8:55 p.m.
Hi Brian,
I hate progressing by guesses but could you try to disable selinux:
# setenforce 0
If that works you could go on, re-enable it and try something more
specific:
# setenforce 1
# setsebool sanlock_use_nfs on
I have the feeling that the vdsm patch setting the sanlock_use_nfs
sebool flag didn't made it to fedora 17 yet.
--
Federico
----- Original Message -----
From: "Brian Vetter" <bjvetter(a)gmail.com>
To: "Federico Simoncelli" <fsimonce(a)redhat.com>
Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org, "David
Teigland" <teigland(a)redhat.com>
Sent: Tuesday, October 23, 2012 6:10:36 PM
Subject: Re: [Users] Error creating the first storage domain (NFS)
Ok. Here's four log files:
engine.log from my ovirt engine server.
vdsm.log from my host
sanlock.log from my host
messages from my host
The errors occur around the 20:17:57 time frame. You might see other
errors from either previous attempts or for the time after when I
tried to attach the storage domain. It looks like everything starts
with an error -13 in sanlock. If the -13 maps to 13/EPERM in
errno.h, then it is likely be some kind of permission or other
access error. I saw things that were related to the nfs directories
not being owned by vdsm:kvm, but that is not the case here.
I did see a note online about some issues with sanlock and F17 (which
I am running), but those bugs were related to sanlock crashing.
Brian
9:54 p.m.
New subject: [Users] Error creating the first storage domain (NFS)
That was the problem. I checked the sanlock_use_nfs boolean and it was off. I set it and
then created and attached the storage and it all works.
Thanks for the help/pointer.
Brian
On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote:
Hi Brian,
I hate progressing by guesses but could you try to disable selinux:
# setenforce 0
If that works you could go on, re-enable it and try something more
specific:
# setenforce 1
# setsebool sanlock_use_nfs on
I have the feeling that the vdsm patch setting the sanlock_use_nfs
sebool flag didn't made it to fedora 17 yet.
--
Federico
----- Original Message -----
> From: "Brian Vetter" <bjvetter(a)gmail.com>
> To: "Federico Simoncelli" <fsimonce(a)redhat.com>
> Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org, "David
Teigland" <teigland(a)redhat.com>
> Sent: Tuesday, October 23, 2012 6:10:36 PM
> Subject: Re: [Users] Error creating the first storage domain (NFS)
>
> Ok. Here's four log files:
>
> engine.log from my ovirt engine server.
> vdsm.log from my host
> sanlock.log from my host
> messages from my host
>
> The errors occur around the 20:17:57 time frame. You might see other
> errors from either previous attempts or for the time after when I
> tried to attach the storage domain. It looks like everything starts
> with an error -13 in sanlock. If the -13 maps to 13/EPERM in
> errno.h, then it is likely be some kind of permission or other
> access error. I saw things that were related to the nfs directories
> not being owned by vdsm:kvm, but that is not the case here.
>
> I did see a note online about some issues with sanlock and F17 (which
> I am running), but those bugs were related to sanlock crashing.
>
> Brian
10:44 p.m.
New subject: [Users] Error creating the first storage domain (NFS)
----- Original Message -----
From: "Brian Vetter" <bjvetter(a)gmail.com>
To: "Federico Simoncelli" <fsimonce(a)redhat.com>
Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org, "David
Teigland" <teigland(a)redhat.com>
Sent: Wednesday, October 24, 2012 4:54:11 AM
Subject: Re: [Users] Error creating the first storage domain (NFS)
That was the problem. I checked the sanlock_use_nfs boolean and it
was off. I set it and then created and attached the storage and it
all works.
Thanks for testing.
Do you have a way of verifying a scratch build?
http://koji.fedoraproject.org/koji/taskinfo?taskID=4620480
This should fix your problem (on a brand new installation).
--
Federico
On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote:
> Hi Brian,
> I hate progressing by guesses but could you try to disable selinux:
>
> # setenforce 0
>
> If that works you could go on, re-enable it and try something more
> specific:
>
> # setenforce 1
> # setsebool sanlock_use_nfs on
>
> I have the feeling that the vdsm patch setting the sanlock_use_nfs
> sebool flag didn't made it to fedora 17 yet.
