提问人:HochWieBreit 提问时间:9/25/2023 最后编辑:HochWieBreit 更新时间:10/11/2023 访问量:30
如何确保在我的 terraform 实现中适合 .qcow2 文件的用户权限
How can I ensure fitting user right for .qcow2 file in my terraform implementation
问:
我安装了基于 debian 的 kvm/qemu,并想通过 terraform 部署虚拟机。
provider "libvirt" {
uri = "qemu:///system" # Verbindung zur lokalen QEMU-Instanz
}
resource "libvirt_volume" "debian_image" {
name = "debian.qcow2"
pool = "default" # Name des Speicherpools
#source = "https://cdimage.debian.org/cdimage/openstack/current/debian-10-openstack-amd64.qcow2"
source = "https://cloud.debian.org/images/cloud/bullseye/20230912-1501/debian-11-nocloud-ppc64el-20230912-1501.qcow2"
format = "qcow2"
#content_type = "raw"
}
resource "libvirt_domain" "debian_vm" {
name = "debian-vm"
memory = "2048"
vcpu = 2
disk {
volume_id = libvirt_volume.debian_image.id
}
network_interface {
network_name = "testbed_network" # Name des virtuellen Netzwerks
}
}
resource "libvirt_network" "testbed_network" {
# the name used by libvirt
name = "testbed_network"
# mode can be: "nat" (default), "none", "route", "open", "bridge"
mode = "nat"
# the domain used by the DNS server in this network
domain = "debian_vm"
# list of subnets the addresses allowed for domains connected
# also derived to define the host addresses
# also derived to define the addresses served by the DHCP server
addresses = ["192.168.0.0/24"]
# (optional) the bridge device defines the name of a bridge device
# which will be used to construct the virtual network.
# (only necessary in "bridge" mode)
# bridge = "br7"
# (optional) the MTU for the network. If not supplied, the underlying device's
# default is used (usually 1500)
# mtu = 9000
}
但不幸的是,我运行了错误:
Error: error creating libvirt domain: internal error: qemu unexpectedly closed the monitor: 2023-09-25T08:04:58.118075Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/images/debian.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/images/debian.qcow2': Permission denied
│
│ with libvirt_domain.debian_vm,
│ on maint.tf line 14, in resource "libvirt_domain" "debian_vm":
│ 14: resource "libvirt_domain" "debian_vm" {
我不明白通过此进程下载的文件如何为同一进程配置不合适的用户权限?需要启用哪个用户以及在哪里(用户组、配置文件等)
我尝试在系统上使用合适的 providers.tf 来运行此 main.tf。请帮我解决这个问题。
答:
0赞
Clear Sky
10/11/2023
#1
这是你的错误
无法打开 '/var/lib/libvirt/images/debian.qcow2': 权限被拒绝
这不是 terraform 问题,而是操作系统和 KVM 池的配置问题。
resource "libvirt_volume" "debian_image" {
...
pool = "default"
您已配置为使用默认池,并且查看错误,它指向“/var/lib/libvirt/images/”。您可以使用以下命令进行确认:。sudo virsh pool-dumpxml default
执行 terraform 配置的用户没有足够的权限写入此目录。
根据您运行的操作系统发行版,有多种方法可以解决此问题。
一个。如果您的 KVM 主机是 ubuntu,您可以调整 apparmor 设置。
b. 您可以以 root 身份运行 terraform,但这不是一个好的做法。
c.c. 使用 terraform 创建另一个池,请参阅 Terraform 文档。libvirt_pool
d. 检查图像目录的目录所有权:如果它不是“root”,请将自己添加到此组(即使用命令),重新登录并再次尝试运行 Terraform。stat -c "%G" /var/lib/libvirt/imagesusermod
如果 /var/lib/libvirt/images/ dir 属于 “root” 组,您可以尝试将其组所有权更改为 “libvirt-qemu” 组,并将您自己添加到该组中,但风险自负,如果它是生产服务器,也许您可能需要在另一台服务器上进行测试。
评论