6 p.m.
Greetings,
I'm trying to upgrade from 4.3 to 4.4. When trying to mount the original nfs items,
I'm getting the following error:
vdsm.storage.exception.StorageServerAccessPermissionError: Permission settings on the
specified path do not allow access to the storage. Verify permission settings on the
specified storage path.: 'path = /rhev/data-center/mnt/nfshost:nfs_path'
with the following stack trace:
2020-10-08 19:00:17,961+0000 ERROR (jsonrpc/4) [storage.HSM] Could not connect to
storageServer (hsm:2421)
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/storage/fileSD.py", line 82, in
validateDirAccess
getProcPool().fileUtils.validateAccess(dirPath)
File "/usr/lib/python3.6/site-packages/vdsm/storage/outOfProcess.py", line
194, in validateAccess
raise OSError(errno.EACCES, os.strerror(errno.EACCES))
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/storage/hsm.py", line 2418, in
connectStorageServer
conObj.connect()
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py", line
449, in connect
return self._mountCon.connect()
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py", line
190, in connect
six.reraise(t, v, tb)
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py", line
183, in connect
self.getMountObj().getRecord().fs_file)
File "/usr/lib/python3.6/site-packages/vdsm/storage/fileSD.py", line 93, in
validateDirAccess
raise se.StorageServerAccessPermissionError(dirPath)
via an ls, it looks like there are the correct permissions:
ls -alh
total 0
drwxr-xr-x. 1 vdsm kvm 100 Oct 8 19:15 .
drwxr-xr-x. 4 vdsm kvm 115 Oct 8 19:02 ..
drwxr-xr-x. 1 vdsm kvm 52 Oct 1 20:35 ffe7b7bb-a391-42a9-9bae-480807509778
d---------. 1 vdsm kvm 22 Mar 17 2020 '#recycle'
But, I wrote a short script to check the individual permissions that are checked, and it
thinks I can't write to the directory:
We can Read From it: /rhev/data-center/mnt/nfshost:nfspath
We can't write to it: /rhev/data-center/mnt/nfshost:nfspath
We can execute to it: /rhev/data-center/mnt/nfshost:nfspath
This is doing a simple:
print(os.stat(path))
if os.access(path, os.F_OK):
print("It Exists", "/rhev/data-center/mnt/nfshost:nfspath")
else:
print("It Doesn't Exists",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.R_OK):
print("We can Read From it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can't Read from it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.W_OK):
print("We can write to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can't write to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.X_OK):
print("We can execute to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can can't to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
I took this same checks over to the Centos 7 host, and I it passes the checks fine.
Does anyone have any ideas?
Thanks,
Lee
7:22 p.m.
On Mon, Oct 12, 2020 at 6:03 PM <lee.hanel(a)gmail.com> wrote:
Greetings,
I'm trying to upgrade from 4.3 to 4.4. When trying to mount the original
nfs items, I'm getting the following error:
vdsm.storage.exception.StorageServerAccessPermissionError: Permission
settings on the specified path do not allow access to the storage. Verify
permission settings on the specified storage path.: 'path =
/rhev/data-center/mnt/nfshost:nfs_path'
with the following stack trace:
2020-10-08 19:00:17,961+0000 ERROR (jsonrpc/4) [storage.HSM] Could not
connect to storageServer (hsm:2421)
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/storage/fileSD.py", line 82,
in validateDirAccess
getProcPool().fileUtils.validateAccess(dirPath)
File "/usr/lib/python3.6/site-packages/vdsm/storage/outOfProcess.py",
line 194, in validateAccess
raise OSError(errno.EACCES, os.strerror(errno.EACCES))
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/storage/hsm.py", line 2418,
in connectStorageServer
conObj.connect()
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py",
line 449, in connect
return self._mountCon.connect()
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py",
line 190, in connect
six.reraise(t, v, tb)
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/vdsm/storage/storageServer.py",
line 183, in connect
self.getMountObj().getRecord().fs_file)
File "/usr/lib/python3.6/site-packages/vdsm/storage/fileSD.py", line 93,
in validateDirAccess
raise se.StorageServerAccessPermissionError(dirPath)
via an ls, it looks like there are the correct permissions:
ls -alh
total 0
drwxr-xr-x. 1 vdsm kvm 100 Oct 8 19:15 .
drwxr-xr-x. 4 vdsm kvm 115 Oct 8 19:02 ..
drwxr-xr-x. 1 vdsm kvm 52 Oct 1 20:35
ffe7b7bb-a391-42a9-9bae-480807509778
d---------. 1 vdsm kvm 22 Mar 17 2020 '#recycle'
The permissions and ownership seem correct, make sure the rest is set as
specified:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/...
