Incus vms on Rocky Linux

disputin · April 11, 2025, 5:00pm

I’ve been working around a few issues testing to see what can work on Rocky Linux for vms. I’m using Rocky Linux because most of the containers I’m creating validate the OS (RHEL) before I can install the software. I have one VM I need to create. I know about the lack of SPICE support, but using incus from ligenix/enterprise-qemu-spice Copr and following rocky linux incus instructions I’ve managed to get around the spice issues. But now I seem to have a QEMU issue.

Error: Failed to run: forklimits limit=memlock:unlimited:unlimited fd=3 fd=4 -- /usr/bin/qemu-system-x86_64 -S -name v1 -uuid dc556ac6-1ee6-4b30-a189-b18b7f103ad7 -daemonize -cpu host,hv_passthrough -nographic -serial chardev:console -nodefaults -no-user-config -sandbox on,obsolete=deny,elevateprivileges=allow,spawn=allow,resourcecontrol=deny -readconfig /run/incus/v1/qemu.conf -spice unix=on,disable-ticketing=on,addr=/run/incus/v1/qemu.spice -pidfile /run/incus/v1/qemu.pid -D /var/log/incus/v1/qemu.log -smbios type=2,manufacturer=LinuxContainers,product=Incus -run-with nobody: qemu-system-x86_64: -run-with nobody: warning: short-form boolean option 'nobody' deprecated
Please use body=off instead
qemu-system-x86_64: -run-with nobody: Invalid parameter 'body'
: exit status 1
Try `incus info --show-log v1` for more info

Name: v1
Description: 
Status: STOPPED
Type: virtual-machine
Architecture: x86_64
Created: 2025/04/11 08:03 PDT
Last Used: 1969/12/31 16:00 PST
Error: open /var/log/incus/v1/qemu.log: no such file or directory

architecture: x86_64
config:
  image.architecture: amd64
  image.description: Rockylinux 9 amd64 (20250411_02:06)
  image.os: Rockylinux
  image.release: "9"
  image.requirements.cdrom_agent: "true"
  image.serial: "20250411_02:06"
  image.type: disk-kvm.img
  image.variant: default
  volatile.base_image: a90080b4f00ff235f9d5f8e4b9f1d6c83c29822088a8a88a11eb48adaceb7bd2
  volatile.cloud-init.instance-id: c7c550bb-b7ca-460b-a2b2-14dfbab567db
  volatile.eth0.hwaddr: 10:66:6a:e9:cf:b8
  volatile.uuid: dc556ac6-1ee6-4b30-a189-b18b7f103ad7
  volatile.uuid.generation: dc556ac6-1ee6-4b30-a189-b18b7f103ad7
  volatile.vsock_id: "630891230"
devices:
  agent:
    source: agent:config
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Thanks,

Sean

stgraber · April 11, 2025, 7:34pm

What QEMU version is that?

disputin · April 11, 2025, 7:55pm

qemu-system-x86_64 --version
QEMU emulator version 9.1.0 (qemu-kvm-9.1.0-17.el9_spice)
Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers

stgraber · April 11, 2025, 11:34pm

Hmm and what version of Incus?

The current logic for this argument is:

                qemuVer, _ := d.version()
                qemuVer91, _ := version.NewDottedVersion("9.1.0")

                // Since QEMU 9.1 the parameter `runas` has been marked as deprecated.
                if qemuVer != nil && qemuVer.Compare(qemuVer91) >= 0 {
                        qemuArgs = append(qemuArgs, "-run-with", fmt.Sprintf("user=%s", d.state.OS.UnprivUser))
                } else {
                        qemuArgs = append(qemuArgs, "-runas", d.state.OS.UnprivUser)
                }

So given QEMU 9.1, you should have gotten -run-with user=nobody, no idea how you’d be able to get that without a the user= part.

disputin · April 12, 2025, 1:42am

incus version
Client version: 6.11
Server version: 6.11
dnf list --installed|grep incus
incus.x86_64                                     6.11-1.el9                       @copr:copr.fedorainfracloud.org:ligenix:enterprise-qemu-spice
incus-agent.x86_64                               6.11-1.el9                       @copr:copr.fedorainfracloud.org:ligenix:enterprise-qemu-spice
incus-client.x86_64                              6.11-1.el9                       @copr:copr.fedorainfracloud.org:ligenix:enterprise-qemu-spice
incus-selinux.noarch                             6.11-1.el9                       @copr:copr.fedorainfracloud.org:ligenix:enterprise-qemu-spice
incus-tools.x86_64                               6.11-1.el9                       @copr:copr.fedorainfracloud.org:ligenix:enterprise-qemu-spice

These RHEL incus packages are not from neil/incus.
Thanks,
Sean

stgraber · April 12, 2025, 1:45am

Can you try to cherry-pick this into your packages?