I have a virtualization server which I am trying to get to access a CIFS share to store its qcow2 files for VM’s. I had this working under centos 7 but now trying to get it to run on Rocky 9. I have tried everything I can think of and followed all suggestions I have found online for similar problems. I thought maybe one of the learned people here might help.
- Virtualization server is rocky 9 and is ipa client
- File server is an old FreeNAS server which is based on FreeBSD and exposes a CIFS share
a. Share name is virt with sub directories of images and iso
b. virt has a user of virt and group of libvirt (ipa user and group)
- running qemu with user virt and group libvirt
- libvirtd has unix_socket_group o libvirt and unix_socket_rw_perms as 0770
5 mounting virt from fstab with:
//fileserver.domain.int/virt /virt cifs credentials=/root/virt-creds,uid=1433000016,gid=1433000013,file_mode=0771,dir_mode=0771,context=“system_u:object_r:virt_image_t:s0” 0 0
I have tried every permutation of recommendations and still permission denied try to write to /virt/images.
Any help appreciated.
Does the FreeNAS server support SMB 2 or 3? SMB 1 is nolonger supported by modern kernels w/o some onerous work arounds.
I am able to mount the share via the fstab entry and read and write from my user. When qemu makes the call it gets permission denied. Nothing I seem to do affects that.
Here is the typical error:
[root@vs01 hswope]# virt-install --name=winclient05 --vcpus=4 --memory=16384 --cdrom=/virt/iso/Win11_22H2_English_x64v2.iso --disk size=512,path=/virt/images/winclient05.qcow2 --os-variant=win11
WARNING Graphics requested but DISPLAY is not set. Not running virt-viewer.
WARNING No console to launch for the guest, defaulting to --wait -1
ERROR Couldn’t create storage volume ‘winclient05.qcow2’: 'internal error: Child process (/usr/bin/qemu-img create -f qcow2 -o preallocation=metadata,compat=1.1,lazy_refcounts /virt/images/winclient05.qcow2 536870912K) unexpected exit status 1: qemu-img: /virt/images/winclient05.qcow2: Could not write qcow2 header: Permission denied
Finally: I found the solution was to add
nobrl as a mount option. Now I need to go and roll back my other changes to see if they are required. But I am over the large hurdle. Thanks to: