[Users] "permission settings on the specified path do not allow access to the storage"

Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here? ---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN [org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO [org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand] (http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System -- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory

It seems that the problem came from the name of the data domain to be created. I used "data" to be the name. Is "data" a reserved name for the storage domain? On 2012-3-6 17:30, Shu Ming wrote:
Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here?
---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN [org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO [org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand] (http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory

Manually mount and touch with kvm:qemu user/group and see if success? 2012/3/6 Shu Ming <shuming@linux.vnet.ibm.com>:
It seems that the problem came from the name of the data domain to be created. I used "data" to be the name. Is "data" a reserved name for the storage domain?
On 2012-3-6 17:30, Shu Ming wrote:
Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here?
---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN [org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO [org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand] (http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

The problem was resloved and It might come from the naming problem using 'data' as domain name. On 2012-3-6 22:55, Xiaofan wrote:
Manually mount and touch with kvm:qemu user/group and see if success?
2012/3/6 Shu Ming<shuming@linux.vnet.ibm.com>:
It seems that the problem came from the name of the data domain to be created. I used "data" to be the name. Is "data" a reserved name for the storage domain?
On 2012-3-6 17:30, Shu Ming wrote:
Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here?
---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN [org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO [org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand] (http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory

On 03/06/2012 05:17 PM, Shu Ming wrote:
The problem was resloved and It might come from the naming problem using 'data' as domain name.
can you please elaborate - i don't know such a limitation, anyhow the error shows a permission problem if this isn't the case we should handle it. Moran.
On 2012-3-6 22:55, Xiaofan wrote:
Manually mount and touch with kvm:qemu user/group and see if success?
2012/3/6 Shu Ming<shuming@linux.vnet.ibm.com>:
It seems that the problem came from the name of the data domain to be created. I used "data" to be the name. Is "data" a reserved name for the storage domain?
On 2012-3-6 17:30, Shu Ming wrote:
Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here?
---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO
[org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand]
(http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

On 03/06/2012 05:17 PM, Shu Ming wrote:
The problem was resloved and It might come from the naming problem using 'data' as domain name.
can you please elaborate - i don't know such a limitation, anyhow the error shows a permission problem if this isn't the case we should handle it. Moran. Another possible reason is the owner of "/data" is root.root, though the
On 2012-3-7 16:34, Moran Goldboim wrote: permission is "777".
On 2012-3-6 22:55, Xiaofan wrote:
Manually mount and touch with kvm:qemu user/group and see if success?
2012/3/6 Shu Ming<shuming@linux.vnet.ibm.com>:
It seems that the problem came from the name of the data domain to be created. I used "data" to be the name. Is "data" a reserved name for the storage domain?
On 2012-3-6 17:30, Shu Ming wrote:
Hi, My ovirt-engine was setup on a vm host with ip:xxx.xxx.xxx.112. And I am trying to create a new domain with ovirt-engine UI by the "Storage"--> "New Domain". And the following error happened. However I can mount the xxx.xxx.xxx.110:/data by "mount -t nfs xxx.xxx.xxx.110:/data /mnt" manually in the ovirt-engine host, also a new file can be created under the mounted directory with "touch xx". It looks to me that there is no permission problem when I access the remote nfs path manually. So does ovirt-engine enforce additional permission check beside the normal unix file permission check here?
---- [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log [root@ovirt-engine-112 /]# vim /var/log/ovirt-engine/engine.log 2012-03-06 00:38:51,165 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) START, ValidateStorageServerConnectionVDSCommand(vdsId = 46a83d56-66d9-11e1-8004-5254009e821b, storagePoolId = 00000000-0000-0000-0000-000000000000, storageType = NFS, connectionList = [{ id: null, connection: xxx.xxx.xxx.110:/data };]), log id: 1899002d 2012-03-06 00:38:51,297 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ValidateStorageServerConnectionVDSCommand] (http--0.0.0.0-8080-6) FINISH, ValidateStorageServerConnectionVDSCommand, return: {00000000-0000-0000-0000-000000000000=469}, log id: 1899002d 2012-03-06 00:38:51,300 ERROR [org.ovirt.engine.core.bll.storage.NFSStorageHelper] (http--0.0.0.0-8080-6) The connection with details xxx.xxx.xxx.110:/data failed because of error code 469 and error message is: permission settings on the specified path do not allow access to the storage. verify permission settings on the specified storage path. 2012-03-06 00:38:51,300 WARN
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] (http--0.0.0.0-8080-6) CanDoAction of action AddStorageServerConnection failed. Reasons:ACTION_TYPE_FAILED_STORAGE_CONNECTION 2012-03-06 00:38:51,425 INFO
[org.ovirt.engine.core.bll.storage.RemoveStorageServerConnectionCommand]
(http--0.0.0.0-8080-4) Running command: RemoveStorageServerConnectionCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Shu Ming<shuming@linux.vnet.ibm.com> IBM China Systems and Technology Laboratory
participants (3)
-
Moran Goldboim
-
Shu Ming
-
Xiaofan