7:20 p.m.
Issue resolved -- this issue is caused by improper root user permission
to read/write to NFS export share
OK
here is what i did with the NFS and UID 36 tests
first test as user vdsm on the ovirt server itself
$ ssh server3
Last login: Sun Jan 12 23:53:58 2014
[mdiwan@server3 ~]$ id vdsm
uid=36(vdsm) gid=36(kvm) groups=36(kvm),179(sanlock),107(qemu)
[mdiwan@server3 ~]$ sudo su - vdsm
[sudo] password for mdiwan:
This account is currently not available.
[mdiwan@server3 ~]$ sudo vi /etc/passwd
[mdiwan@server3 ~]$ sudo su - vdsm
-bash-4.2$ mkdir /tmp/ovirt-mount
-bash-4.2$ exit
logout
[mdiwan@server3 ~]$ su -
Password:
[root@server3 ~]# mount server3:/localstorage/nfs /tmp/ovirt-mount
[root@server3 ~]# su - vdsm
-bash-4.2$ whoami
vdsm
-bash-4.2$ id
uid=36(vdsm) gid=36(kvm) groups=36(kvm),107(qemu),179(sanlock)
-bash-4.2$
-bash-4.2$
-bash-4.2$ cd /tmp/ovirt-mount/8eff2927-3bff-4b15-bdd0-8c4e0f40652d/
-bash-4.2$ ls
dom_md images master
-bash-4.2$ touch foo
-bash-4.2$ ls
dom_md foo images master
-bash-4.2$ ls -l
total 0
drwxr-xr-x 2 vdsm kvm 69 Dec 26 19:07 dom_md
-rw-r--r-- 1 vdsm kvm 0 Jan 14 11:39 foo
drwxr-xr-x 2 vdsm kvm 6 Dec 26 19:07 images
drwxr-xr-x 4 vdsm kvm 28 Dec 26 19:07 master
-bash-4.2$ rm foo
-bash-4.2$ ls
dom_md images master
-bash-4.2$ exit
logout
second test on a separate server with the ovirt server's NFS export
with a temporary UID 3 GID 36 user
[root@server2 ~]# mount server3:/
/localstorage/nfs /var/lib/exports/iso-20131223154119
/var/lib/exports/iso
[root@server2 ~]# mount server3:/localstorage/nfs /tmp/ovirt-mount
[root@server2 ~]# su - vdsm
-bash-4.2$ cd /tmp/ovirt-mount/
-bash-4.2$ ls
8eff2927-3bff-4b15-bdd0-8c4e0f40652d __DIRECT_IO_TEST__
-bash-4.2$ cd 8eff2927-3bff-4b15-bdd0-8c4e0f40652d/
-bash-4.2$ ls
dom_md images master
-bash-4.2$ touch foo
-bash-4.2$ ls
dom_md foo images master
-bash-4.2$ ls -l
total 0
drwxr-xr-x. 2 vdsm kvm 69 Dec 26 19:07 dom_md
-rw-r--r--. 1 vdsm kvm 0 Jan 14 11:52 foo
drwxr-xr-x. 2 vdsm kvm 6 Dec 26 19:07 images
drwxr-xr-x. 4 vdsm kvm 28 Dec 26 19:07 master
-bash-4.2$ rm foo
-bash-4.2$ ls
dom_md images master
-bash-4.2$ exit
logout
[root@server2 ~]# cd /tmp/ovirt-mount/
[root@server2 ovirt-mount]# ls
8eff2927-3bff-4b15-bdd0-8c4e0f40652d __DIRECT_IO_TEST__
[root@server2 ovirt-mount]# cd 8eff2927-3bff-4b15-bdd0-8c4e0f40652d/
[root@server2 8eff2927-3bff-4b15-bdd0-8c4e0f40652d]# ls
dom_md images master
[root@server2 8eff2927-3bff-4b15-bdd0-8c4e0f40652d]# touch foo
touch: cannot touch ‘foo’: Permission denied
ROOT USER FAILS TO WRITE .. definitely NFS permissions.
problem is that vdsm user has /sbin/nologin set in /etc/password , i had
to change that for this test.. and i have been under the impression that
root user should be the one doing the conversion.
based on the above
I have changed my nfs export to allow root to write this NFS storage,
the conversion now works
thank you Matt
and thank you Richard
for taking the time to figure this out with me.
Dont like using root for the conversions though, too easy to destroy the
source vms on ESX for my taste.
Going forward i think i am going to make a "conVIRT" user instead of use
root.. i'll let the list know how that goes.
looks like NFS is the only thing that would need changing ( maybe i can
make it a NFS only account)
Madhav
-----Original Message-----
From: Matthew Booth <mbooth(a)redhat.com>
To: Madhav V Diwan <mdiwan(a)diwanconsulting.com>, Richard W.M. Jones
<rjones(a)redhat.com>
Subject: Re: [Users] issue with conversion of ESXi 5 centos VM to
fedora19 ovirt host
Date: Tue, 14 Jan 2014 16:33:28 +0000
On 14/01/14 16:30, Madhav V Diwan wrote:
HI all ,
Any new ideas about this issue ?.. its blocking me from my ESX
conversion ...
