#kubevirt

hello

vladikr do you still need the env and the vms ?

vladikr just doing some cleanup

ping fabiand

regarding selinux, i explained myself poorly yesterday

what i meant was that vms using only registry disks can be launched with selinux enabled

vms with pvcs are the ones that fail, though i m not able to locate the proper avc denial on the host side

oh okay

karimb, thanks

that's a different picture then ..

yeah, it s more critical as it affects PVC

lbednar, alukiano ^^ are you able to do a testrun and capture avc denials?

karimb, can you send your audit.log to me privately? if you are running in permissive mode, then I might be able to find the denials

fabiand: not automatically atm, but manually I think we can . but then we will get bunch of avc denials without association to specific test-case

that's fine

we'll at least get an idea

i will retry it

but i m quite sure the denials dont show up in the audit.log

okay

i even install setroubleshoot-server like in the good old days

hm

they used to show up

we might need to disable dontaudit rules

but since everything is now part of the pod

karimb, thanks for clarifying for now- I'll update the bugs

there is also an issue i m hitting on virt env

because i m deploying kubevirt on nested vms

i think maybe i m the only one using nested ?

fabiand ?

No, CI is also running in nested mode

Whats the issue you are hitting, karimb ?

karimb: I am running nested too

lbednar oh interesting. how do you create the vm? with host-model ?

fabiand since kvm is now enabled , launching a vm ( within a vm ) now depends on the cpu flags of the "middle vm"

concretely i get a libvirt error when i launch a vm

oh yes

in libvirt you need to do host-passthrough mode

karimb: I am not sure what do you mean ? Just make sure that you have nested-vt enabled and it works. I am working like this since beginning ... unfortunately qe doesn't have such budget to play on bare metals ;-)

karimb: on ovirt, there is vdsm hook to do that

karimb: and in opestack I don't know how they do it, but we asked guys who takes care about our instance to enable it for us

fabiand, will do it today

karimb, where do you run the middle vm? libvirt, ovirt, openstack ... crazy mac?

lbednar, thanks!

alukiano, please provide the audit log on https://github.com/kubevirt/kubevirt/issues/639

fabiand, ok

fabiand the middle vm runs in libvirt on a remote (nuc) host

middle vm = host that runs openshift/kubernetes?

lbednar for openstack it s just a setting in nova.conf and then create the proper flavor if i recall well

fabiand yes

lbednar just using nested vt used to work because it was not used

if so, then 1. configure the nuc to enable nesting 2. reconfigure your vm to do cpu passthrough

fabiand that s what i always do

that s my default setup

let me launch a single vm on this nuc with kubevirt so i can provide additional information

to both issues

virsh dumpxml of the middle vm will help as well :)

fabiand sure

fabiand but pretty much i force westmere model and enable vmx

by default

hm ok

then - weird

karimb, oh you also need to enable nesting in the middle vm :)

karimb, if not, then also fine, thenm emaultion should be used

So cool

virt-v2v -o kubevirt ... ^^

nice one

Oh yeah

pkliczew, is on top of it ;)

pkliczew, already fluent in ocaml?

fabiand, hehehe, fluent :D

fabiand, karimb we need to finalize the patch to have -o kubevirt

at the moment I am working on other stuff but at some point I will finish it

pkliczew, what is the short term plan? working on the v2v-job wish bash - or work on the virt-v2v oatch above?

fabiand, short term bash, long term update virt-v2v with kubevirt output

+1

sounds great

was really cool to see how well kubevirt was received by v2v ..

yeah, it was great

still the biggest issue we have is to get correct os short-id

for now there is a hack in the patch

ah

pkliczew, i ahd an rfe (and now fwith fix) to guess the os-id bsaed on a disk image ...

did you see this, pkliczew ?

we need to think how to solve it well and there are cases when it won't be easy

fabiand, yes, I saw it

yup

pkliczew, i had that in mind to address this

we need to look at the boot disk to identify the guest ..

might need some enhacements to support our set of guests

i.e. I am not sure it can detect windows

fabiand cant we just use annotations in the booting pvc ?

as far as I saw how it works with different vms it won't give us correct long name so conversion to short-id is not simple