OpenNebula 4 with KVM and Openvswitch using only one server

As I’ve only one server, I’m forced to install OpenNebula and KVM virtualization in the same machine. If you want to know how I configured and installed openvswitch read my previous posts.

Let’s begin installing some packages:

yum install qemu-kvm qemu-kvm-tools libvirt virt-manager

Install the opennebula-node-kvm rpm package (read my previous post for more information) as it’ll configure for you  qemu and a policy allowing oneadmin user to use the virtualization api.

yum localinstall opennebula-node-kvm-4.0.1-1.x86_64.rpm

Start the libvirtd service and configure it to start at boot

#/etc/init.d/libvirtd start
Starting daemon libvirtd: [ OK ]
# chkconfig libvirtd on

Warning: if you’re using SELinux run this command so the authorized keys is accesible for passwordless login using ssh. Also, I’ve change the context for the /var/lib/one/datastore directory to avoid a Permission Denied error (/var/lib/one/datastores/0/0/disk.0: Permission denied) when trying to run a VM with KVM.

chcon -v --type=ssh_home_t /var/lib/one/.ssh/authorized_keys
chcon -R --type=virt_image_t /var/lib/one/datastores

Create the /var/tmp/one directory and change the ownership

# mkdir /var/tmp/one
# chown oneadmin:oneadmin /var/tmp/one

If you’re using server names, you have to be sure that there’s an entry in your DNS or /etc/hosts for the server name, e.g I have an entry in the /etc/hosts for my server haddock.macto.local

Now as the oneadmin user, let’s create the host with a KVM hypervisor and openvswitch.and check that no errors are shown. Also try to open a ssh to check that no password is used, this will insert your host in the known_hosts file and will prevent ” Host key verification failed” error when monitoring your host.

# su oneadmin
$ ssh oneadmin@haddock.macto.local
The authenticity of host 'haddock.macto.local(' can't be established.
RSA key fingerprint is ....
Are you sure you want to continue connecting (yes/no)? yes
$ exit

$ onehost create haddock.macto.local -i kvm -v kvm -n ovswitch
ID: 0
$ onehost list
0 haddock.macto.l - 0 0 / 200 (0%) 0K / 5.6G (0%) on

OK status is on, and my host looks good in Sunstone GUI. Perfect.

If “err” is shown after executing the onehost list command, check /var/lib/one/oned.log for errors. I was having the following error because I haven’t installed opennebula-node-kvm after libvirt installation: “error: authentication failed: Authorization requires authentication but no agent is available”

If you’re running openvswitch you can avoid the following errors editing the sudoers file.

  • sudo: sorry you must have a tty to run sudo
  • sudo: Error deploying virtual machine: sudo: no tty present and no askpass program specified

Edit the sudoers file with visudo and comment the line “Defaults requiretty” , then add the following lines at the end of the file:

oneadmin ALL = NOPASSWD: /sbin/iptables
oneadmin ALL = NOPASSWD: /sbin/ebtables
oneadmin ALL = NOPASSWD: /usr/bin/ovs-vsctl
oneadmin ALL = NOPASSWD: /usr/bin/ovs-ofctl

I’ve also found sometimes this error:

WARNING **: Error connecting to bus: org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

I decided to reboot the machine and the monitor status changed to on.

Tomorrow I’ll explain how to run a virtual machine in OpenNebula.


18 thoughts on “OpenNebula 4 with KVM and Openvswitch using only one server

  1. wasserpanther says:

    Thank you very much for this guide, it is awesome.
    It saved me a lot of time and trouble.

    Greetings 🙂


  2. autocopy says:

    I have carefully followed the steps, but I have the following error, I failed to fix it, ask for help to have had the same error:
    I show here:
    # onehost create haddock.macto.local -i kvm -v kvm -n ovswitch
    /usr/lib/one/ruby/opennebula/client.rb:76:in `initialize’: ONE_AUTH file not present (RuntimeError)
    from /usr/lib/one/ruby/cli/one_helper.rb:236:in `new’
    from /usr/lib/one/ruby/cli/one_helper.rb:236:in `get_client’
    from /usr/lib/one/ruby/cli/one_helper.rb:280:in `set_client’
    from /usr/bin/onehost:41
    from /usr/lib/one/ruby/cli/command_parser.rb:425:in `call’
    from /usr/lib/one/ruby/cli/command_parser.rb:425:in `run’
    from /usr/lib/one/ruby/cli/command_parser.rb:75:in `initialize’
    from /usr/bin/onehost:34:in `new’
    from /usr/bin/onehost:34


    • n40lab says:

      I’m so sorry I haven’t answered you before but I’ve been on holiday and it’s the first time I read pending comments.

