On Tuesday, December 3, 2019, Ivan Apolonio <ivan@apolonio.com.br> wrote:
Hello Amit. Thanks for you reply.

This is the content of /etc/sudoers.d/50_vdsm file (it's the default generated by ovirt install):

Cmnd_Alias VDSM_LIFECYCLE = \
    /usr/sbin/dmidecode -s system-uuid
Cmnd_Alias VDSM_STORAGE = \
    /usr/sbin/fsck -p *, \
    /usr/sbin/tune2fs -j *, \
    /usr/sbin/mkfs -q -j *, \
    /usr/bin/kill, \
    /usr/bin/chown vdsm\:qemu *, \
    /usr/bin/chown vdsm\:kvm *, \
    /usr/sbin/iscsiadm *, \
    /usr/sbin/lvm, \
    /usr/bin/setsid /usr/bin/ionice -c ? -n ? /usr/bin/su vdsm -s /bin/sh -c /usr/libexec/vdsm/spmprotect.sh*, \
    /usr/sbin/service vdsmd *, \
    /usr/sbin/reboot -f

vdsm  ALL=(ALL) NOPASSWD: VDSM_LIFECYCLE, VDSM_STORAGE
Defaults:vdsm !requiretty
Defaults:vdsm !syslog
This line shuts logging, worth to comment it out during check. Plus, do you have an #includedir setting in your /etc/sudoers file?

The vdsm.log snippet seems later than the error in the engine.log, could you provide one covering the failing attempt?


I was pretty curious about the format of the line "/usr/bin/setsid /usr/bin/ionice -c ? -n ? /usr/bin/su vdsm -s /bin/sh -c /usr/libexec/vdsm/spmprotect.sh*", but looking at source code (https://github.com/oVirt/vdsm/blob/master/static/etc/sudoers.d/50_vdsm.in) it looks to be just like that. If I need to change anything on this file, it looks that there's some bug on vdsm package.

In other hand, I watched the /var/log/secure file while I was trying to attach a Datacenter to ISO Domain and it didn't showed anything new, meaning that the referred "ionice" command was not executed via sudo by vdsm. If it's is true, that could explain the "permission denied" error.

About the NFS export, it is exactly the same as parameters as Data Domain exports (which works perfectly):

exportfs -v
/storage/vm     172.31.17.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/storage/vm     172.31.48.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/storage/iso    <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)


What else do I need to check?
Thanks
Ivan
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BPEKZ4JEDMLLMDXCJWX5IOIKYIU5NRVF/