Agent error: The command guest-exec has been disabled for this instance

[Really]

Hello,
I hope you are well!

I have small issue. I have one dedicated with proxmox 7.2-11, with Debian 10

An I have 1 VM with CentOS 7, but for the working correctly Internet on this VM , I need a put new file:
/etc/sysconfig/network-scripts/route-eth0
10.1.1.1 dev eth0
default via 10.1.1.1 dev eth0


I try maybe 10 times like:
qm guest exec 101 -- /bin/sh -c "echo '10.1.1.1 dev eth0 default via 10.1.1.1 dev eth0' > /etc/sysconfig/network-scripts/route-eth0"

But nothing. QM Agent it is active in this VM. So, I dont know where I can found the problem and can to be fixed.

root@196:~# qm guest exec 101 ls
Agent error: The command guest-exec has been disabled for this instance

root@196:~# qm guest exec 101 ls
Agent error: The command guest-exec has been disabled for this instance

root@196:~# qm guest exec 101 ls
Agent error: The command guest-exec has been disabled for this instance

root@196:~# qm config 101
agent: 1
boot: c
bootdisk: scsi0
cipassword: **********
ciuser: root
cores: 1
ide0: local:101/vm-101-disk-0.raw,size=10G
ide2: local:101/vm-101-cloudinit.qcow2,media=cdrom,size=4M
ipconfig0: ip=xx.xx.xx.xx/24,gw=10.1.1.1
memory: 1024
meta: creation-qemu=7.0.0,ctime=1667502183
name: VPS101
nameserver: 8.8.8.8
net0: virtio=02:00:00:14:8e:8d,bridge=vmbr0
onboot: 1
serial0: socket
smbios1: uuid=64a8941d-a752-4180-97c6-326e6d82ab23
sshkeys: ssh-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
vga: serial0
vmgenid: 3bc3c5ae-8e14-490c-b2df-b3e66f3056dc

qm agent 101 info

root@196:~# qm agent 101 info
{
   "supported_commands" : [
      {
         "enabled" : true,
         "name" : "guest-get-osinfo",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-timezone",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-users",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-host-name",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-exec",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-exec-status",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-memory-block-info",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-set-memory-blocks",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-memory-blocks",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-set-user-password",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-fsinfo",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-set-vcpus",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-vcpus",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-network-get-interfaces",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-suspend-hybrid",
         "success-response" : false
      },
      {
         "enabled" : true,
         "name" : "guest-suspend-ram",
         "success-response" : false
      },
      {
         "enabled" : true,
         "name" : "guest-suspend-disk",
         "success-response" : false
      },
      {
         "enabled" : true,
         "name" : "guest-fstrim",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-fsfreeze-thaw",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-fsfreeze-freeze-list",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-fsfreeze-freeze",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-fsfreeze-status",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-flush",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-seek",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-write",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-read",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-close",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-file-open",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-shutdown",
         "success-response" : false
      },
      {
         "enabled" : true,
         "name" : "guest-info",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-set-time",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-get-time",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-ping",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-sync",
         "success-response" : true
      },
      {
         "enabled" : true,
         "name" : "guest-sync-delimited",
         "success-response" : true
      }
   ],
   "version" : "2.12.0"
}

pveversion -v

pveversion -v
proxmox-ve: 7.2-1 (running kernel: 5.15.64-1-pve)
pve-manager: 7.2-11 (running version: 7.2-11/b76d3178)
pve-kernel-5.15: 7.2-13
pve-kernel-helper: 7.2-13
pve-kernel-5.15.64-1-pve: 5.15.64-1
ceph-fuse: 14.2.21-1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve1
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-4
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-3
libpve-guest-common-perl: 4.1-4
libpve-http-server-perl: 4.1-4
libpve-storage-perl: 7.2-10
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.7-1
proxmox-backup-file-restore: 2.2.7-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.5.1
pve-cluster: 7.2-2
pve-container: 4.2-3
pve-docs: 7.2-2
pve-edk2-firmware: 3.20220526-1
pve-firewall: 4.2-6
pve-firmware: 3.5-6
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 7.0.0-4
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-4
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.6-pve1

 

[fiona]

Hi,

qm agent 101 info

      {
         "enabled" : false,
         "name" : "guest-exec",
         "success-response" : true
      },
      {
         "enabled" : false,
         "name" : "guest-exec-status",
         "success-response" : true
      },

well, guest-exec is not enabled. Please check the guest agent configuration inside the VM. In the VM, use qemu-ga -D to dump the configuration. Likely those two commands are blacklisted.