> --
> Federico
>
> ----- Original Message -----
>> From: "Brian Vetter" <bjvetter(a)gmail.com>
>> To: "Federico Simoncelli" <fsimonce(a)redhat.com>
>> Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org,
"David
>> Teigland" <teigland(a)redhat.com>
>> Sent: Tuesday, October 23, 2012 6:10:36 PM
>> Subject: Re: [Users] Error creating the first storage domain (NFS)
>>
>> Ok. Here's four log files:
>>
>> engine.log from my ovirt engine server.
>> vdsm.log from my host
>> sanlock.log from my host
>> messages from my host
>>
>> The errors occur around the 20:17:57 time frame. You might see
>> other
>> errors from either previous attempts or for the time after when I
>> tried to attach the storage domain. It looks like everything
>> starts
>> with an error -13 in sanlock. If the -13 maps to 13/EPERM in
>> errno.h, then it is likely be some kind of permission or other
>> access error. I saw things that were related to the nfs
>> directories
>> not being owned by vdsm:kvm, but that is not the case here.
>>
>> I did see a note online about some issues with sanlock and F17
>> (which
>> I am running), but those bugs were related to sanlock crashing.
>>
>> Brian
10:48 p.m.
New subject: [Users] Error creating the first storage domain (NFS)
--Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Ugh. Spoke a little too soon. While I got past my problem creating a =
storage domain, I ran into a new sanlock issue.
When trying to run a VM (the first one so I can create a template), I =
get an error in the admin UI:
VM DCC4.0 is down. Exit message: Failed to acquire lock: Permission =
denied.
The sanlock.log file shows the following:
2012-10-23 22:32:02-0500 22023 [981]: s3:r3 resource =
8798edc0-dbd2-466d-8be9-1997f63e196f:71252c8f-68a9-495f-b5a6-4e8e035b56ea:=
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease:0 for 2,11,14629
2012-10-23 22:32:02-0500 22023 [981]: open error -13 =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease
2012-10-23 22:32:02-0500 22023 [981]: r3 acquire_token open error -13
2012-10-23 22:32:02-0500 22023 [981]: r3 cmd_acquire 2,11,14629 =
acquire_token -13
I looked at the lease file referenced above, and it is there.
[root@mech ~]# ls -l =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease
-rw-rw----. 1 vdsm kvm 1048576 Oct 23 22:30 =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease
On a lark, I turned off selinux enforcement and tried it again. It =
worked just fine.
So what selinux option do I need to enable to get it to work? The only =
other sanlock specific settings I saw are:
sanlock_use_fusefs --> off
sanlock_use_nfs --> on
sanlock_use_samba --> off
Do I turn these all on or is there some other setting I need to enable?
Brian
On Oct 23, 2012, at 9:54 PM, Brian Vetter wrote:
That was the problem. I checked the sanlock_use_nfs boolean and it
was =
off. I set it and then created and attached the storage and it all =
works.
=20
Thanks for the help/pointer.
=20
Brian
=20
On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote:
=20
> Hi Brian,
> I hate progressing by guesses but could you try to disable selinux:
>=20
> # setenforce 0
>=20
> If that works you could go on, re-enable it and try something more
> specific:
>=20
> # setenforce 1
> # setsebool sanlock_use_nfs on
>=20
> I have the feeling that the vdsm patch setting the sanlock_use_nfs
> sebool flag didn't made it to fedora 17 yet.
> --=20
> Federico
>=20
> ----- Original Message -----
>> From: "Brian Vetter" <bjvetter(a)gmail.com>
>> To: "Federico Simoncelli" <fsimonce(a)redhat.com>
>> Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org,
"David =
Teigland" <teigland(a)redhat.com>
>> Sent: Tuesday, October 23, 2012 6:10:36 PM
>> Subject: Re: [Users] Error creating the first storage domain (NFS)
>>=20
>> Ok. Here's four log files:
>>=20
>> engine.log from my ovirt engine server.
