我安装了基于 debian 的 kvm/qemu,并想通过 terraform 部署虚拟机。
provider "libvirt" {
uri = "qemu:///system" # Verbindung zur lokalen QEMU-Instanz
}
resource "libvirt_volume" "debian_image" {
name = "debian.qcow2"
pool = "default" # Name des Speicherpools
#source = "https://cdimage.debian.org/cdimage/openstack/current/debian-10-openstack-amd64.qcow2"
source = "https://cloud.debian.org/images/cloud/bullseye/20230912-1501/debian-11-nocloud-ppc64el-20230912-1501.qcow2"
format = "qcow2"
#content_type = "raw"
}
resource "libvirt_domain" "debian_vm" {
name = "debian-vm"
memory = "2048"
vcpu = 2
disk {
volume_id = libvirt_volume.debian_image.id
}
network_interface {
network_name = "testbed_network" # Name des virtuellen Netzwerks
}
}
resource "libvirt_network" "testbed_network" {
# the name used by libvirt
name = "testbed_network"
# mode can be: "nat" (default), "none", "route", "open", "bridge"
mode = "nat"
# the domain used by the DNS server in this network
domain = "debian_vm"
# list of subnets the addresses allowed for domains connected
# also derived to define the host addresses
# also derived to define the addresses served by the DHCP server
addresses = ["192.168.0.0/24"]
# (optional) the bridge device defines the name of a bridge device
# which will be used to construct the virtual network.
# (only necessary in "bridge" mode)
# bridge = "br7"
# (optional) the MTU for the network. If not supplied, the underlying device's
# default is used (usually 1500)
# mtu = 9000
}
但不幸的是我运行时遇到错误:
Error: error creating libvirt domain: internal error: qemu unexpectedly closed the monitor: 2023-09-25T08:04:58.118075Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/images/debian.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/images/debian.qcow2': Permission denied
│
│ with libvirt_domain.debian_vm,
│ on maint.tf line 14, in resource "libvirt_domain" "debian_vm":
│ 14: resource "libvirt_domain" "debian_vm" {
我不明白此进程下载的文件如何具有与同一进程不合适的用户权限配置?需要启用哪个用户以及在哪里(用户组、配置文件...)
我尝试在系统上使用合适的providers.tf来运行这个main.tf。请帮我解决这个问题。
这是你的错误
无法打开“/var/lib/libvirt/images/debian.qcow2”:权限被拒绝
这不是 terraform 问题,而是操作系统和 KVM 池的配置问题。
resource "libvirt_volume" "debian_image" {
...
pool = "default"
您已配置为使用默认池,并查看您的错误,它指向“/var/lib/libvirt/images/”。您可以使用以下命令确认:
sudo virsh pool-dumpxml default执行 terraform 配置的用户没有足够的权限写入此目录。
根据您运行的操作系统发行版,有多种方法可以解决此问题。
a.如果您的 KVM 主机是 ubuntu,您可以 调整 apparmor 设置。
b.你可以以 root 身份运行 terraform,但这不是一个好的做法。
c.使用 terraform 创建另一个池,请参阅 terraform 文档中的
libvirt_poold。检查图像目录的 dir 所有权:
stat -c "%G" /var/lib/libvirt/imagesusermod如果 /var/lib/libvirt/images/ dir 属于“root”组,您可以尝试将其组所有权更改为“libvirt-qemu”组并将自己添加到该组,但这样做需要您自担风险,并且如果它是一个生产服务器,也许您可能想在另一台服务器上进行测试。