjoyable to learn the Kubevirt code base and coding in Go.  However, unless the code gets deployed to servers, no one will use it in production.  I’ve been learning OpenShift as an integration point for Kubevirt.  Here are my notes for getting it up and running.  This is not quite production grade, but should help write a proper deployment mechanism.
Continue reading

Running SAS University Edition on Fedora 25

My Wife is a statistician. Over the course of her career, she’s done a lot of work coding in SAS, and, due to the expense of licensing, I’ve never been able to run that code myself. So, when I heard about SAS having a free version, I figured I would download it and have a look, maybe see if I could run something.

Like many companies, SAS went the route of shipping a virtual appliance. They chose to use Virtual Box as the virtualization platform. However, when I tried to install and run the VM in virtual box, I found that the mechanism used to build the Virtual Box specific module for the Linux Kernel, the build assumption were not met, and the VM would not run.

Instead of trying to fix that situation, I investigated the possibility of running the virtual appliance via libvirt on my Fedora systems already installed and configured kvm setup. Turns out it was pretty simple.
Continue reading

Rippowam

Ossipee started off as OS-IPA. As it morphed into a tool for building development clusters,I realized it was more useful to split the building of the cluster from the Install and configuration of the application on that cluster. To install IPA and OpenStack, and integrate them together, we now use an ansible-playbook called Rippowam.

Continue reading