      I think you are running the onehost create haddock.macto.local -i kvm -v kvm -n ovswitch as the root user, you must run it as the oneadmin user: su oneadmin and then execute the same command the ONE_AUTH file will be found and the authentication will succeed.



      P.S: write me an email if you prefer see my gravatar profile ( and you can write me in Spanish 😉


  3. rafik says:

    Thanks alot for this tutorial !!
    an “err” is shown after executing the onehost :
    Command execution fail: scp -r /var/lib/one/remotes/. ubuntu.localhost.localdomain:/var/tmp/one
    Tue Apr 30 18:16:46 2013 [InM][I]: ssh: Could not resolve hostname ubuntu-kvm: Name or service not known
    Tue Apr 30 18:16:46 2013 [InM][I]: lost connection
    Tue Apr 30 18:16:46 2013 [InM][I]: ExitCode: 1

    have you an idea ?


    • n40lab says:

      Hi Rafik,
      thank you for your feedback. It seems there’s a problem with name resolution, do you have an entry in your /etc/hosts for ubuntu.localhost.localdomain? OpenNebula needs to copy through scp the scripts to run qemu-kvm commands and it can’t find the host.




      • rafik says:

        yes i add ubuntu.localhost.localdomain to /etc/host
        i am using one server for the front and node . am just trying to create a virtual machine
        there is no server in my network names ubuntu am just trying to create it.
        did i need some thing ?
        thanks for your time


  4. n40lab says:

    Hi Rafik,
    try to execute ping ubuntu.localhost.localdomain, unless ping runs successfully (if it’s successful what IP address is shown?) you have a problem with /etc/hosts. OpenNebula is warning you that it can’t resolve the hostname. If you prefer try to send me an email (view my Full Profile to get my email and Google Talk contact).


  5. Geoff Ness says:

    I am incredibly glad I came across your website in my attempt to play with OpenNebula. Thank you for sharing your knowledge! After banging my head against a wall for the last two weeks, I can’t seem to get a VM to run. I’ve created the host (localhost) as you described and that works great. I can upload a CentOS 6.4 netinstall and create a template no problem. As soon as I instantiate a template, I get the following:

    Error deploying virtual machine: Could not create domain from /var/lib/one//datastores/0/3/deployment.3

    Message received: LOG I 3 Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one//datastores/0/3/deployment.3 3
    Message received: LOG I 3 error: Failed to create domain from /var/lib/one//datastores/0/3/deployment.3

    Do you have any experience or insight that might help? Thank you!!



    • n40lab says:

      first of all I’m sorry I haven’t answered you before but I’ve been away from the keyboard for a few days.

      What’s the error message shown after “Message received: LOG I 3 error: Failed to create domain from /var/lib/one//datastores/0/3/deployment.3”? If you prefer you can try to contact me using Google Talk or Skype and you could try to send me your /var/log/one/oned.log so I can get more information about your problem. Please check my and I’ll try to do my best to help you.



  6. Luis says:


    I hope you can help me

    I installed opennebula 4.2 and i am getting this error
    Tue Sep 24 20:37:06 2013 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one/var//datastores/0/1/deployment.6


  7. autocopiante2013(diego) says:

    Hello, I would like thank you in advance for your information, some time ago I was working on this issue and contact you, let’s just say that i was not very well the first time you try to install and configure opennebula, but I learned a lot and I’m going for the second attempt.Well, reinstall the whole system and i have followed the steps to fully containing the posts that you have published, without dwelling on them my doubt is the following, I have come to the following command:
    # su oneadmin
    And I have entered them correctly assuming that before this command i have authenticated as root ( ~$ su ), then when you try to connect to my machine via ssh to user oneadmin, noticed that I do not know the password for this user (let’s say that the default password if there is) :
    $ ssh oneadmin@opennebulaprueba ( mi maquina se llama ‘ opennebulaprueba ‘ )
    oneadmin@opennebula’s password: ??? –> ( … And I lost the course )
    I have consulted several tutorials, but the problem is that they are of the other distribution, more specifically of Ubuntu, and since I am working on Centos, and I’ve noticed that there are differences in routes and commands, and there i have justified my confusion. In the other tutorials and documents, you have to assign a password to the user oneadmin:
    # passwd oneadmin
    But I noticed that by doing this some users have had problems creating the host (on my machine would be):
    $ onehost create opennebulaprueba -i kvm -v kvm -n ovswitch
    Assuming that i am authenticated user as opennebula in addition with the KVM and openvswitch configured, i found a thread in a forum of opennebula on the network in which they explain that it is hardly appropriate to change the password to the oneadmin user (# passwd oneadmin ) must be updated the file ONE_AUTH ( … as i understood it would be the configuration file that is located in /var/lib/one/ .one/ ) with the new password so that everything is working fine, for the time you run the command create or onehost onehost list, this call to one_auth and authenticated, i hope understand.

