I try to install qemu, but I should intall the kvm first, and I have checked my cpu supporting the visualization, so I don't know why. Here is the error, when I input kvm.
open /dev/kvm: No such file or directory
Could not initialize KVM, will disable KVM support
And a new window for qemu comes out, but there are
boot failed....could not read the boot disk, could not read from CDROM(code 0003)
What can I do. I searched the methods for a long time. Thanks!
when I use mobprobe, the problem is here, (I checked my CPU, it supports VMX.)
FATAL: Error inserting kvm_intel (/lib/modules/2.6.38-8-generic/kernel/arch/x86/kvm/kvm-intel.ko): Operation not supported
When I use:~$ kvm -cdrom img.iso -hda disk.img -boot d
open /dev/kvm: No such file or directory Could not initialize KVM, will disable KVM support kvm: -cdrom img.iso: could not open disk image img.iso: No such file or directory
I don't know why..... Thanks!
The "could not open disk image img.iso" problem is the easier of the two errors: that file does not exist. That argument means "mount the disk image in the file img.iso as the CD-ROM"; that file must exist (and should be a valid ISO). Try downloading a ISO of any Linux flavor, for example.
disk.img must also exist (that argument means "use the disk image contained in the file disk.img as the hard disk"). You can create it using dd, e.g.:
dd if=/dev/zero of=images/disk.img bs=512M count=20
That will create a 10GB disk image in a file called disk.img. Adjust the block size and # of blocks (bs and count) to increase or decrease the size; bs cannot be larger than available memory.
For the second problem, Could not initialize KVM, will disable KVM, there are a number of possible causes:
disabled in BIOS
you are not running as root (i.e. using sudo) and your user cannot access /dev/kvm
the machine you are on is already virtualized (e.g. you are using Amazon EC2). These CPUs may have the VMX flag (because they are paravirtualized) but cannot be virtualized (because the hypervisor won't allow it.)
Note that this is NOT a fatal error; qemu can run without KVM support, it just runs in emulation mode and is quite slow.
The first problem will probably produce some output, examine the output of dmesg (dmesg | grep kvm). It can be solved by enabling it in BIOS.
The second problem can be diagnosed easily by running the commands as root instead of as a user. If that works, you have identified the problem.
The third problem is more difficult to resolve. XEN-blanket may help.
Pasting the output of "sudo kvm-ok" might be allow someone to offer more insight.
The instructions given in here would be translatable to other platforms:
https://help.ubuntu.com/community/KVM/Installation
If you provide more information about the machines you are using and your desired goals, we can be more helpful.
Did you check your BIOS-Settings? Some BIOS let you choose wether you want to activate VT / VMX or not.
Furthermore, I've found following, pretty similiar thread:
http://ubuntuforums.org/archive/index.php/t-755122.html
Hope this helps
Your problem is your system does not have KVM modules inserted. Please check your BIOS setting regarding VT is enabled, and also your KVM module matches your specific Linux distribution. An unmatched version of KVM module and Linux cannot be inserted.
Check the VM xml CD-ROM is set as 'file' not 'block'.
try to load kvm-intel or kvm-amd kernel modules, then take a look at dmesg, if loaded successfully you should be good to go
Related
After properly building OVMF x64 with EDK2, the command:
qemu-system-x86_64 -s -pflash run-ovmf/bios.bin -net none
provides the following message
WARNING: Image format was not specified for 'run-ovmf/bios.bin' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
This makes no sense to me as using qemu's -help command states "-pflash file use 'file' as a parallel flash image" where there is no parameter for a file format.
My OS is Windows WSL Ubuntu 22.04.1 LTS (GNU/Linux 5.15.79.1-microsoft-standard-WSL2 x86_64)
Qemu does still run, however I would like to run the VM without any write restrictions.
