OpenShift Virtualization: Failed to take VM snapshot from OpenShift Virtualization UI.
Oversigt: Take VM snapshot via OpenShift Virtualization UI fails if there is IO running in the VM in OCP cluster.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Symptomer
Take VM snapshot via OpenShift Virtualization UI failed.
Checking logs of virt-handler pod (openshift-cnv namespace), it shows errors like below:
Checking logs of virt-handler pod (openshift-cnv namespace), it shows errors like below:
2023-08-14T02:23:33.722372232Z {"component":"virt-handler","kind":"","level":"error","msg":"Failed to freeze VMI","name":"rhel9-vm-http-block",
"namespace":"rhel-vm","pos":"lifecycle.go:124","reason":"server error.
command Freeze failed: \"LibvirtError(Code=1, Domain=10, Message='internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze':
failed to open /zoner/sda: Permission denied')\"","timestamp":"2023-08-14T02:23:33.722321Z","uid":"c6894dc7-f29c-43e7-9817-3b12643040d1"}
"namespace":"rhel-vm","pos":"lifecycle.go:124","reason":"server error.
command Freeze failed: \"LibvirtError(Code=1, Domain=10, Message='internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze':
failed to open /zoner/sda: Permission denied')\"","timestamp":"2023-08-14T02:23:33.722321Z","uid":"c6894dc7-f29c-43e7-9817-3b12643040d1"}
Årsag
Create a VM via OpenShift Virtualization, the mount point from the created LUN is not labelled as trusted. So during VM snapshot process, the QEMU agent fails to open the mount point (in this KB, the mount point is /zoner/sda) and gets permission denied while it tries to do fsfreeze.
Løsning
Below resolution steps will suppose "/zoner/sda" as the mount point.
Please use "df -h" command and check from your error logs to confirm the actual error reporting mount point of your VM.
1. Confirm the SELinux context of the mount point is showing "unlabeled_t" by below command:
# ls -lZd /zoner/sda/
2. If it shows "unlabeled_t", there are two options to resolve it.
- Option1: To enable QEMU agent to read non-labelled files.
# setsebool -P virt_qemu_ga_read_nonsecurity_files 1
- Option2: To label the mount point.
# restorecon -v /zoner/sda/
Berørte produkter
APEX Cloud Platform for Red Hat OpenShiftArtikelegenskaber
Artikelnummer: 000217270
Artikeltype: Solution
Senest ændret: 19 feb. 2026
Version: 3
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.