Bug#993920: marked as done (Migration of guests fails on drbd with kvm)

Debian Bug Tracking System Sat, 12 Mar 2022 14:36:18 -0800

Your message dated Sat, 12 Mar 2022 22:33:48 +0000
with message-id <[email protected]>
and subject line Bug#993920: fixed in ganeti 3.0.2-1
has caused the Debian Bug report #993920,
regarding Migration of guests fails on drbd with kvm
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
993920: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993920
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: ganeti
Version: 3.0.1-2
Severity: important

Hi!

I tried to contact you through the ganeti at packages.d.o address but I'm
not sure that has arrived to any mailbox, so I'm opening a bug so that we
can comment this.

After having all the nodes of a ganeti cluster updated to bullseye and
cleaned, the cluster is running ok and everything looks fine, so...  I
started moving the guests to their default node and...  guests started to
freeze as they reached the destination node :-(
                                                                                
When I tried to see what had happened to those guests connecting to the
console...  I got:
                                                                                
# gnt-instance console sid
Instance sid is paused, unpausing

But the machine remains in a halted state, farder investigation of what had
happened revealed...
                                                                                
# cat /var/log/ganeti/kvm/sid.log
kvm: Could not open '/var/run/ganeti/instance-disks/sid:0': Permission denied
# ls -l /var/run/ganeti/instance-disks/sid:0
lrwxrwxrwx 1 root root 11 sep  2 12:48 /var/run/ganeti/instance-disks/sid:0 -> 
/dev/drbd11
# ls -l /dev/drbd*
brw-rw---- 1 root disk 147,  0 sep  2 12:50 /dev/drbd0
brw-rw---- 1 root disk 147,  1 sep  2 12:50 /dev/drbd1
brw-rw---- 1 root disk 147, 10 sep  2 12:50 /dev/drbd10
brw-rw---- 1 root disk 147, 11 sep  2 12:48 /dev/drbd11
# id sid
uid=123(sid) gid=105(kvm) groups=105(kvm)

I run the machine as user sid (security_domain: sid), of course user sid
cannot open the drbd I don't think it should either.

I tested to see if this was the real problem, I changed group from disk to
kvm on the secondary node of sid and then did a migration without any
problem.

So...  looks like we are dropping privilege too soon and we move to the
security domain user before the drbd is opened, so we can't open it when it
is needed.

I don't know if this is a problem on ganeti's side or if it is related to
kvm, but I wanted to comment on it so that we can find a fix.

Thanks in advance.

-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ganeti depends on:
ii  adduser              3.118
ii  ganeti-3.0           3.0.1-2
ii  ganeti-haskell-3.0   3.0.1-2
ii  ganeti-htools-3.0    3.0.1-2
ii  init-system-helpers  1.60
ii  lsb-base             11.1.0
ii  python3              3.9.2-3

Versions of packages ganeti recommends:
ii  drbd-utils                   9.15.0-1
ii  fdisk                        2.36.1-8
ii  ganeti-instance-debootstrap  0.16-6.1
pn  ndisc6                       <none>
ii  qemu-system-x86              1:5.2+dfsg-11

Versions of packages ganeti suggests:
pn  blktap-dkms  <none>
pn  ganeti-doc   <none>
pn  molly-guard  <none>

--- End Message ---

--- Begin Message ---

Source: ganeti
Source-Version: 3.0.2-1
Done: Apollon Oikonomopoulos <[email protected]>