 

[UdoB]

10.1.1.1 dev eth0
default via 10.1.1.1 dev eth0

Really?

Usually (without additional magic) you can not set an exit out of a network to be (effectively) localhost.

Good luck

 

[Really]

@UdoB Yes really. And it seems that after this setup - which by the way is on the recommendation of the OVH team - it works. For this I need to find a solution to add the configuration to the VM machine. https://support.us.ovhcloud.com/hc/...a-VM-to-the-Internet-Using-Proxmox-VE#centos6 Postscript: Although the article gives an example for CentOS 6 version, and I'm with version 7 - it works correctly, without this setting, things don't start. If you have another direction - I'm open to ideas.


@fiona

Last login: Thu Nov  3 21:04:02 on ttyS0
[root@ip16 ~]# qemu-ga -D
\[general]
daemon=false
method=virtio-serial
path=/dev/virtio-ports/org.qemu.guest_agent.0
pidfile=/var/run/qemu-ga.pid
statedir=/var/run
verbose=false
blacklist=

 

[fiona]

@fiona

Last login: Thu Nov  3 21:04:02 on ttyS0
[root@ip16 ~]# qemu-ga -D
\[general]
daemon=false
method=virtio-serial
path=/dev/virtio-ports/org.qemu.guest_agent.0
pidfile=/var/run/qemu-ga.pid
statedir=/var/run
verbose=false
blacklist=

View attachment 42935

What is the output of qemu-ga --version? Can you get the PID of the qemu-ga process (e.g. with ps aux | grep qemu-ga) and check the output of cat /proc/<PID>/cmdline (replacing <PID> with the actual PID). Is there an /etc/qemu/qemu-ga.conf? Otherwise, it should use the default settings, but maybe CentOS did something funky with the default settings?

 

[Really]

Hi @fiona , as far as I understand the features are blacklisted (according to the process), but why on the other hand does qemu-ga -D show no blacklist added? And realistically, how could I solve this problem? Thanks

In the mean time @UdoB still nothing in response to what I told you was the OVH recommendation? Actually - for me it is not an OK option to even have qemu agent enabled, but the configuration forces me to have it.

[root@ip16 ~]# qemu-ga --version
QEMU Guest Agent 2.12.0

[root@ip16 ~]# ps -axu | grep qemu-ga
root       525  0.0  0.2  44300  2288 ?        Ss   Nov03   2:55 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status -F/etc/qemu-ga/fsfreeze-hook
root     22516  0.0  0.0 112812   948 ttyS0    S+   13:55   0:00 grep --color=auto qemu-ga

[root@ip16 ~]# cat /proc/525/cmdline
/usr/bin/qemu-ga--method=virtio-serial--path=/dev/virtio-ports/org.qemu.guest_agent.0--blacklist=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status-F/etc/qemu-ga/fsfreeze-hook

[root@ip16 ~]# cat /etc/qemu/qemu-ga.conf
cat: /etc/qemu/qemu-ga.conf: No such file or directory

[root@ip16 ~]# ls -al /etc/qemu/
ls: cannot access /etc/qemu/: No such file or directory

[root@ip16 ~]# ls -al /etc | grep qemu
drwxr-xr-x.  3 root root       50 Apr 22  2020 qemu-ga
[root@ip16 ~]#

 

[UdoB]

In the mean time @UdoB still nothing in response to what I told you was the OVH recommendation?

No - I have no experience with this kind of tricks, sorry...

 

[fiona]

Hi @fiona , as far as I understand the features are blacklisted (according to the process), but why on the other hand does qemu-ga -D show no blacklist added? And realistically, how could I solve this problem? Thanks

The next step is to find out how qemu-ga is invoked (upon start-up) and why the blacklist options are added there. As far as we know, they are not added by the configuration, so likely they are passed more directly to the command. I don't have experience with CentOS, so I can't help you there unfortunately.

 

[Chatty7736]

Hey, I registered just to share the solution

With pstree, I could deduct that there is a qemu-guest-agent.service running, and it's started by /system.slice/qemu-guest-agent.service .
When you check the service file, there is a variable substitution, but the related env file is there as well, it's /etc/sysconfig/qemu-ga .
In this env file, you need to comment out or modify the following line:

BLACKLIST_RPC=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status

If you comment out the whole line, all RPC modules will be available like exec, but you can also remove just the ones that you really need.
However, in a Ubuntu VM, there is nothing disabled, so I think just commenting out the line is fine.

Don't forget to do a systemctl restart qemu-guest-agent.service once done with the editing.
Now qm guest exec works fine under a CentOS VM!