From 0aba0a8e31d541259ffdeb45c9650281430067b8 Mon Sep 17 00:00:00 2001 From: Nir Soffer Date: Sun, 14 Sep 2025 14:40:53 +0300 Subject: [PATCH] kvm: Unbreak minikube on Fedora/RHEL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since #20852 minikube is broken on Fedora/RHEL. We add console.log (~/.minikube/machines/NAME/console.log) for dumping the console logs during startup. Libvirt is blocked by selinux policy: $ sudo ausearch -m AVC --start today ... ---- time->Sat Sep 13 22:14:10 2025 type=AVC msg=audit(1757790850.921:4801): avc: denied { open } for pid=215452 comm="virtlogd" path="/home/nsoffer/.minikube/machines/minikube/console.log" dev="vda3" ino=197349579 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- Having better logs in the kvm driver can be helpful but it cannot break basic functionality. Remove the code to create the log file and dump the logs. This is a manual revert of commit 2b81ce24e3432225cb61c53f2bc447449181f4a9. We cannot do a clean revert since all commits in #20852 were squashed during merge. Tested using: $ make out/docker-machine-driver-kvm2 $ cp out/docker-machine-driver-kvm2 ~/.minikube/bin/ $ out/minikube start --driver kvm 😄 minikube v1.37.0 on Fedora 42 (kvm/amd64) ✨ Using the kvm2 driver based on user configuration 👍 Starting "minikube" primary control-plane node in "minikube" cluster 🔥 Creating kvm2 VM (CPUs=2, Memory=6144MB, Disk=20000MB) ... 🐳 Preparing Kubernetes v1.34.0 on Docker 28.4.0 ... 🔗 Configuring bridge CNI (Container Networking Interface) ... 🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🌟 Enabled addons: storage-provisioner, default-storageclass ❗ /usr/local/bin/kubectl is version 1.32.1, which may have incompatibilities with Kubernetes 1.34.0. ▪ Want kubectl v1.34.0? Try 'minikube kubectl -- get pods -A' 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default --- pkg/drivers/kvm/domain.go | 9 +----- pkg/drivers/kvm/domain_definition_x86.go | 5 --- pkg/drivers/kvm/kvm.go | 41 ------------------------ 3 files changed, 1 insertion(+), 54 deletions(-) diff --git a/pkg/drivers/kvm/domain.go b/pkg/drivers/kvm/domain.go index 6918db5fc4..eb9602e7cd 100644 --- a/pkg/drivers/kvm/domain.go +++ b/pkg/drivers/kvm/domain.go @@ -70,14 +70,7 @@ func closeDomain(dom *libvirt.Domain, conn *libvirt.Connect) error { func (d *Driver) defineDomain() (*libvirt.Domain, error) { tmpl := template.Must(template.New("domain").Parse(domainTmpl)) var domainXML bytes.Buffer - dlog := struct { - Driver - ConsoleLogPath string - }{ - Driver: *d, - ConsoleLogPath: consoleLogPath(*d), - } - if err := tmpl.Execute(&domainXML, dlog); err != nil { + if err := tmpl.Execute(&domainXML, d); err != nil { return nil, errors.Wrap(err, "executing domain xml") } conn, err := getConnection(d.ConnectionURI) diff --git a/pkg/drivers/kvm/domain_definition_x86.go b/pkg/drivers/kvm/domain_definition_x86.go index 388ef1c403..cab45f4856 100644 --- a/pkg/drivers/kvm/domain_definition_x86.go +++ b/pkg/drivers/kvm/domain_definition_x86.go @@ -55,7 +55,6 @@ const domainTmpl = ` - @@ -66,14 +65,10 @@ const domainTmpl = ` - - - - /dev/random diff --git a/pkg/drivers/kvm/kvm.go b/pkg/drivers/kvm/kvm.go index 8bd6ed8aa1..11a107e266 100644 --- a/pkg/drivers/kvm/kvm.go +++ b/pkg/drivers/kvm/kvm.go @@ -314,24 +314,6 @@ func (d *Driver) Start() error { log.Debugf("starting domain XML:\n%s", domXML) } - // libvirt/qemu creates a console log file owned by root:root and permissions 0600, - // so we pre-create it (and close it immediately), just to be able to read it later - logPath := consoleLogPath(*d) - f, err := os.Create(logPath) - if err != nil { - log.Debugf("failed to create console log file %q: %v", logPath, err) - } else { - f.Close() - } - // ensure console log file is cleaned up - defer func() { - if _, err := os.Stat(logPath); err == nil { - if err := os.Remove(logPath); err != nil { - log.Debugf("failed removing console log file %q: %v", logPath, err) - } - } - }() - if err := dom.Create(); err != nil { return errors.Wrap(err, "creating domain") } @@ -355,12 +337,6 @@ func (d *Driver) Start() error { return nil } -// consoleLogPath returns the path to the console log file for the given machine name. -func consoleLogPath(d Driver) string { - // return fmt.Sprintf("%s-console.log", machineName) - return d.ResolveStorePath("console.log") -} - // waitForDomainState waits maxTime for the domain to reach a target state. func (d *Driver) waitForDomainState(targetState state.State, maxTime time.Duration) error { query := func() error { @@ -377,27 +353,11 @@ func (d *Driver) waitForDomainState(targetState state.State, maxTime time.Durati return fmt.Errorf("last domain state: %q", currentState.String()) } if err := retry.Local(query, maxTime); err != nil { - dumpConsoleLogs(consoleLogPath(*d)) return fmt.Errorf("timed out waiting %v for domain to reach %q state: %w", maxTime, targetState.String(), err) } return nil } -// dumpConsoleLogs prints out the console log. -func dumpConsoleLogs(logPath string) { - if _, err := os.Stat(logPath); err != nil { - log.Debugf("failed checking console log file %q: %v", logPath, err) - return - } - - data, err := os.ReadFile(logPath) - if err != nil { - log.Debugf("failed dumping console log file %q: %v", logPath, err) - return - } - log.Debugf("console log:\n%s", data) -} - // waitForStaticIP waits for IP address of domain that has been created & starting and then makes that IP static. func (d *Driver) waitForStaticIP(conn *libvirt.Connect, maxTime time.Duration) error { query := func() error { @@ -416,7 +376,6 @@ func (d *Driver) waitForStaticIP(conn *libvirt.Connect, maxTime time.Duration) e return nil } if err := retry.Local(query, maxTime); err != nil { - dumpConsoleLogs(consoleLogPath(*d)) return fmt.Errorf("domain %s didn't return IP after %v", d.MachineName, maxTime) }