[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] libpam-ldap and HVM domain erros

Hi James,

I'm definitely shure it's running as root
machine is starting with sudo xl create

The only change to xl toolstack is network-script 
and VM config is almost minimal:

builder = "hvm"
name = "gw-01.domain.com"
memory = 4096
vcpus = 2
vif = [ 
        'mac=$MAC_ADDR1,bridge=xenbr1',
        'mac=$MAC_ADDR2,bridge=xenbr0'
]
disk = [ '/dev/xen-domU/gw-01-xvda,raw,xvda,rw' ]
vnc = 1

Attached link looks like solution.
I'll try to test it.

Thanks,
Danila Reznichuk

On Tue, 2019-06-25 at 14:30 +0000, James Dingwall wrote:
> Hi Danila,
> 
> On Fri, Jun 21, 2019 at 01:20:47PM +0300, Danila Reznichuk wrote:
> > Hi all,
> > Yesterday after server reboot i've experienced some strage error
> > while
> > trying to recreate my HVM domains:
> > 
> > libxl: error: libxl_dm.c:2339:device_model_spawn_outcome: Domain
> > 4:(null): spawn failed (rc=-3)
> > libxl: error: libxl_create.c:1501:domcreate_devmodel_started:
> > Domain
> > 4:device model did not start: -3
> > libxl: error: libxl_domain.c:1003:libxl__destroy_domid: Domain
> > 4:Non-
> > existant domain
> > libxl: error: libxl_domain.c:962:domain_destroy_callback: Domain
> > 4:Unable to destroy guest
> > libxl: error: libxl_domain.c:889:domain_destroy_cb: Domain
> > 4:Destruction of domain failed
> > 
> > debug from xl create was not showing any interesting, and much
> > later I
> > found some errors in systemd journal:
> > 
> > xl[3163]: nss_ldap: could not connect to any LDAP server as (null)
> > -
> > Can't contact LDAP server
> > xl[3163]: nss_ldap: failed to bind to LDAP server ldap://auth-
> > 01.domain.com: Can't contact LDAP server
> > xl[3163]: nss_ldap: could not connect to any LDAP server as (null)
> > -
> > Can't contact LDAP server
> > xl[3163]: nss_ldap: failed to bind to LDAP server ldap://auth-
> > 02.domain.com: Can't contact LDAP server
> > xl[3163]: nss_ldap: could not search LDAP server - Server is
> > unavailable
> > 
> > so i disabled ldap as user provider in nsswitch.conf
> > and voila, HVM domains are up and running.
> > 
> > Something about setup:
> > I'm using Xen 4.9 from Ubuntu repos on Ubuntu 18.04
> > three days ago I setup ldap authentication on server 
> > Not like it must be LDAP auth on xen server, but it will be
> > appriciated.
> > 
> > So why XEN can fail to create domain because of broken nsswitch?
> > What could I do, to keep ldap auth, and be able to manage HVM
> > domains,
> > when it fails?
> > 
> > Thank you,
> > Regards,
> > Danila Reznichuk.
> 
> Are you using options to run the qemu process as a de-privileged
> user?  
> I encountered some issues previously when having pam/nsswitch with 
> ldap/winbind as the a return code from the getpwnam_r call was not
> (in 
> my opinion) correctly checked: 
> 
https://lists.xenproject.org/archives/html/xen-devel/2018-08/msg00160.html
> 
> Regards,
> James


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.