[Kimchi-devel] [PATCH] Set virt_use_nfs when NFS pool is added.

Christy Perez christy at linux.vnet.ibm.com
Thu Apr 10 19:48:50 UTC 2014 

I do need to hard-code this message. If there's nothing else, I'll go
ahead and submit a v2 with just that change.


On Tue, 2014-04-01 at 16:57 -0300, Rodrigo Trujillo wrote:
> On 04/01/2014 04:45 PM, Rodrigo Trujillo wrote:
> > On 04/01/2014 11:02 AM, Christy Perez wrote:
> >>
> >>
> >> On Tue, 2014-04-01 at 14:24 +0800, Royce Lv wrote:
> >>> On 2014年03月29日 05:20, Christy Perez wrote:
> >>>> selinux has a special boolean to make it easier for disk images
> >>>> to be stored on a remote NFS server. Set this to true when a user
> >>>> adds an NFS storage pool.
> >>>>
> >>>> Most virtualzation documentation recommends that this be set
> >>>> to true. For example:
> >>>> http://www.ovirt.org/Troubleshooting_NFS_Storage_Issues
> >>>> http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems
> >>>>
> >>>> This will leave it set to true, even if
> >>>> the user removes NFS storage pools. It is not a security risk, and
> >>>> we should not set it to False in case it had already been set by the
> >>>> user for another non-kimchi use.
> >>>>
> >>>> Signed-off-by: Christy Perez <christy at linux.vnet.ibm.com>
> >>>> ---
> >>>>    src/kimchi/i18n.py               | 2 ++
> >>>>    src/kimchi/model/storagepools.py | 5 +++++
> >>>>    2 files changed, 7 insertions(+)
> >>>>
> >>>> diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py
> >>>> index d45f607..8ade7d7 100644
> >>>> --- a/src/kimchi/i18n.py
> >>>> +++ b/src/kimchi/i18n.py
> >>>> @@ -144,6 +144,8 @@ messages = {
> >>>>        "KCHPOOL0034E": _("Unable to deactivate pool %(name)s as it 
> >>>> is associated with some templates"),
> >>>>        "KCHPOOL0035E": _("Unable to delete pool %(name)s as it is 
> >>>> associated with some templates"),
> >>>>        "KCHPOOL0036E": _("A volume group named '%(name)s' already 
> >>>> exists. Please, choose another name to create the logical pool."),
> >>>> +    "KCHPOOL0037E": _("Unable to set selinux bool virt_use_nfs for 
> >>>> NFS pool usage. Depending on \
> >>>> +                       your NFS config, this may prevent the pool 
> >>>> from being used."),
> > I think that log messages does not need to be translated, so you do 
> > not need to add it to i18n.
> > I may be wrong, but, for instance, if someone is using kimchi in 
> > chinese, then the log entry will be in chinese. The Kimchi
> > server might be in another place, where the admin does not necessarily 
> > understand Chinese.
> >
> > Can someone confirm this ? Please
> 
> I confirmed with Aline and, actually, the log functions do not translate 
> "error code" in messages.... so you would see
> "KCHPOOL0037E" in the log.
> So, you must hard code the log message.
> 
> >
> >>>>        "KCHVOL0001E": _("Storage volume %(name)s already exists"),
> >>>>        "KCHVOL0002E": _("Storage volume %(name)s does not exist in 
> >>>> storage pool %(pool)s"),
> >>>> diff --git a/src/kimchi/model/storagepools.py 
> >>>> b/src/kimchi/model/storagepools.py
> >>>> index 92b2496..d279ffa 100644
> >>>> --- a/src/kimchi/model/storagepools.py
> >>>> +++ b/src/kimchi/model/storagepools.py
> >>>> @@ -126,6 +126,11 @@ class StoragePoolsModel(object):
> >>>>                kimchi_log.error("Problem creating Storage Pool: 
> >>>> %s", e)
> >>>>                raise OperationFailed("KCHPOOL0007E",
> >>>>                                      {'name': name, 'err': 
> >>>> e.get_error_message()})
> >>>> +        if params['type'] == 'netfs':
> >>>> +            output, error, returncode = run_command(['setsebool', 
> >>>> '-P',
> >>>> + 'virt_use_nfs=1'])
> >>> 1. what about turn this on when start kimchi? Cause we just need to
> >>> enable this for the first time.
> >> I'm okay with that too, but I figured setting it only if it'll be used
> >> made more sense. Is there a reason to set it at startup vs this?
> >>
> >>> 2. For Debian using apparmor, it does not have setsebool, I think this
> >>> need to be handled too.
> >> I was using the package repository logic of "just try to set it." I
> >> figured there were too many "what ifs" to check and went with a simple
> >> approach. Is that going to cause issues? Is there an equivalent to
> >> virt_use_nfs for Debian? Or will this problem not occur there?
> >>
> >>>> +            if error or returncode:
> >>>> +                kimchi_log.error('KCHPOOL0037E')
> >>>>            return name
> >>>>
> >>>>        def _clean_scan(self, pool_name):
> >>
> >> _______________________________________________
> >> Kimchi-devel mailing list
> >> Kimchi-devel at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
> >
> > _______________________________________________
> > Kimchi-devel mailing list
> > Kimchi-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/kimchi-devel
> 

Regards,

- Christy

More information about the Kimchi-devel mailing list