Re: [Users] Error creating the first storage domain (NFS)

Hi Brian, I hate progressing by guesses but could you try to disable selinux: # setenforce 0 If that works you could go on, re-enable it and try something more specific: # setenforce 1 # setsebool sanlock_use_nfs on I have the feeling that the vdsm patch setting the sanlock_use_nfs sebool flag didn't made it to fedora 17 yet. -- Federico ----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David Teigland" <teigland@redhat.com> Sent: Tuesday, October 23, 2012 6:10:36 PM Subject: Re: [Users] Error creating the first storage domain (NFS)
Ok. Here's four log files:
engine.log from my ovirt engine server. vdsm.log from my host sanlock.log from my host messages from my host
The errors occur around the 20:17:57 time frame. You might see other errors from either previous attempts or for the time after when I tried to attach the storage domain. It looks like everything starts with an error -13 in sanlock. If the -13 maps to 13/EPERM in errno.h, then it is likely be some kind of permission or other access error. I saw things that were related to the nfs directories not being owned by vdsm:kvm, but that is not the case here.
I did see a note online about some issues with sanlock and F17 (which I am running), but those bugs were related to sanlock crashing.
Brian

That was the problem. I checked the sanlock_use_nfs boolean and it was off. I set it and then created and attached the storage and it all works. Thanks for the help/pointer. Brian On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote:
Hi Brian, I hate progressing by guesses but could you try to disable selinux:
# setenforce 0
If that works you could go on, re-enable it and try something more specific:
# setenforce 1 # setsebool sanlock_use_nfs on
I have the feeling that the vdsm patch setting the sanlock_use_nfs sebool flag didn't made it to fedora 17 yet. -- Federico
----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David Teigland" <teigland@redhat.com> Sent: Tuesday, October 23, 2012 6:10:36 PM Subject: Re: [Users] Error creating the first storage domain (NFS)
Ok. Here's four log files:
engine.log from my ovirt engine server. vdsm.log from my host sanlock.log from my host messages from my host
The errors occur around the 20:17:57 time frame. You might see other errors from either previous attempts or for the time after when I tried to attach the storage domain. It looks like everything starts with an error -13 in sanlock. If the -13 maps to 13/EPERM in errno.h, then it is likely be some kind of permission or other access error. I saw things that were related to the nfs directories not being owned by vdsm:kvm, but that is not the case here.
I did see a note online about some issues with sanlock and F17 (which I am running), but those bugs were related to sanlock crashing.
Brian

----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David Teigland" <teigland@redhat.com> Sent: Wednesday, October 24, 2012 4:54:11 AM Subject: Re: [Users] Error creating the first storage domain (NFS)
That was the problem. I checked the sanlock_use_nfs boolean and it was off. I set it and then created and attached the storage and it all works.
Thanks for testing. Do you have a way of verifying a scratch build? http://koji.fedoraproject.org/koji/taskinfo?taskID=4620480 This should fix your problem (on a brand new installation). -- Federico
On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote:
Hi Brian, I hate progressing by guesses but could you try to disable selinux:
# setenforce 0
If that works you could go on, re-enable it and try something more specific:
# setenforce 1 # setsebool sanlock_use_nfs on
I have the feeling that the vdsm patch setting the sanlock_use_nfs sebool flag didn't made it to fedora 17 yet. -- Federico
----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David Teigland" <teigland@redhat.com> Sent: Tuesday, October 23, 2012 6:10:36 PM Subject: Re: [Users] Error creating the first storage domain (NFS)
Ok. Here's four log files:
engine.log from my ovirt engine server. vdsm.log from my host sanlock.log from my host messages from my host
The errors occur around the 20:17:57 time frame. You might see other errors from either previous attempts or for the time after when I tried to attach the storage domain. It looks like everything starts with an error -13 in sanlock. If the -13 maps to 13/EPERM in errno.h, then it is likely be some kind of permission or other access error. I saw things that were related to the nfs directories not being owned by vdsm:kvm, but that is not the case here.
I did see a note online about some issues with sanlock and F17 (which I am running), but those bugs were related to sanlock crashing.
Brian

--Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Ugh. Spoke a little too soon. While I got past my problem creating a = storage domain, I ran into a new sanlock issue. When trying to run a VM (the first one so I can create a template), I = get an error in the admin UI: VM DCC4.0 is down. Exit message: Failed to acquire lock: Permission = denied. The sanlock.log file shows the following: 2012-10-23 22:32:02-0500 22023 [981]: s3:r3 resource = 8798edc0-dbd2-466d-8be9-1997f63e196f:71252c8f-68a9-495f-b5a6-4e8e035b56ea:= /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease:0 for 2,11,14629 2012-10-23 22:32:02-0500 22023 [981]: open error -13 = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease 2012-10-23 22:32:02-0500 22023 [981]: r3 acquire_token open error -13 2012-10-23 22:32:02-0500 22023 [981]: r3 cmd_acquire 2,11,14629 = acquire_token -13 I looked at the lease file referenced above, and it is there. [root@mech ~]# ls -l = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease -rw-rw----. 1 vdsm kvm 1048576 Oct 23 22:30 = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease On a lark, I turned off selinux enforcement and tried it again. It = worked just fine. So what selinux option do I need to enable to get it to work? The only = other sanlock specific settings I saw are: sanlock_use_fusefs --> off sanlock_use_nfs --> on sanlock_use_samba --> off Do I turn these all on or is there some other setting I need to enable? Brian On Oct 23, 2012, at 9:54 PM, Brian Vetter wrote:
That was the problem. I checked the sanlock_use_nfs boolean and it was = off. I set it and then created and attached the storage and it all = works. =20 Thanks for the help/pointer. =20 Brian =20 On Oct 23, 2012, at 8:55 PM, Federico Simoncelli wrote: =20
Hi Brian, I hate progressing by guesses but could you try to disable selinux: =20 # setenforce 0 =20 If that works you could go on, re-enable it and try something more specific: =20 # setenforce 1 # setsebool sanlock_use_nfs on =20 I have the feeling that the vdsm patch setting the sanlock_use_nfs sebool flag didn't made it to fedora 17 yet. --=20 Federico =20 ----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David = Teigland" <teigland@redhat.com> Sent: Tuesday, October 23, 2012 6:10:36 PM Subject: Re: [Users] Error creating the first storage domain (NFS) =20 Ok. Here's four log files: =20 engine.log from my ovirt engine server. vdsm.log from my host sanlock.log from my host messages from my host =20 The errors occur around the 20:17:57 time frame. You might see other errors from either previous attempts or for the time after when I tried to attach the storage domain. It looks like everything starts with an error -13 in sanlock. If the -13 maps to 13/EPERM in errno.h, then it is likely be some kind of permission or other access error. I saw things that were related to the nfs directories not being owned by vdsm:kvm, but that is not the case here. =20 I did see a note online about some issues with sanlock and F17 = (which I am running), but those bugs were related to sanlock crashing. =20 Brian =20
<div>On a lark, I turned off selinux enforcement and tried it again. It = worked just fine.</div><div><br></div><div>So what selinux option do I = need to enable to get it to work? The only other sanlock specific = settings I saw are:</div></div><blockquote = class=3D"webkit-indent-blockquote" style=3D"margin: 0 0 0 40px; border: = none; padding: 0px;"><div><div><div>sanlock_use_fusefs --> = off</div></div></div><div><div><div>sanlock_use_nfs --> = on</div></div></div><div><div><div>sanlock_use_samba --> = off</div></div></div></blockquote><div><div><br></div><div>Do I turn =
--Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Ugh. = Spoke a little too soon. While I got past my problem creating a storage = domain, I ran into a new sanlock issue.<div><br></div><div>When trying = to run a VM (the first one so I can create a template), I get an error = in the admin UI:</div><blockquote class=3D"webkit-indent-blockquote" = style=3D"margin: 0 0 0 40px; border: none; padding: 0px;"><div>VM DCC4.0 = is down. Exit message: Failed to acquire lock: Permission = denied.</div></blockquote><div><br></div><div>The sanlock.log file shows = the following:</div><blockquote class=3D"webkit-indent-blockquote" = style=3D"margin: 0 0 0 40px; border: none; padding: = 0px;"><div><div>2012-10-23 22:32:02-0500 22023 [981]: s3:r3 resource = 8798edc0-dbd2-466d-8be9-1997f63e196f:71252c8f-68a9-495f-b5a6-4e8e035b56ea:= /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease:0 for = 2,11,14629</div></div><div><div>2012-10-23 22:32:02-0500 22023 [981]: = open error -13 = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease</div></div><div><div>2012-10-23 = 22:32:02-0500 22023 [981]: r3 acquire_token open error = -13</div></div><div><div>2012-10-23 22:32:02-0500 22023 [981]: r3 = cmd_acquire 2,11,14629 acquire_token = -13</div></div></blockquote><div><br></div><div>I looked at the lease = file referenced above, and it is there.</div><blockquote = class=3D"webkit-indent-blockquote" style=3D"margin: 0 0 0 40px; border: = none; padding: 0px;"><div><div>[root@mech ~]# ls -l = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease</div></div><div><div>-rw-rw----. 1 vdsm = kvm 1048576 Oct 23 22:30 = /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-= 8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a= 9-495f-b5a6-4e8e035b56ea.lease</div></div></blockquote><div><div><br></div= these all on or is there some other setting I need to = enable?</div><div><br></div><div>Brian</div><div><br></div><div><div>On = Oct 23, 2012, at 9:54 PM, Brian Vetter wrote:</div><br = class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div>That = was the problem. I checked the sanlock_use_nfs boolean and it was off. I = set it and then created and attached the storage and it all = works.<br><br>Thanks for the help/pointer.<br><br>Brian<br><br>On Oct = 23, 2012, at 8:55 PM, Federico Simoncelli wrote:<br><br><blockquote = type=3D"cite">Hi Brian,<br></blockquote><blockquote type=3D"cite">I hate = progressing by guesses but could you try to disable = selinux:<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"># setenforce = 0<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote = type=3D"cite">If that works you could go on, re-enable it and try = something more<br></blockquote><blockquote = type=3D"cite">specific:<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"># setenforce = 1<br></blockquote><blockquote type=3D"cite"># setsebool sanlock_use_nfs = on<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote = type=3D"cite">I have the feeling that the vdsm patch setting the = sanlock_use_nfs<br></blockquote><blockquote type=3D"cite">sebool flag = didn't made it to fedora 17 yet.<br></blockquote><blockquote = type=3D"cite">-- <br></blockquote><blockquote = type=3D"cite">Federico<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">----- Original = Message -----<br></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">From: "Brian Vetter" <<a = href=3D"mailto:bjvetter@gmail.com">bjvetter@gmail.com</a>><br></blockqu= ote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite">To: = "Federico Simoncelli" <<a = href=3D"mailto:fsimonce@redhat.com">fsimonce@redhat.com</a>><br></block= quote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite">Cc:= "Vered Volansky" <<a = href=3D"mailto:vered@redhat.com">vered@redhat.com</a>>, <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a>, "David Teigland" = <<a = href=3D"mailto:teigland@redhat.com">teigland@redhat.com</a>><br></block= quote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">Sent: Tuesday, October 23, 2012 6:10:36 = PM<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">Subject: Re: [Users] Error creating the first storage = domain (NFS)<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">Ok. Here's four log = files:<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">engine.log from my ovirt engine = server.<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote= type=3D"cite">vdsm.log from my = host<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">sanlock.log from my = host<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">messages from my = host<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">The errors occur around the = 20:17:57 time frame. You might see = other<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">errors from either previous attempts or for the time after = when I<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">tried to attach the storage domain. It looks like = everything starts<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">with an error -13 in sanlock. If = the -13 maps to 13/EPERM in<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">errno.h, then it is likely be = some kind of permission or = other<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">access error. I saw things that were related to the nfs = directories<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">not being owned by vdsm:kvm, but = that is not the case here.<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">I did see a note online about = some issues with sanlock and F17 = (which<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">I am running), but those bugs were related to sanlock = crashing.<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite">Brian<br></blockquote></blockquote><br></div></blockquote></= div><br></div></body></html>= --Apple-Mail=_E4827EBF-B9F7-492B-9158-2E7B7111EEB7--