In addition make sure you are exporting the shares with
*(rw,sync,no_root_suqash) for the relevant export paths on the NFS server
side,
and there is selinux context set for the shared folders:
# ls -lhZ
...
drwxr-xr-x. 2 vdsm kvm unconfined_u:object_r:default_t:s0 6 Jul 20 18:21
data
But, I wrote a short script to check the individual permissions that are
checked, and it thinks I can't write to the directory:
We can Read From it: /rhev/data-center/mnt/nfshost:nfspath
We can't write to it: /rhev/data-center/mnt/nfshost:nfspath
We can execute to it: /rhev/data-center/mnt/nfshost:nfspath
This is doing a simple:
print(os.stat(path))
if os.access(path, os.F_OK):
print("It Exists", "/rhev/data-center/mnt/nfshost:nfspath")
else:
print("It Doesn't Exists",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.R_OK):
print("We can Read From it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can't Read from it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.W_OK):
print("We can write to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can't write to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
if os.access(path, os.X_OK):
print("We can execute to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
else:
print("We can can't to it: ",
"/rhev/data-center/mnt/nfshost:nfspath")
I took this same checks over to the Centos 7 host, and I it passes the
checks fine.
Does anyone have any ideas?
Thanks,
Lee
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y33ZNSVWCR6...
7:46 p.m.
ok, I think that the selinux context might be wrong? but I saw nothing in the audit logs
about it.
drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
I don't see in the ovirt docs what the selinux context needs to be. Is what you
shared as an example the correct setting?
8:34 p.m.
On Mon, Oct 12, 2020 at 7:47 PM <lee.hanel(a)gmail.com> wrote:
ok, I think that the selinux context might be wrong? but I saw
nothing
in the audit logs about it.
drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
I don't see in the ovirt docs what the selinux context needs to be. Is
what you shared as an example the correct setting?
It's taken from a working nfs setup,
what is the /etc/exports (or equiv.) options settings on the server?
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5OSGBFRHYC3...
9:12 p.m.
my /etc/exports looks like:
(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
also to note, as vdsm I can create files/directories on the share.
On Mon, Oct 12, 2020 at 12:34 PM Amit Bawer <abawer(a)redhat.com> wrote:
>
>
>
> On Mon, Oct 12, 2020 at 7:47 PM <lee.hanel(a)gmail.com> wrote:
>>
>> ok, I think that the selinux context might be wrong? but I saw nothing in the
audit logs about it.
>>
>> drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
>>
>> I don't see in the ovirt docs what the selinux context needs to be. Is what
you shared as an example the correct setting?
>
> It's taken from a working nfs setup,
> what is the /etc/exports (or equiv.) options settings on the server?
>
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5OSGBFRHYC3...
9:33 p.m.
On Mon, Oct 12, 2020 at 9:12 PM Lee Hanel <lee.hanel(a)gmail.com> wrote:
my /etc/exports looks like:
(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
The anongid,anonuid options could be failing the qemu user access check,
Is there a special need to have them for the nfs shares for ovirt?
I'd suggest to specify the exports for ovirt on their own
/export/path1 *(rw,sync,no_root_suqash)
/export/path2 *(rw,sync,no_root_suqash)
...
also to note, as vdsm I can create files/directories on the share.
On Mon, Oct 12, 2020 at 12:34 PM Amit Bawer <abawer(a)redhat.com> wrote:
>
>
>
> On Mon, Oct 12, 2020 at 7:47 PM <lee.hanel(a)gmail.com> wrote:
>>
>> ok, I think that the selinux context might be wrong? but I saw
nothing in the audit logs about it.