The '-pflash' option is (like -hda and -cdrom) a legacy "convenience" option which only allows you to specify a filename and nothing else. In order to specify other sub-options like the image format type, you need to switch to use a "long-form" option, which is typically some combination of -drive and -device. In this specific case, I think you probably want:
-drive if=pflash,file=bios.bin,format=raw
I'm using apparmor as hardening layer for libvirt-qemu , everything is OK , but there is one thing that I can't solve systematically, let me explain :
When create a new qemu instance , profile is generated from /etc/apparmor.d/libvirt/TEMPLATE.qemu to a file with path /etc/apparmor.d/libvirt/libvirt-81303229-df4c-4b18-b33b-277bcda81b0f for example .
When instance is shut-off profile is unloaded from kernel by apparmor and it is OK as expected. But if i remove the instance definitively, i would expect that profile is removed also from filesystem, but it is not and still present in filesystem. After some time I have very big mess in libvirt instance profile files
Yes .. I can write a cron job what will be delete unnecessary libvirt profile files ... but ..is there some more clear solution , maybe builtin function of apparmor ?
Thanks
Are you using libvirt undefine to delete the stopped guest? It appears that virt-aa-helper should delete an undefined domain but I think it is a bug and you should file a ticket.
You can use the virt-aa-helper command directly to remove the files which is probably the safest as it should deal with the dependencies for you.
An example command is:
$ sudo /usr/lib/libvirt/virt-aa-helper -D -u libvirt-3c3d5aa2-f581-457d-b5ab-efbf9fdd4a6e
But it may be some edge case that they need to account for, where you can undefine a running instance to convert it to ephemeral. You would need to take care of that edge case.
Note: Because virt-aa-helper is intended to be run by libvirt you will have to use sudo with the command. If you do not it will silently fail and not remove the profile.
I am a little confused about start up scripts and the command line options. I am building a small raspberry pi based server for my node applications. In order to provide maximum protection against power failures and flash write corruption, the root file system is read only, and that embraces the home directory of my main user, were the production versions of my apps (two of them) are stored. Because the .pm2 directory here is no good for logs etc I currently set PM2_HOME environment variable to a place in /var (which has 512kb unused space around it to ensure writes to i. The eco-system.json file reads this environment variable also to determine where to place its logs.
In case I need to, I also have a secondary user with a read write home directory in another (protected by buffer space around it) partition. This contains development versions of my application code which because of the convenience of setting environments up etc I also want to monitor with PM2. If I need to investigate a problem I can log in to that user and run and test the application there.
Since this is a headless box, and with watchdog and kernel panic restarts built in, I want pm2 to start during boot and at minimum restart the two production apps. Ideally it should also starts the two development versions of the app also but I can live without that if its impossible.
I can switch the read only root partition to read/write - indeed it does so automatically when I ssh into my production user account. It switches back to read only automatically when I log out.
So I went to this account to try and create a startup script. It then said (unsurprisingly) that I had to run a sudo command like so:-
sudo su -c "env PATH=$PATH:/usr/local/bin pm2 startup ubuntu -u pi --hp /home/pi"
The key issue for me here is the --hp switch. I went searching for some clue as to what it means. Its clearly a home directory, but it doesn't match PM2_HOME - which is set to /var/pas in my case to take it out of the read only area. I don't want to try and and spray my home directory with files that shouldn't be there. So am asking for some guidance here
I found out by experiment what it does with an "ubuntu" start up script. It uses it to set PM2_HOME in the script by appending "/.pm2" to it.
However there is nothing stopping you editing the script once it has created it and setting PM2_HOME to whatever you want.
So effectively its a helper for the script, but only that and nothing more special.
I've successfully installed MySQL 5.6 on my F19. Although the installation was successful, I'm unable to start the mysql service.
When I ran
service mysql start
It returns the following error:
Starting MySQL..The server quit without updating PID file (/var/lib/mysql/sandboxlabs.pid).
I disabled SELinux (permissive mode), and the service started smoothly. But I did some research about disabling SELinux, and found that disabling SELinux is a bad idea. So, is there any way to add custom MySQL policy? Or should I leave the SELinux to permissive mode?
