[ovirt-devel] qemu packaging - add the "qemu" user to a "gluster" group?
Niels de Vos
ndevos at redhat.com
Wed Apr 26 13:36:43 UTC 2017
Hi,
We're trying to improve the debugability of Gluster backed VMs and one
of the features for this is to be able to gather "statedumps". These
statedumps include memory allocation details and other information about
the Gluster client. QEMU is one of the applications that can be
configured to use libgfapi.so Gluster client.
Gluster provides the /var/run/gluster/ directory and the libgfapi.so
library that qemu (in block/gluster.c) uses that. Would there be a
problem for the "qemu" packages to use add the "qemu" user to a
"gluster" group? I'm not sure yet how this is done for other packages
with their own users, but there would be a dependent installation order
of some kind (needs rpm triggers?).
What is your opinion on this issue, or would you recommend an other
approach?
Thanks,
Niels
PS: https://bugzilla.redhat.com/1445569 can be used to reply as well
From http://lists.gluster.org/pipermail/gluster-devel/2017-April/052629.html:
On Tue, Apr 25, 2017 at 07:53:06PM +0200, Niels de Vos wrote:
> Hi,
>
> Recently a new ability to trigger statedumps through the Gluster-CLI [0]
> has been added. This makes it possible to get statedump from
> applications that use gfapi. By default, statedumps are saved under
> /var/run/gluster/... and this directory is only writable by root.
> Applications that use gfapi do not require root permissions (like QEMU),
> and therefore fail to write the statedump :-/
>
> One approach would be to create a "gluster" group and give the group
> permissions to write to /var/run/gluster/... Other 'fixes' include
> setting ACLs on the directory so that specified users can write there.
> because many daemons have a "home directory" that does not exist, it
> probably is not a good idea to use $HOME to store statedumps.
>
> What suggestions do others have?
>
> Thanks,
> Niels
>
>
> 0. https://github.com/gluster/glusterfs/blob/master/doc/debugging/statedump.md
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170426/d79d344b/attachment.sig>
More information about the Devel
mailing list