<div dir="ltr"><div> </div><div><strong>below is the output after reboot .. also after reboot we need to restart sanlock daemon manually every time else no spm selection & hosts keep on contending & fails</strong></div>
<div><strong></strong> </div><div><font face="courier new,monospace"><strong>[root@node1-3-3 ~]# getsebool -a | egrep -i 'nfs|sanlock'</strong><br>allow_ftpd_use_nfs --> off<br>cobbler_use_nfs --> off<br>git_system_use_nfs --> off<br>
httpd_use_nfs --> off<br>qemu_use_nfs --> on<br>rsync_use_nfs --> off<br>samba_share_nfs --> off<br>sanlock_use_fusefs --> off<br>sanlock_use_nfs --> off<br>sanlock_use_samba --> off<br>sge_use_nfs --> off<br>
use_nfs_home_dirs --> on<br></font><font face="courier new,monospace"><strong>virt_use_nfs --> off<br>virt_use_sanlock --> off</strong><br>xen_use_nfs --> off<br><strong>[root@node1-3-3 ~]# getsebool -a | egrep -i allow_execstack</strong><br>
allow_execstack --> on<br>[root@node1-3-3 ~]#</font><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Oct 21, 2013 at 7:16 PM, Fabian Deutsch <span dir="ltr"><<a href="mailto:fabiand@redhat.com" target="_blank">fabiand@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Am Montag, den 21.10.2013, 15:44 +0800 schrieb Anil Dhingra:<br>
<div class="im">> hi<br>
><br>
> Permission issue is resolved after changing on openfiler NFS share<br>
> permission .but still on every reboot we need to set below values<br>
> manually<br>
> Any idea how to make it perm<br>
><br>
> setsebool -P virt_use_sanlock=on<br>
> setsebool -P virt_use_nfs=on<br>
<br>
</div>Hum ... That's interesting.<br>
We actually set both of them to on during the installation of the<br>
ovirt-node selinux package:<br>
/usr/sbin/setsebool -P allow_execstack=0 \<br>
virt_use_nfs=1 \<br>
virt_use_sanlock=1 \<br>
sanlock_use_nfs=1<br>
<br>
What does<br>
getsebool virt_use_sanlock virt_use_nfs<br>
<br>
say?<br>
<span class="HOEnZb"><font color="#888888"><br>
- fabian<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
><br>
> On Wed, Oct 16, 2013 at 8:24 AM, Itamar Heim <<a href="mailto:iheim@redhat.com">iheim@redhat.com</a>> wrote:<br>
> On 10/15/2013 11:05 AM, Anil Dhingra wrote:<br>
><br>
> Hi Guys<br>
> Any know issue why we are not able to start VM due to<br>
> permission issue<br>
> on disk image file .. as per docs ownership should be<br>
> vdsm:kvm byt not<br>
> sure why its showing below<br>
> used - both ovirt-node-iso-3.0.1-1.0.1.vdsm.el6 &<br>
> ovirt-node-iso-3.0.1-1.0.2.vdsm.el6 same issue<br>
> [ using NFS Domain ]<br>
> VM n0001vdap is down. Exit message: internal error<br>
> process exited while<br>
> connecting to monitor: qemu-kvm: -drive<br>
> file=/rhev/data-center/d09d8a3e-8ab4-42fc-84ec-86f307d144a0/1a04e13a-0ed4-40d6-a153-f7091c65d916/images/44e3fc9b-0382-4c11-b00c-35bd74032e9a/34542412-ed50-4350-8867-0d7d5f8127fd,if=none,id=drive-virtio-disk0,format=raw,serial=44e3fc9b-0382-4c11-b00c-35bd74032e9a,cache=none,werror=stop,rerror=stop,aio=threads:<br>
><br>
> *could not open *disk image<br>
> */rhev/data-center*/d09d8a3e-8ab4-42fc-84ec-86f307d144a0/1a04e13a-0ed4-40d6-a153-f7091c65d916/*images*/44e3fc9b-0382-4c11-b00c-35bd74032e9a/34542412-ed50-4350-8867-0d7d5f8127fd:<br>
> *Permission denied*<br>
><br>
><br>
> [root@node1 44e3fc9b-0382-4c11-b00c-35bd74032e9a]# ls<br>
> -lh<br>
> total 1.1M<br>
><br>
> -rw-rw----+ 1 *vdsm 96* 6.0G 2013-10-15 05:47<br>
> 34542412-ed50-4350-8867-0d7d5f8127fd<br>
> -rw-rw----+ 1 *vdsm 96* 1.0M 2013-10-15 05:47<br>
> 34542412-ed50-4350-8867-0d7d5f8127fd.lease<br>
> -rw-rw-rw-+ 1 *vdsm 96* 268 2013-10-15 05:47<br>
><br>
> 34542412-ed50-4350-8867-0d7d5f8127fd.meta<br>
> As it doesn't allow us o change permissions any<br>
> alternate way for this<br>
><br>
> ?or do I need to manually set permissions in<br>
> *"/etc/libvirt/qemu.conf"*<br>
> alos ther is no such *group *with*"96"* .. so from<br>
> where it picks this<br>
><br>
> config .<br>
> Another question is related to SELINUX config change<br>
> for below 2<br>
><br>
> parameters to recover from error "*internal error<br>
> Failed to open socket<br>
> to sanlock daemon: Permission denied*" I saw some<br>
> where this is fixed<br>
><br>
> but not sure why it appears VDSM should take care of<br>
> this auto<br>
> setsebool -P virt_use_sanlock=on<br>
> setsebool -P virt_use_nfs=on<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
><br>
><br>
> have you tried:<br>
> <a href="http://www.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues" target="_blank">http://www.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues</a><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br>
<br>
</div></div></blockquote></div><br></div>