When working with EFI VMs, we need to provide a section in XML config similar to this one:
<os firmware='efi'> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader> </os>
This will in turn create VARS file in /var/lib/libvirt/qemu/nvram/
However, since OpenNebula sets
/etc/libvirt/qemu.conf, file is unreadable and VM can’t be booted.
Error shown in VMs log is:
Wed Jul 31 16:51:45 2019 [Z0][VMM][I]: error: internal error: process exited while connecting to monitor: 2019-07-31T14:51:45.160555Z qemu-system-x86_64: -drive file=/var/lib/libvirt/qemu/nvram/one-1934_VARS.fd,if=pflash,format=raw,unit=1: Could not open '/var/lib/libvirt/qemu/nvram/one-1934_VARS.fd': Permission denied
Manually changing permissions from root:root to oneadmin makes VM bootable.
1 makes VM bootable every time without manual actions.
We definitelly don’t want to change ownership every time VM is booted (or new one created).
However, since OpenNebula changes default value of
dynamic_ownership we’re reluctant to revert it.
Can someone please explain how to properly handle this situation?
Also, if it is not supported, and we have to enable
dynamic_ownership; what would be the impact of this?
Versions of the related components and OS (frontend, hypervisors, VMs):
Steps to reproduce:
Create template that contains EFI necessary XML changes.
Instantiate such a template.
Deployment fails due to bad permissions on VARS file.