Unable to start VM using libvirt-terraform
Andrew Henderson 
I am using the terraform libvirt provider and I am failing to start a VM. I have a drive mounted at a folder within /home/dude/vmPool/, and I have tried setting acl from looking at this issue which looks similar. I have also tried editing /etc/libvirt/qemu.conf and setting user=root, group=root which doesn't seem to help. I have noticed that the VM image gets created as root while the cloudinit iso is created as my user, I believe internally genisoimage is used by the provider but I have no idea how that affects the domain not being created. It fails with the following error:error: Failed to start domain ubuntu-terraform
error: internal error: process exited while connecting to monitor: 2018-12-06T14:14:22.519784Z qemu-system-x86_64: -drive file=/home/dude/vmPool/ Could not open '/home/dude/vmPool/ Permission denied
I am using Ubuntu 18.04:
uname -a
Linux kvm-host 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic3 Answers
It is a known issue in terraform libvirt. Please refer to :
this sounds like an apparmor path violation due to using an uncommon path.
Please verify checking dmesg when triggering the issue if you see a deny message.
Then as a resolution please follow this document on using uncommon paths
TL;DR:
- use a common path
- add a local apparmor override to allow your path
I faced the same problem, and after some investigation terraform doesn't use dot for resource identifiers. So AppArmor only grants this image
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helperfile names:
...
/**.img r,
/**.raw r,
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
...My terraform uses -qcow as name for each resource, so adding this to the list solved my problem:
/**-qcow{,2} r,