Hi, Madhav.
I don't see a response from you about the NFS permission test. Did you
do it? I remain convinced that this is your problem.
Matt
-----Original Message-----
To: Richard W.M. Jones <rjones(a)redhat.com>
Subject: Re: [Users] issue with conversion of ESXi 5 centos VM to
fedora19 ovirt host
Date: Sat, 11 Jan 2014 08:57:33 -0500
setting up a physical /tmp with 1777 permissions did not work ..
and i see ovirt/vdsm is making a temporary nfsV4 mount of the target
export domain to /tmp on the ovirt server
(what i thought was a hard link is actually a nfs mount for the duration
of the conversion)
so if the issue is not permissions on /tmp or the fact that we normally
use tmpfs , what is left?
-----Original Message-----
To: Richard W.M. Jones <rjones(a)redhat.com>
Subject: Re: [Users] issue with conversion of ESXi 5 centos VM to
fedora19 ovirt host
Date: Fri, 10 Jan 2014 17:26:34 -0500
i have some spare disk on this server that i can make a /tmp partition
from .. i am going to try that approach to rule out the tmpfs as an
issue
but woe to those who need such a large physical tmp partition for VM
conversions..
-----Original Message-----
From: Madhav V Diwan <mdiwan(a)diwanconsulting.com>
To: Richard W.M. Jones <rjones(a)redhat.com>
Cc: mbooth(a)redhat.com, users(a)ovirt.org
Subject: Re: [Users] issue with conversion of ESXi 5 centos VM to
fedora19 ovirt host
Date: Fri, 10 Jan 2014 14:37:16 -0500
[mdiwan@server3 ~]$ sudo getenforce
[sudo] password for mdiwan:
Disabled
[mdiwan@server3 ~]$ cat /etc/fstab | grep "tmp"
[mdiwan@server3 ~]$ mount | grep "/tmp"
tmpfs on /tmp type tmpfs (rw)
selinux is disabled on this server .. at least till we figure this out
but yes /tmp is a tmpfs mount
which makes me wonder how it holds a 100 gig file.. it clearly
doesn't ... it seems to have a temporary "hardlink" to the OVIRT nfs
export share when virt-v2v2 is running???
-----Original Message-----
From: Richard W.M. Jones <rjones(a)redhat.com>
To: Madhav V Diwan <mdiwan(a)diwanconsulting.com>
Cc: mbooth(a)redhat.com, users(a)ovirt.org
Subject: Re: [Users] issue with conversion of ESXi 5 centos VM to
fedora19 ovirt host
Date: Fri, 10 Jan 2014 18:53:03 +0000
On Fri, Jan 10, 2014 at 12:48:43PM -0500, Madhav V Diwan wrote:
>
> Sorry richard
>
> seems that it failed even when i tried to set that variable
>
> Maybe i set up the command incorrectly?
>
> here is what i ran
>
>
> [root@server3 ~]# cat convrtesxhost.sh
>
> #!/bin/bash
>
> export LIBGUESTFS_TRACE=1
> export LIBGUESTFS_DEBUG=1
> export LIBGUESTFS_BACKEND=direct
>
> virt-v2v -ic esx://ESX.decllc.biz/?no_verify=1 -o rhev -os
> server3.decllc.biz:/localstorage/nfs --network ovirtmgmt razDC 2>&1 |
> tee /var/log/virt-v2v.log
It looks like this is correctly setting the environment variable:
> [root@server3 ~]# ./convrtesxhost.sh
> virt-v2v: Transferring storage volume razDC_razDC: 107374182400 bytes
> libguestfs: trace: set_verbose true
> libguestfs: trace: set_verbose = 0
> libguestfs: trace: set_backend "direct"
> libguestfs: trace: set_backend = 0
^ see that it's set correctly here.
[...]
> libguestfs: trace: add_drive
>
"/tmp/dgsXFuqz0X/8eff2927-3bff-4b15-bdd0-8c4e0f40652d/v2v.nCJ17ysL/e1660d18-b67b-4002-9835-10c654e7ee0e/a7afe4c5-ece8-4022-a8ec-964984a8db17"
"format:raw" "iface:ide" "name:sda"
> libguestfs: trace: add_drive = -1 (error)
>
/tmp/dgsXFuqz0X/8eff2927-3bff-4b15-bdd0-8c4e0f40652d/v2v.nCJ17ysL/e1660d18-b67b-4002-9835-10c654e7ee0e/a7afe4c5-ece8-4022-a8ec-964984a8db17:
Permission denied at /usr/lib64/perl5/vendor_perl/Sys/Guestfs.pm line 670.
So this is not the bug I was thinking of.
(In fact it's obvious now I look closer. This has nothing to do with
libvirt, and the error message is being generated by libguestfs
earlier on)
Is there some other reason that libguestfs would not be able to open
that file in /tmp? Perhaps there is an SELinux AVC? Or /tmp has
strange permissions ...? Is /tmp a tmpfs mount?
I believe the actual code path you're hitting is this one:
https://github.com/libguestfs/libguestfs/blob/stable-1.22/src/drives.c#L660
I'm not exactly sure why that fails.
Rich.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users