[ovirt-devel] ovirt nfs mount caused sanlock failed to access data storage

Nir Soffer nsoffer at redhat.com
Tue Sep 12 12:08:05 UTC 2017 

On Tue, Sep 12, 2017 at 2:58 PM pengyixiang <yxpengi386 at 163.com> wrote:

> I know that,
> after nfs mounted in client, it used nfs server's permission, although i
> don't know why it's this, but i execute as follows in nfs server:
> # useradd sanlock -u 114
> # usermod -a -G kvm sanlock
>
> then it's works well!
>
> thanks anyhow!
>

You don't need to add sanlock on the nfs server.

This setup is documented here:
https://ovirt.org/documentation/admin-guide/chap-Storage/#preparing-and-adding-nfs-storage

Nir


>
>
>
>
>
>
> At 2017-09-12 18:47:55, "pengyixiang" <yxpengi386 at 163.com> wrote:
>
> hello Nir
>     I just do a test, as follows, i add linx to group kvm
> # cat /etc/group | grep "kvm"
> kvm:x:112:qemu,vdsm,linx,sanlock
>
> and i see the permission of leases of nfs storage:
> $ ls -l /rhev/data-center/mnt/192.168.11.55\:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases
>
> -rw-rw---- 1 vdsm kvm 2097152 9月  11 19:21
> /rhev/data-center/mnt/192.168.11.55:
> _home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases
>
> sanlock cannot read it
> 425138     resource = sanlock.read_resource(lease.path, lease.offset)
> 425139 SanlockException: (13, 'Sanlock resource read failure', 'Permission
> denied')
>
> and i cannot change to sanlock like that:
> # su sanlock
> root at Node:~#
>
> so i add a user linx to group kvm, and access to a o660 file with vdsm:kvm
> as follows:
> $ ls -l
> 总用量 16
> -rw-rw---- 1 vdsm kvm     6 9月  11 20:06 1.txt
> drwxr-xr-x 9 linx linx 4096 9月   1 15:58 linx-virtualization
> drw-rw---- 3 linx linx 4096 9月  11 20:13 test2
> drw-rw---- 2 linx linx 4096 9月  11 20:19 test3
>
> then we can view the file in user "linx":
> $ cat ~/1.txt
> pencc
>
> then i create 1.txt as same as ~/1.txt in nfs mount point like that with
> permission o666 vdsm:kvm :
> /rhev/data-center/mnt/192.168.11.55
> \:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/1.txt
>
> then i read it, but failed too
> Permission denied
>
> if i change 1.txt's permission in mount point to o666
>
> then i can read it succeed.
>
> i think, maybe nfs's mount caused group permission failed, group
> permission as the second '6' of o666
>
> i cannot understand it, this my nfs-server's exports configurations:
> /home/dataStorage *(rw,sync,no_subtree_check)
>
> have any  ideas? QAQ
>
>
> 在 2017-09-12 18:06:08,"Nir Soffer" <nsoffer at redhat.com> 写道:
>
>
>
> On Tue, 12 Sep 2017, 4:52 pengyixiang <yxpengi386 at 163.com> wrote:
>
>> hello,everyone
>>     sanlock failed due to cannot read nfs storage's data , i tried to
>> chmod 777 /rhev/data-center/mnt/192.168.11.55\:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/*(add
>> others permission), then it's ok
>>
>>     sanlock's log:
>> 425120 Traceback (most recent call last):
>> 425121   File "/usr/lib/python2.7/dist-packages/vdsm/storage/task.py",
>> line 878, in _run
>> 425122     return fn(*args, **kargs)
>> 425123   File "/usr/lib/python2.7/dist-packages/vdsm/logUtils.py", line
>> 52, in wrapper
>> 425124     res = f(*args, **kwargs)
>> 425125   File "/usr/share/vdsm/storage/hsm.py", line 619, in getSpmStatus
>> 425126     status = self._getSpmStatusInfo(pool)
>> 425127   File "/usr/share/vdsm/storage/hsm.py", line 613, in
>> _getSpmStatusInfo
>> 425128     (pool.spmRole,) + pool.getSpmStatus()))
>> 425129   File "/usr/share/vdsm/storage/sp.py", line 141, in getSpmStatus
>> 425130     return self._backend.getSpmStatus()
>> 425131   File "/usr/share/vdsm/storage/spbackends.py", line 433, in
>> getSpmStatus
>> 425132     lVer, spmId = self.masterDomain.inquireClusterLock()
>> 425133   File "/usr/share/vdsm/storage/sd.py", line 817, in
>> inquireClusterLock
>> 425134     return self._manifest.inquireDomainLock()
>> 425135   File "/usr/share/vdsm/storage/sd.py", line 522, in
>> inquireDomainLock
>> 425136     return self._domainLock.inquire(self.getDomainLease())
>> 425137   File
>> "/usr/lib/python2.7/dist-packages/vdsm/storage/clusterlock.py", line 372,
>> in i       nquire
>> 425138     resource = sanlock.read_resource(lease.path, lease.offset)
>> 425139 SanlockException: (13, 'Sanlock resource read failure',
>> 'Permission denied')
>>
>> i test it, and in node,I add user "linx" to group "kvm"
>> $ cat /etc/group | grep "kvm"
>> kvm:x:112:qemu,vdsm,linx,sanlock
>>
>> then i create a file in $HOME:
>> $ ls -l
>> 总用量 16
>> -rw-rw---- 1 vdsm kvm     6 9月  11 20:06 1.txt
>> drwxr-xr-x 9 linx linx 4096 9月   1 15:58 linx-virtualization
>> drw-rw---- 3 linx linx 4096 9月  11 20:13 test2
>> drw-rw---- 2 linx linx 4096 9月  11 20:19 test3
>>
>> then we can view the file in user "linx":
>> $ cat 1.txt
>> pencc
>>
>> leases if vdsm:kvm too:
>> $ ls -l /rhev/data-center/mnt/192.168.11.55\:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases
>>
>> -rw-rw---- 1 vdsm kvm 2097152 9月  11 19:21
>> /rhev/data-center/mnt/192.168.11.55:
>> _home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases
>>
>> but we cannot read the file in user "linx":
>> $ cat /rhev/data-center/mnt/192.168.11.55
>> \:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases
>> cat: '/rhev/data-center/mnt/192.168.11.55:_home_dataStorage/1845be22-1ac4-4e42-bbcb-7ba9ccd6e569/dom_md/leases':
>> 权限不够
>>
>> why is this? follows the nfs server configure
>> # cat /etc/exports
>>
>> /home/dataStorage 192.168.11.*(rw,sync)
>> /home/dataStorage2 192.168.11.*(rw,sync,no_root_squash,no_subtree_check)
>> /home/isoStorage 192.168.11.*(rw,sync,no_root_squash,no_subtree_check)
>>
>> Is my nfs-server configurations miss some arguments? have any idea?
>>
>
> Try to setup a supported system (e.g centos, fedora) and compare the setup.
>
> Can explain why user linx need access to vdsm/sanlock/qemu data?
>
> Nir
>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170912/d7944a61/attachment.html>

More information about the Devel mailing list