----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Federico Simoncelli" <fsimonce@redhat.com> Cc: "Vered Volansky" <vered@redhat.com>, users@ovirt.org, "David Teigland" <teigland@redhat.com> Sent: Wednesday, October 24, 2012 5:48:21 AM Subject: Re: [Users] Error creating the first storage domain (NFS)
Ugh. Spoke a little too soon. While I got past my problem creating a storage domain, I ran into a new sanlock issue.
When trying to run a VM (the first one so I can create a template), I get an error in the admin UI:
VM DCC4.0 is down. Exit message: Failed to acquire lock: Permission denied.
On a lark, I turned off selinux enforcement and tried it again. It worked just fine.
So what selinux option do I need to enable to get it to work? The only other sanlock specific settings I saw are:
sanlock_use_fusefs --> off sanlock_use_nfs --> on sanlock_use_samba --> off
Do I turn these all on or is there some other setting I need to enable?
No for nfs you just need sanlock_use_nfs. I'd say that if you could verify the scratch build that I prepared at: http://koji.fedoraproject.org/koji/taskinfo?taskID=4620480 (up until starting a vm), then all the new selinux errors/messages that you see in the audit log (/var/log/audit/audit.log) are issues that should be reported to the selinux-policy package. -- Federico
participants (2)
-
Brian Vetter
-
Federico Simoncelli