<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/22/2014 11:43 AM, Royce Lv wrote:<br>
</div>
<blockquote cite="mid:52DFCAF0.9080505@linux.vnet.ibm.com"
type="cite">
<br>
<br>
Guys,
<br>
<br>
When testing with kimchi nfs feature, I filed two issues
related to
<br>
nfs image permission problem:
<br>
<br>
1. volume creation failure: Because of storage pool permission
is
<br>
not configured to make write
<br>
permission.(<a class="moz-txt-link-freetext" href="https://github.com/kimchi-project/kimchi/issues/261">https://github.com/kimchi-project/kimchi/issues/261</a>)
<br>
2. vm with volume cannot be started: Root users are mapped to
<br>
nobody, so img it created cannot be accessed by libvirt-qemu(on
ubuntu)
<br>
user.(<a class="moz-txt-link-freetext" href="https://github.com/kimchi-project/kimchi/issues/267">https://github.com/kimchi-project/kimchi/issues/267</a>)
<br>
<br>
After discussed with Mark Wu, we would like to propose the
<br>
following to resolve these two problem:
<br>
<br>
1. To allow creation: export with all_squash(gid =
kimchi_guid) and
<br>
group allow write permission. Also with planned nfs-pool
prevalidation
<br>
(a timeout try mount in a process), we can check if the gid and
<br>
permission is right. This will save us from future trouble.
<br>
<br>
</blockquote>
<br>
It is only related to NFS server setup, right?<br>
<br>
/home/alinefm *(rw,all_squash,anongid=<kimchi-gid>)<font
face="DejaVu Sans Mono"><br>
</font><br>
So for that we should only write instructions to user on README or <br>
other doc file.<br>
<br>
<blockquote cite="mid:52DFCAF0.9080505@linux.vnet.ibm.com"
type="cite"> 2. To allow qemu process(started by libvirt) to
access img, we add
<br>
uid ('qemu' under fedora and 'libvirt-qemu' under ubuntu) which
running
<br>
qemu process to 'kimchi' group to allow the write access of the
img.
<br>
<br>
</blockquote>
<br>
For that we need to create a group with the same kimchi gid used for
NFS server<br>
and then add 'qemu/libvirt-qemu' to this group?<br>
<br>
Is that right?<br>
<br>
<blockquote cite="mid:52DFCAF0.9080505@linux.vnet.ibm.com"
type="cite"> I am also investigating other possibilities like
using storage pool
<br>
permissions and so on.
<br>
Welcome thoughts on it!
<br>
<br>
</blockquote>
<br>
<font face="DejaVu Sans Mono"><br>
</font>
</body>
</html>