    Shortening what i realized is that I need to upgrade the one_auth file with the password that will give my user oneadmin, something similar to the following:
    # passwd oneadmin
    > Enter password: (mypassONE)
    # vim /var/lib/one/ .one/one_auth
    oneadmin:14f543bc320501821356d04661206e8b ( this string is the same as that used in the authentication of sunstone ) update by :
    I would like to make please confirm if this is correct and that has implications for sunstone , and apology because the length of my question but I want the matter is clear and that if you can this information can be used for other users.


  8. autocopiante2013(diego) says:


    hola, quisiera agradecerte de antemano tu información, hace algún rato estuve trabajando en este tema y contacte contigo, digamos que no me fue muy bien la primera vez que intente instalar y configurar opennebula, pero aprendi mucho y voy por el segundo intento. bien, reinstale todo el sistema y he seguido a cabalidad los pasos que contienen los posts que has publicado, sin extenderme mi duda es la siguiente, he llegado hasta el siguiente comando:
    # su oneadmin
    y he ingresado correctamente asumiendo que antes de este comando me he autenticado como root ( ~$ su ), luego al tratar de conectarme con mi maquina via ssh al usuario oneadmin, noto que no conozco la contraseña de este usuario (digamos que la contraseña por defecto si es que esta existe) :
    $ ssh oneadmin@opennebulaprueba ( mi maquina se llama ‘ opennebulaprueba ‘ )
    oneadmin@opennebula’s password: ??? –> ( y… ahi quede )
    he consultado varios tutoriales, pero el pproblema es que son de otra distribucion, mas especificamente de Ubuntu, y pues estoy trabajando en Centos, y he notado que hay diferencias en comandos y rutas, y he ahi justificada mi confusion. en los otros tutoriales y documentos, se tiene que asignar una contraseña al usuario oneadmin con:
    # passwd oneadmin
    pero he notado que al hacer esto algunos usuarios han tenido problemas al crear el host (en mi maquina sería):
    $ onehost create opennebulaprueba -i kvm -v kvm -n ovswitch
    Asumiendo que estoy autenticado como usuario opennebula ademas con el kvm y openvswitch configurado, he encontrado un hilo en un foro de opennebula en la red en el cual explican que apenas se proceda a cambiar la contraseña al usuario oneadmin (# passwd oneadmin) se debe actualizar el archivo ONE_AUTH ( … que segun tengo entendido seria el fichero de configuracion que se encuentra en /var/lib/one/.one/ ) con la nueva contraseña ello para que todo funcione bien, para al momento de ejecutar el comando onehost create o onehost list, este llamar a one_auth y autentificarse, espero entenderme.

    Abreviando lo que comprendi es que debo actualizar el archivo one_auth con el password que le asigne a mi usuario oneadmin, algo similar a lo siguiente:
    # passwd oneadmin
    ingrese password: (micontraseñaoneadmin)
    # vim /var/lib/one/.one/one_auth
    oneadmin:14f543bc320501821356d04661206e8b (esta cadena es la misma que se utiliza en la autentificacion de sunstone)
    actualizar por
    Quisiera que me confirmaras si realizar esto es correcto y que implicaciones tiene para el sunstone ya que la cadena que estoy cambiando tiene que ver con la autentificacion para el sunstone , y disculpa pues lo extenso de mi pregunta pero quiero que el asunto quede claro y que si se puede esta información pueda servir para otros usuarios.


  9. ThanhQuan says:

    I am a newbei in opennebula. I have a ques. Can i create a Host in server which install opennebula? Sorry my english. I only have one laptop, so can i do all work in one? I see when you create 1 host , you ssh to another machine? It must be?


  10. Myth says:


    Your blogs are awesome, and I’m sure it’s helping a lot of people, including me. Thank you so much!
    This is a little off topic, but I have an error popping up and thought you could help me. My hosts are in ON status and my templates and images seem to be fine. Now, when I create my VM, it gives me the error : Error executing image transfer script. Any ideas on this would be really useful for my project. Thanks a ton in advance.



    • n40lab says:

      Thanks for your kind words, it means a lot to me. I’m afraid I haven’t found that error previously so if the image transfer fails, maybe the /var/log/one/oned.log file or the VM log file /var/log/one/X.log where X is the id for the failing VM could help you (a name resolve issue?). Anyway you can send me an email with your logs visit my contact form at and I’ll send you a contact email.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s