Problem
When deploying a cluster using the agent method, QEMU fails to start the VM because it cannot read the agent ISO:
ERROR Failed starting domain 'ostest_master_0': internal error: process exited while connecting to monitor:
qemu-kvm: Could not open '/home/ec2-user/openshift-metal3/dev-scripts/ocp/ostest/agent.x86_64.iso': Permission denied
Root Cause
The create.yml task that sets file ACLs for QEMU hardcodes /root:
- name: Allow qemu read access for agent install
ansible.posix.acl:
path: "{{ item }}"
entity: qemu
etype: user
permissions: rx
state: present
become: true
when: method == "agent"
loop:
- "."
- "/root"Dev-scripts is deployed under /home/ec2-user/, so the ACL on /root has no effect. QEMU needs rx on /home/ec2-user to traverse the path to the ISO.
Fix
Replace the hardcoded /root with the actual home directory and dev-scripts path:
loop:
- "{{ ansible_env.HOME }}"
- "{{ dev_scripts_path }}"Impact
Affects all agent-based installs via the TNF toolbox. IPI method is unaffected (no ISO boot).
Problem
When deploying a cluster using the
agentmethod, QEMU fails to start the VM because it cannot read the agent ISO:Root Cause
The
create.ymltask that sets file ACLs for QEMU hardcodes/root:Dev-scripts is deployed under
/home/ec2-user/, so the ACL on/roothas no effect. QEMU needsrxon/home/ec2-userto traverse the path to the ISO.Fix
Replace the hardcoded
/rootwith the actual home directory and dev-scripts path:Impact
Affects all agent-based installs via the TNF toolbox. IPI method is unaffected (no ISO boot).