[Kimchi-devel] [PATCH] Set virt_use_nfs when NFS pool is added.
Rodrigo Trujillo
rodrigo.trujillo at linux.vnet.ibm.com
Tue Apr 1 19:45:57 UTC 2014
On 04/01/2014 11:02 AM, Christy Perez wrote:
>
>
> On Tue, 2014-04-01 at 14:24 +0800, Royce Lv wrote:
>> On 2014年03月29日 05:20, Christy Perez wrote:
>>> selinux has a special boolean to make it easier for disk images
>>> to be stored on a remote NFS server. Set this to true when a user
>>> adds an NFS storage pool.
>>>
>>> Most virtualzation documentation recommends that this be set
>>> to true. For example:
>>> http://www.ovirt.org/Troubleshooting_NFS_Storage_Issues
>>> http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems
>>>
>>> This will leave it set to true, even if
>>> the user removes NFS storage pools. It is not a security risk, and
>>> we should not set it to False in case it had already been set by the
>>> user for another non-kimchi use.
>>>
>>> Signed-off-by: Christy Perez <christy at linux.vnet.ibm.com>
>>> ---
>>> src/kimchi/i18n.py | 2 ++
>>> src/kimchi/model/storagepools.py | 5 +++++
>>> 2 files changed, 7 insertions(+)
>>>
>>> diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py
>>> index d45f607..8ade7d7 100644
>>> --- a/src/kimchi/i18n.py
>>> +++ b/src/kimchi/i18n.py
>>> @@ -144,6 +144,8 @@ messages = {
>>> "KCHPOOL0034E": _("Unable to deactivate pool %(name)s as it is associated with some templates"),
>>> "KCHPOOL0035E": _("Unable to delete pool %(name)s as it is associated with some templates"),
>>> "KCHPOOL0036E": _("A volume group named '%(name)s' already exists. Please, choose another name to create the logical pool."),
>>> + "KCHPOOL0037E": _("Unable to set selinux bool virt_use_nfs for NFS pool usage. Depending on \
>>> + your NFS config, this may prevent the pool from being used."),
I think that log messages does not need to be translated, so you do not
need to add it to i18n.
I may be wrong, but, for instance, if someone is using kimchi in
chinese, then the log entry will be in chinese. The Kimchi
server might be in another place, where the admin does not necessarily
understand Chinese.
Can someone confirm this ? Please
>>> "KCHVOL0001E": _("Storage volume %(name)s already exists"),
>>> "KCHVOL0002E": _("Storage volume %(name)s does not exist in storage pool %(pool)s"),
>>> diff --git a/src/kimchi/model/storagepools.py b/src/kimchi/model/storagepools.py
>>> index 92b2496..d279ffa 100644
>>> --- a/src/kimchi/model/storagepools.py
>>> +++ b/src/kimchi/model/storagepools.py
>>> @@ -126,6 +126,11 @@ class StoragePoolsModel(object):
>>> kimchi_log.error("Problem creating Storage Pool: %s", e)
>>> raise OperationFailed("KCHPOOL0007E",
>>> {'name': name, 'err': e.get_error_message()})
>>> + if params['type'] == 'netfs':
>>> + output, error, returncode = run_command(['setsebool', '-P',
>>> + 'virt_use_nfs=1'])
>> 1. what about turn this on when start kimchi? Cause we just need to
>> enable this for the first time.
> I'm okay with that too, but I figured setting it only if it'll be used
> made more sense. Is there a reason to set it at startup vs this?
>
>> 2. For Debian using apparmor, it does not have setsebool, I think this
>> need to be handled too.
> I was using the package repository logic of "just try to set it." I
> figured there were too many "what ifs" to check and went with a simple
> approach. Is that going to cause issues? Is there an equivalent to
> virt_use_nfs for Debian? Or will this problem not occur there?
>
>>> + if error or returncode:
>>> + kimchi_log.error('KCHPOOL0037E')
>>> return name
>>>
>>> def _clean_scan(self, pool_name):
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
More information about the Kimchi-devel
mailing list