>> vdsm.log from my host
>> sanlock.log from my host
>> messages from my host
>>=20
>> The errors occur around the 20:17:57 time frame. You might see other
>> errors from either previous attempts or for the time after when I
>> tried to attach the storage domain. It looks like everything starts
>> with an error -13 in sanlock. If the -13 maps to 13/EPERM in
>> errno.h, then it is likely be some kind of permission or other
>> access error. I saw things that were related to the nfs directories
>> not being owned by vdsm:kvm, but that is not the case here.
>>=20
>> I did see a note online about some issues with sanlock and F17 =
(which
>> I am running), but those bugs were related to sanlock
crashing.
>>=20
>> Brian
=20
--Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Ugh. =
Spoke a little too soon. While I got past my problem creating a storage =
domain, I ran into a new sanlock issue.<div><br></div><div>When
trying =
to run a VM (the first one so I can create a template), I get an error =
in the admin UI:</div><blockquote class=3D"webkit-indent-blockquote" =
style=3D"margin: 0 0 0 40px; border: none; padding: 0px;"><div>VM
DCC4.0 =
is down. Exit message: Failed to acquire lock: Permission =
denied.</div></blockquote><div><br></div><div>The
sanlock.log file shows =
the following:</div><blockquote class=3D"webkit-indent-blockquote" =
style=3D"margin: 0 0 0 40px; border: none; padding: =
0px;"><div><div>2012-10-23 22:32:02-0500 22023 [981]: s3:r3 resource
=
8798edc0-dbd2-466d-8be9-1997f63e196f:71252c8f-68a9-495f-b5a6-4e8e035b56ea:=
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease:0 for =
2,11,14629</div></div><div><div>2012-10-23 22:32:02-0500 22023
[981]: =
open error -13 =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease</div></div><div><div>2012-10-23 =
22:32:02-0500 22023 [981]: r3 acquire_token open error =
-13</div></div><div><div>2012-10-23 22:32:02-0500 22023 [981]: r3
=
cmd_acquire 2,11,14629 acquire_token =
-13</div></div></blockquote><div><br></div><div>I
looked at the lease =
file referenced above, and it is there.</div><blockquote =
class=3D"webkit-indent-blockquote" style=3D"margin: 0 0 0 40px; border: =
none; padding: 0px;"><div><div>[root@mech ~]# ls -l =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease</div></div><div><div>-rw-rw----. 1
vdsm =
kvm 1048576 Oct 23 22:30 =
/rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-=
8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a=
9-495f-b5a6-4e8e035b56ea.lease</div></div></blockquote><div><div><br></div=
<div>On a lark, I turned off selinux enforcement and tried it
again. It =
worked just
fine.</div><div><br></div><div>So what selinux option do I
=
need to enable to get it to work? The only other sanlock specific =
settings I saw are:</div></div><blockquote =
class=3D"webkit-indent-blockquote" style=3D"margin: 0 0 0 40px; border: =
none; padding: 0px;"><div><div><div>sanlock_use_fusefs
--> =
off</div></div></div><div><div><div>sanlock_use_nfs
--> =
on</div></div></div><div><div><div>sanlock_use_samba
--> =
off</div></div></div></blockquote><div><div><br></div><div>Do
I turn =
these all on or is there some other setting I need to =
enable?</div><div><br></div><div>Brian</div><div><br></div><div><div>On
=
Oct 23, 2012, at 9:54 PM, Brian Vetter wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote
type=3D"cite"><div>That =
was the problem. I checked the sanlock_use_nfs boolean and it was off. I =
set it and then created and attached the storage and it all =
works.<br><br>Thanks for the
help/pointer.<br><br>Brian<br><br>On Oct =
23, 2012, at 8:55 PM, Federico Simoncelli wrote:<br><br><blockquote =
type=3D"cite">Hi Brian,<br></blockquote><blockquote
type=3D"cite">I hate =
progressing by guesses but could you try to disable =
selinux:<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote
type=3D"cite"># setenforce =
0<br></blockquote><blockquote
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">If that works you could go on, re-enable it and try =
something more<br></blockquote><blockquote =
type=3D"cite">specific:<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote
type=3D"cite"># setenforce =
1<br></blockquote><blockquote type=3D"cite"># setsebool
sanlock_use_nfs =
on<br></blockquote><blockquote
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">I have the feeling that the vdsm patch setting the =
sanlock_use_nfs<br></blockquote><blockquote
type=3D"cite">sebool flag =
didn't made it to fedora 17 yet.<br></blockquote><blockquote =