>>
>> drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
>>
>> I don't see in the ovirt docs what the selinux context needs to be. Is
what you shared as an example the correct setting?
>
> It's taken from a working nfs setup,
> what is the /etc/exports (or equiv.) options settings on the server?
>
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5OSGBFRHYC3...
9:36 p.m.
On Mon, Oct 12, 2020 at 9:33 PM Amit Bawer <abawer(a)redhat.com> wrote:
On Mon, Oct 12, 2020 at 9:12 PM Lee Hanel <lee.hanel(a)gmail.com> wrote:
> my /etc/exports looks like:
>
>
(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
>
The anongid,anonuid options could be failing the qemu user access check,
Is there a special need to have them for the nfs shares for ovirt?
I'd suggest to specify the exports for ovirt on their own
/export/path1 *(rw,sync,no_root_suqash)
/export/path2 *(rw,sync,no_root_suqash)
mind the typo "squash":
/export/path2 *(rw,sync,no_root_squash)
...
> also to note, as vdsm I can create files/directories on the share.
>
>
> On Mon, Oct 12, 2020 at 12:34 PM Amit Bawer <abawer(a)redhat.com> wrote:
> >
> >
> >
> > On Mon, Oct 12, 2020 at 7:47 PM <lee.hanel(a)gmail.com> wrote:
> >>
> >> ok, I think that the selinux context might be wrong? but I saw
> nothing in the audit logs about it.
> >>
> >> drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
> >>
> >> I don't see in the ovirt docs what the selinux context needs to be.
> Is what you shared as an example the correct setting?
> >
> > It's taken from a working nfs setup,
> > what is the /etc/exports (or equiv.) options settings on the server?
> >
> >> _______________________________________________
> >> Users mailing list -- users(a)ovirt.org
> >> To unsubscribe send an email to users-leave(a)ovirt.org
> >> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> >> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> >> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5OSGBFRHYC3...
>
>
7:47 a.m.
I have seen a lot of users to use anonguid=36,anonuid=36,all_squash to force the vdsm:kvm
ownership on the system.
Best Regards,
Strahil Nikolov
В понеделник, 12 октомври 2020 г., 21:40:42 Гринуич+3, Amit Bawer
<abawer(a)redhat.com> написа:
On Mon, Oct 12, 2020 at 9:33 PM Amit Bawer <abawer(a)redhat.com> wrote:
On Mon, Oct 12, 2020 at 9:12 PM Lee Hanel <lee.hanel(a)gmail.com> wrote:
> my /etc/exports looks like:
>
(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
The anongid,anonuid options could be failing the qemu user access check,
Is there a special need to have them for the nfs shares for ovirt?
I'd suggest to specify the exports for ovirt on their own
/export/path1 *(rw,sync,no_root_suqash)
/export/path2 *(rw,sync,no_root_suqash)
mind the typo "squash":
/export/path2 *(rw,sync,no_root_squash)
...
>
> also to note, as vdsm I can create files/directories on the share.
>
>
> On Mon, Oct 12, 2020 at 12:34 PM Amit Bawer <abawer(a)redhat.com> wrote:
>>
>>
>>
>> On Mon, Oct 12, 2020 at 7:47 PM <lee.hanel(a)gmail.com> wrote:
>>>
>>> ok, I think that the selinux context might be wrong? but I saw nothing in
the audit logs about it.
>>>
>>> drwxr-xr-x. 1 vdsm kvm system_u:object_r:nfs_t:s0 40 Oct 8 17:19 /data
>>>
>>> I don't see in the ovirt docs what the selinux context needs to be. Is
what you shared as an example the correct setting?
>>
>> It's taken from a working nfs setup,
>> what is the /etc/exports (or equiv.) options settings on the server?
>>
>>> _______________________________________________
>>> Users mailing list -- users(a)ovirt.org
>>> To unsubscribe send an email to users-leave(a)ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5OSGBFRHYC3...
>
>
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VGLS62COSG7...
1502
days inactive
1503
days old
7 comments
4 participants
participants (4)
-
Amit Bawer -
Lee Hanel -
lee.hanel@gmail.com
-
Strahil Nikolov