[Kimchi-devel] Fwd: [project-kimchi] NFS img permission problem
Aline Manera
alinefm at linux.vnet.ibm.com
Fri Jan 24 03:29:46 UTC 2014
On 01/22/2014 11:43 AM, Royce Lv wrote:
>
>
> Guys,
>
> When testing with kimchi nfs feature, I filed two issues related to
> nfs image permission problem:
>
> 1. volume creation failure: Because of storage pool permission is
> not configured to make write
> permission.(https://github.com/kimchi-project/kimchi/issues/261)
> 2. vm with volume cannot be started: Root users are mapped to
> nobody, so img it created cannot be accessed by libvirt-qemu(on ubuntu)
> user.(https://github.com/kimchi-project/kimchi/issues/267)
>
> After discussed with Mark Wu, we would like to propose the
> following to resolve these two problem:
>
> 1. To allow creation: export with all_squash(gid = kimchi_guid) and
> group allow write permission. Also with planned nfs-pool prevalidation
> (a timeout try mount in a process), we can check if the gid and
> permission is right. This will save us from future trouble.
>
It is only related to NFS server setup, right?
/home/alinefm *(rw,all_squash,anongid=<kimchi-gid>)
So for that we should only write instructions to user on README or
other doc file.
> 2. To allow qemu process(started by libvirt) to access img, we add
> uid ('qemu' under fedora and 'libvirt-qemu' under ubuntu) which running
> qemu process to 'kimchi' group to allow the write access of the img.
>
For that we need to create a group with the same kimchi gid used for NFS
server
and then add 'qemu/libvirt-qemu' to this group?
Is that right?
> I am also investigating other possibilities like using storage pool
> permissions and so on.
> Welcome thoughts on it!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140124/dcfd49bf/attachment.html>
More information about the Kimchi-devel
mailing list