type=3D"cite">-- <br></blockquote><blockquote =
type=3D"cite">Federico<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote
type=3D"cite">----- Original =
Message -----<br></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">From: "Brian Vetter" <<a =
href=3D"mailto:bjvetter@gmail.com">bjvetter@gmail.com</a>><br></blockqu=
ote></blockquote><blockquote type=3D"cite"><blockquote
type=3D"cite">To: =
"Federico Simoncelli" <<a =
href=3D"mailto:fsimonce@redhat.com">fsimonce@redhat.com</a>><br></block=
quote></blockquote><blockquote type=3D"cite"><blockquote
type=3D"cite">Cc:=
"Vered Volansky" <<a =
href=3D"mailto:vered@redhat.com">vered@redhat.com</a>>, <a =
href=3D"mailto:users@ovirt.org">users@ovirt.org</a>, "David
Teigland" =
<<a =
href=3D"mailto:teigland@redhat.com">teigland@redhat.com</a>><br></block=
quote></blockquote><blockquote type=3D"cite"><blockquote =
type=3D"cite">Sent: Tuesday, October 23, 2012 6:10:36 =
PM<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">Subject: Re: [Users] Error creating the first storage =
domain (NFS)<br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote type=3D"cite">Ok. Here's four
log =
files:<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote type=3D"cite">engine.log from my
ovirt engine =
server.<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote=
type=3D"cite">vdsm.log from my =
host<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">sanlock.log from my =
host<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">messages from my =
host<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote type=3D"cite">The errors occur
around the =
20:17:57 time frame. You might see =
other<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">errors from either previous attempts or for the time after =
when I<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">tried to attach the storage domain. It looks like =
everything starts<br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite">with an error -13 in
sanlock. If =
the -13 maps to 13/EPERM in<br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote type=3D"cite">errno.h, then it is
likely be =
some kind of permission or =
other<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">access error. I saw things that were related to the nfs =
directories<br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite">not being owned by
vdsm:kvm, but =
that is not the case here.<br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote type=3D"cite">I did see a note
online about =
some issues with sanlock and F17 =
(which<br></blockquote></blockquote><blockquote
type=3D"cite"><blockquote =
type=3D"cite">I am running), but those bugs were related to sanlock =
crashing.<br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote
=
type=3D"cite"><blockquote =
type=3D"cite">Brian<br></blockquote></blockquote><br></div></blockquote></=
div><br></div></body></html>=
--Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7--
10:59 p.m.
New subject: [Users] Error creating the first storage domain (NFS)
----- Original Message -----
From: "Brian Vetter" <bjvetter(a)gmail.com>
To: "Federico Simoncelli" <fsimonce(a)redhat.com>
Cc: "Vered Volansky" <vered(a)redhat.com>, users(a)ovirt.org, "David
Teigland" <teigland(a)redhat.com>
Sent: Wednesday, October 24, 2012 5:48:21 AM
Subject: Re: [Users] Error creating the first storage domain (NFS)
Ugh. Spoke a little too soon. While I got past my problem creating a
storage domain, I ran into a new sanlock issue.
When trying to run a VM (the first one so I can create a template), I
get an error in the admin UI:
VM DCC4.0 is down. Exit message: Failed to acquire lock: Permission
denied.
On a lark, I turned off selinux enforcement and tried it again. It
worked just fine.
So what selinux option do I need to enable to get it to work? The
only other sanlock specific settings I saw are:
sanlock_use_fusefs --> off
sanlock_use_nfs --> on
sanlock_use_samba --> off
Do I turn these all on or is there some other setting I need to
enable?
No for nfs you just need sanlock_use_nfs.
I'd say that if you could verify the scratch build that I prepared at:
http://koji.fedoraproject.org/koji/taskinfo?taskID=4620480
(up until starting a vm), then all the new selinux errors/messages that
you see in the audit log (/var/log/audit/audit.log) are issues that
should be reported to the selinux-policy package.
--
Federico
4414
days inactive
4414
days old
4 comments
2 participants
participants (2)
-
Brian Vetter -
Federico Simoncelli