We believe that the bug you reported is fixed in the latest version of
ganeti, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <[email protected]> (supplier of updated ganeti package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Mar 2022 23:23:27 +0200
Source: ganeti
Architecture: source
Version: 3.0.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ganeti Team <[email protected]>
Changed-By: Apollon Oikonomopoulos <[email protected]>
Closes: 993920 1006003
Changes:
 ganeti (3.0.2-1) unstable; urgency=medium
 .
   * New upstream release (closes: #1006003, #993920)
   * Drop patches merged upstream
   * d/copyright: adjust years and upstream copyright info
Checksums-Sha1:
 704d57bcb2fe90283622daff95ef6ca0339335e5 3368 ganeti_3.0.2-1.dsc
 d0b7c6d40ad54ad87001ee430beef79dd99b600d 2682413 ganeti_3.0.2.orig.tar.gz
 f2f382f0fd4e9a6f94ce0ce4e3c2ba1da15daaec 45700 ganeti_3.0.2-1.debian.tar.xz
 86289e5ca62862b0d337d7862692a8056412ac69 15687 ganeti_3.0.2-1_amd64.buildinfo
Checksums-Sha256:
 1cd2a155fd24e256024cf9c9011444e9aa662b4534003993a3a95ce4519d85e1 3368 
ganeti_3.0.2-1.dsc
 66864ffe105931b2344a562cedc7476a23e3dd2f3a20565388363e7f5aa95761 2682413 
ganeti_3.0.2.orig.tar.gz
 1c044b23c36afeb4b2e505060917ec1c5308cb81bedd3ca8ccafecf5b3a55271 45700 
ganeti_3.0.2-1.debian.tar.xz
 2264fe0bdcc0bffccc1476fe310e940ecad86c66a18d844eceb0bfe2be096d76 15687 
ganeti_3.0.2-1_amd64.buildinfo
Files:
 87b92e2e758a4f395409f227d6a5a22e 3368 admin optional ganeti_3.0.2-1.dsc
 a14a6c1702ccaa4e9d22d44045edd4c4 2682413 admin optional 
ganeti_3.0.2.orig.tar.gz
 ab98e05eb0d97cc338bae8fd5e279c3b 45700 admin optional 
ganeti_3.0.2-1.debian.tar.xz
 5553868c3ae34902b62676e0ec49b2e3 15687 admin optional 
ganeti_3.0.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAmItGlkTHGFwb2lrb3NA
ZGViaWFuLm9yZwAKCRD1GxjHICSCJL2yEACyGNsHUdmMNIoPFDYGU8qog+Ysl8pB
d7a+M0xCGWpZAV1cUXV9y1wY7riHtElH5qbArQkTzekyxe2seBiXp+fUYWaV/J5q
BaiSWu+XThShJtLLG8kB72b+RYn2mqs9nucNMcp++7aO32XfoeLKxVTEzKc4OH84
BhjzFERESJ/UsANsCB+Ypp+h/oaJ6bnD/6ZnVjFPvvsMo20ox02z+3SKXFa7q04s
QGZpOidUmLdB5rDxhV3zAoOivWxn9mDMrOa0gjBsRzHntq6jdc8/Wc8Ia/8P0NQZ
CYob20nqwmz/dytyNUL7mTFMVum+tlRKWF8bJb1Of6QXzLzwAW5sbXNVlU/yCoBn
EzF+eLz8zWiv/VGUjjfj/1WNyohq6cjLNuNROdhXTUi+8PnutKLbFHhL1ht12xE1
pZNzK+KOVd5hTNcvAkOo4mQV0tSCemZ32E6ZPWwwqg4XsUMK45qAl90tJfRTikR8
2xO7ihBSUv2hpL0RSeZDbMrLzB1E3tDRLEm4f98b46QxDXkoQjrk4d4igVzn3Mwy
m7A/bM70BWeOaJMjLPPoKjfc1axgJSQhPw4Ab20WVwNZKUiJIcrXu3gay8+j0yjC
0DvC85EVsIiMGMoYqpyXvzGdRtxPlfQDwlurNTefiliabp4MkFBqFOX/lH5rAme6
9NHSjTngGzRQIA==
=WK87
-----END PGP SIGNATURE-----

--- End Message ---

Bug#993920: marked as done (Migration of guests fails on drbd with kvm)

Reply via email to