The full answer depends on your server configuration and how you're using MySQL. However, it's completely feasible to modify your SELinux policy to allow MySQL to run. In most cases, this sort of operation can be performed with a small number of shell commands.
Start by looking at /var/log/audit/audit.log. You can use audit2allow to generate a permission-granting policy around the log messages themselves. On Fedora 19, this utility is in the policycoreutils yum package.
The command
# grep mysql /var/log/audit/audit.log | audit2allow
...will output the policy code that would need to be compiled in order to allow the mysql operations that were prevented and logged in audit.log. You can review this output to determine whether you'd like to incorporate such permissions into your system's policy. It can be a bit esoteric but you can usually make out a few file permissions that mysql would need in order to run.
To enable these changes, you need to create the policy module as a compiled module:
# grep mysql /var/log/audit/audit.log | audit2allow -M mysql
...will output the saved plaintext code to mysql.te and the compiled policy code to mysql.pp. You can then use the semodule tool to import this into your system's policy.
# semodule -i mysql.pp
Once you've done this, try starting mysqld again. You might need to repeat this process a few times since mysqld might still falter on some new access permission that wasn't logged in previous runs. This is because the server daemon encounters these permission checks sequentially and if it gets tripped on one, it won't encounter the others until you allow access to the initial ones. Have patience -- sometimes you will need to create mysql1.pp mysql2.pp mysql3.pp ... and so on.
If you're really interested in combining these into a unified policy, you can take the .te files and "glue" these together to create a unified .te file. Compiling this file is only slightly more work -- you need the Makefile from /usr/share/selinux/devel/Makefile in order to convert this into a .pp file.
For more information:
If you're a more graphical type, there's also a great article by RedHat magazine on compiling policy here. There's also a great blog article which takes you through the creation of a policy here. Note the emphasis on using /usr/share/selinux/devel/Makefile to compile your own .te, .fc, and .if files (selinux source written in M4).
If I run Inno Setup compiler from a command line/batch file it creates an exe with the version information in the file name.
However, when I run from hudson (same command line) I don't get the version information.
Perhaps I am missing something.
Is this a known issue?
This is the way I am doing it in the iss script file.
#define FileVerStr GetFileVersion(SrcApp)
EDIT:
The env vars are all set for all users - not just my login - so the service has access to everything that the command line build does.
EDIT: See my answer for a resolution of this.
Like "tim" has said, then relative paths doesn't work as expected for defines.
#define MyAppVer GetFileVersion(SourcePath + "\..\Build\Release\MyExeName.exe")
#if MyAppVer == ""
#error MyAppVer - Version information not found!
#endif
By prefixing with SourcePath then the relative path will start from the path where the InnoSetup-script is located.
You are likely running Hudson on Windows given the technology mentioned.
When there is a discrepancy between what happens on the command line and what Hudson does, it is often because Hudson is running as a service on Windows. This means it is running as the service user, which is distinct from your login account.
I would look for an environment variable that you have defined in your user profile that may enable this behavior, that is not being set for the service user.
I am not exactly sure how to describe how I "fixed" this/worked around it.
It seems the GetFileVersion() method does not use the same base path as the other part of the Inno functionality that determines where the source files/installable files are.
The SAME relative paths used for:
// this is for determining what files get put into the install image
[Files]
Source: ..\Build\ForRelease\MyExeName.exe; DestDir: {app}
and
#define SrcApp "..\Build\ForRelease\MyExename.exe"
#define FileVerStr GetFileVersion(SrcApp)
apparently do not use the same mechanism to resolve the file name/path. So what i did to work around this was to copy the exe file that contains the version info to two additional different locations (aside from ..\Build\ForRelease) - one where hudson starts the processes and also to the path where the inoo script is. (I am too lazy to figure out which one is the one that makes it all work.
Again, this works fine from my batch file but not from hudson. It is essentially a strange interaction with how Inno works I guess.