qm
qm copied to clipboard
containers
Test for qemu rules
Based on this #608
Readme should be updated basic kvm test should introduced in different packit test
based on that #657, adding kvm subpackage failing qm service
With latest merged kvm and file structural changes of #779 It is very easy to set up environment for testing, even without rpms
-
copy repo etc/containers/systemd/qm.container.d/qm_dropin_mount_bind_kvm.conf -> host:/etc/containers/systemd/qm.container.d/qm_dropin_mount_bind_kvm.conf
-
copy subsystems/kvm/ ├── etc │ └── containers │ └── systemd │ └── kvm.container -> /etc/qm/containers/systemd/ -> host:/etc/qm/containers/systemd/
systemctl daemon-reload systemctl restart qm
Test:
podman exec qm podman is-active kvm
podman exec qm podman logs --tail 4 kvm contains "Fedora Linux 41 (Cloud Edition)"
ssh into it from qm on port 2226
Hi @Yarboa. So I tried both the methods the rpm subpackage install and also pulling the kvm-container form quay and copying the files like you've mentioned above and I was still not able to successfully ssh to the kvm-container running inside qm.
Here are the steps I followed I have an autosd virtualized environment - followed the setup process for the /tests/e2e readme
Built the qm manually with make and got the qm container up and running
First tried the kvm subpackage method and followed the instructions form /devel/experimental kvm read me
I could see the container kvm-container running inside the qm and the /dev/kvm was present. kvm service was active also. But no ssh client inside qm and can't ssh on the 2226 port.
Quay image method
Next, uninstalled the qm-kvm rpm and then pulled the quay image and copied the qm_dropin_mount_bind_kvm.conf file and kvm.container files to the host dirs.
systemctl daemon-reload systemctl restart qm
Inside qm
is-active kvm active
Hi @Yarboa I was able to get the openssh-clients installed inside qm
[root@localhost qm]# dnf --installroot=/usr/lib/qm/rootfs --releasever=9 install -y openssh-clients \ --setopt=install_weak_deps=False
Then I had permission issues
[root@localhost qm]# podman exec -it qm sh sh-5.1# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9157f7ef7e85 quay.io/qm-images/kvm:latest 3 hours ago Up 3 hours kvm-container sh-5.1# ssh sh: /usr/bin/ssh: Permission denied sh-5.1# ls -l /usr/bin/ssh
Then did setenforce 0 and was finally able to ssh to the kvm-container from inside the qm container
`[root@localhost qm]# setenforce 0 [root@localhost qm]# podman exec -it qm sh sh-5.1# /usr/bin/ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command] sh-5.1# ssh fedora@localhost -p 2226 fedora@localhost's password: [fedora@localhost ~]$ Seems like some selinux permission issues? while trying to ssh from inside qm?
@RakeshMK90 You can ssh through namespace, please restore selinux. From the host, host ssh ip netns netns-e5107f92-0b00-8940-e530-447c54d5d110 (id: 0) ip netns exec netns-e5107f92-0b00-8940-e530-447c54d5d110 ssh fedora@localhost -p 2226
I made some try against c9s image, and I was able to successfully ssh to the kvm-container running inside qm.
- Copy the
qm_dropin_mount_bind_kvm.conffile andkvm.containerfile to the host dirs: My steps:
[root@ibm-p8-kvm-03-guest-02 ~]# dnf install git make rpm-build -y
[root@ibm-p8-kvm-03-guest-02 ~]# git clone https://github.com/containers/qm.git && cd qm
[root@ibm-p8-kvm-03-guest-02 qm]# make TARGETS=kvm subpackages
[root@ibm-p8-kvm-03-guest-02 qm]# sudo dnf install rpmbuild/RPMS/noarch/qm-kvm-0.7.6-1.el9.noarch.rpm
[root@ibm-p8-kvm-03-guest-02 qm]# ll /etc/containers/systemd/qm.container.d/
total 4
-rw-r--r--. 1 root root 139 Jun 30 03:57 qm_dropin_mount_bind_kvm.conf
[root@ibm-p8-kvm-03-guest-02 qm]# ll /etc/qm/containers/systemd/
total 8
-rw-r--r--. 1 root root 315 Jun 30 03:25 ffi-qm.container
-rw-r--r--. 1 root root 188 Jun 30 03:57 kvm.container
[root@ibm-p8-kvm-03-guest-02 qm]# systemctl daemon-reload
[root@ibm-p8-kvm-03-guest-02 qm]# systemctl restart qm
[root@ibm-p8-kvm-03-guest-02 qm]# podman exec qm systemctl start kvm
[root@ibm-p8-kvm-03-guest-02 qm]# podman exec qm podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a878c6495c53 quay.io/centos-sig-automotive/ffi-tools:latest sleep infinity About a minute ago Up About a minute ffi-qm
ae4bd96fb4a6 quay.io/qm-images/kvm:latest 45 seconds ago Up 45 seconds kvm-container
[root@ibm-p8-kvm-03-guest-02 qm]# podman exec qm systemctl is-active kvm
active
[root@ibm-p8-kvm-03-guest-02 qm]# podman exec qm podman logs --tail 4 kvm-container
Fedora Linux 41 (Cloud Edition)
Kernel 6.11.4-301.fc41.x86_64 on an x86_64 (ttyS0)
enp0s2: 10.0.2.15 fec0::8c98:89eb:848b:b81b
[root@ibm-p8-kvm-03-guest-02 qm]# ip netns
netns-095cc957-459f-c27e-808e-c6a36cd75cc4 (id: 0)
[root@ibm-p8-kvm-03-guest-02 qm]# ip netns exec netns-095cc957-459f-c27e-808e-c6a36cd75cc4 ssh fedora@localhost -p 2226
The authenticity of host '[localhost]:2226 ([127.0.0.1]:2226)' can't be established.
ED25519 key fingerprint is SHA256:c9uuEnQMqpdEC1U1KkvC7lNKx0ygsF9GsFXplfZujYs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2226' (ED25519) to the list of known hosts.
fedora@localhost's password:
[fedora@ibm-p8-kvm-03-guest-02 ~]$ grep ^NAME /etc/os-release
NAME="Fedora Linux"
Hi @Yarboa, I'd like to automate this test, and I have a few questions that need your help.
-
Could you please take a look at if the above test steps are ok?
-
For "So I tried both the methods the rpm subpackage install and also pulling the kvm-container form quay" in the comment
I am a little confused about "the rpm subpackage method", could you explain it to me a little bit?
- Which packit test do we want to introduce this test into?
fedora-41-x86_64andcentos-stream-9-x86_64?
Thanks.