[ovirt-users] Re: Still having NFS issues. (Permissions)
Hi Robert, I've found this one: https://www.ovirt.org/develop/troubleshooting-nfs-storage-issues.html IIRC, you don't need to use 'chown 36:36 /storage/', since no squash mode needed. Can you please share the result of 'cat /etc/exports'? It is supposed to be of the form: /storage *(rw,sync,no_root_squash) In addition, make sure the rpcbind and nfs-server services are running. Also, it seems there are a few mail threads about your issue, and it's hard to follow your steps and tries. Please avoid that by replying to this email instead of opening another thread. *Regards,* *Shani Leviim* On Sat, Dec 14, 2019 at 8:43 PM Robert Webb wrote: > So I did some testing and and removed the “all_squash,anonuid=36,anongid=36”, > set all the image directories to 0755, added libvirt to the kvm group, then > rebooted. > > > > After doing so, sanlock had no access to the directories and neither did > libvert. Leaving everything else alone, I changed the the perms to 0760, > sanlock no longer complained, but libvirtd still complained about file > permissions. > > > > Next test was to the change file perms to 770 and I got the same error > with libvertd. > > > > I have not done any linux work for quite a while so please correct me, but > if I do a “ps aux | grep libvirt” I see the libvritd process running as > root. Does the libvirt user get invoked only when a script is running? If > the daemon is only running as root, then would it not be trying to access > storage as root at this point? > > > > This is my ps list: > > > > root 2898 0.1 0.0 1553860 28580 ? Ssl 14:45 0:01 > /usr/sbin/libvirtd –listen > > > > > > Here is what I see in the audit log: > > > > type=VIRT_CONTROL msg=audit(1576336098.295:451): pid=2898 uid=0 > auid=4294967295 ses=4294967295 > subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start > reason=booted vm="HostedEngine" uuid=70679ece-fbe9-4402-b9b0-34bbee9b6e69 > vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed > > > > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHUU6CCXTIACJUGRI5EKL4INMKPLU2N4/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VHI6SUCKDNOBHUDD4FIJWLNP7YHPYKR2/
[ovirt-users] Re: Still having NFS issues. (Permissions)
So I did some testing and and removed the "all_squash,anonuid=36,anongid=36", set all the image directories to 0755, added libvirt to the kvm group, then rebooted. After doing so, sanlock had no access to the directories and neither did libvert. Leaving everything else alone, I changed the the perms to 0760, sanlock no longer complained, but libvirtd still complained about file permissions. Next test was to the change file perms to 770 and I got the same error with libvertd. I have not done any linux work for quite a while so please correct me, but if I do a "ps aux | grep libvirt" I see the libvritd process running as root. Does the libvirt user get invoked only when a script is running? If the daemon is only running as root, then would it not be trying to access storage as root at this point? This is my ps list: root 2898 0.1 0.0 1553860 28580 ? Ssl 14:45 0:01 /usr/sbin/libvirtd -listen Here is what I see in the audit log: type=VIRT_CONTROL msg=audit(1576336098.295:451): pid=2898 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="HostedEngine" uuid=70679ece-fbe9-4402-b9b0-34bbee9b6e69 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHUU6CCXTIACJUGRI5EKL4INMKPLU2N4/
[ovirt-users] Re: Still having NFS issues. (Permissions)
It also appears that sanlock needs AT LEAST rw permissions on the group as rx breaks it per logs. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5LBJ7AS4NMP42DTNJWPSMGQO67PGOT27/
[ovirt-users] Re: Still having NFS issues. (Permissions)
On Thu, Dec 12, 2019 at 6:36 PM Milan Zamazal wrote: > > Strahil writes: > > > Why do you use 'all_squash' ? > > > > all_squashMap all uids and gids to the anonymous user. Useful for > > NFS-exported public FTP directories, news spool directories, etc. The > > opposite option is no_all_squash, which is the default setting. > > AFAIK all_squash,anonuid=36,anongid=36 is the recommended NFS setting > for oVirt and the only one guaranteed to work. Any user which is not vdsm or in group kvm should not have access to storage, so all_squash is not needed. anonuid=36,anongid=36 is required only for root_squash, I think because libvirt is accessing storage as root. We probably need to add libvirt to kvm group like we do with sanlock, so we don't have to allow root access to storage. This how we allow sanlock access to vdsm managed storage. > Regards, > Milan > > > Best Regards, > > Strahil NikolovOn Dec 10, 2019 07:46, Tony Brian Albers wrote: > >> > >> On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: > >> > To add, the 757 permission does not need to be on the .lease or the > >> > .meta files. > >> > > >> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ > >> > >> Good morning, > >> > >> Check SELinux just in case. > >> > >> Here's my config: > >> > >> NFS server: > >> /etc/exports: > >> /data/ovirt > >> *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) > >> > >> Folder: > >> [root@kst001 ~]# ls -ld /data/ovirt > >> drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt > >> > >> Subfolders: > >> [root@kst001 ~]# ls -l /data/ovirt/* > >> -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ > >> > >> /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: > >> total 4 > >> drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md > >> drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images > >> drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master > >> [root@kst001 ~]# > >> > >> > >> The user: > >> [root@kst001 ~]# id vdsm > >> uid=36(vdsm) gid=36(kvm) groups=36(kvm) > >> [root@kst001 ~]# > >> > >> And output from 'mount' on a host: > >> kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs > >> (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, > >> nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr= >> server- > >> ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr= >> -server-ip>) > >> > >> > >> HTH > >> > >> /tony > >> ___ > >> Users mailing list -- users@ovirt.org > >> To unsubscribe send an email to users-le...@ovirt.org > >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > >> oVirt Code of Conduct: > >> https://www.ovirt.org/community/about/community-guidelines/ > >> List Archives: > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/ > > ___ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z5XPTK5B4KTITNDRFKR3C7TQYUXQTC4A/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/TSSPIUYPPGSAS5TUV3GUWMWNIGGIB2NF/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CO4UFLVDTSLO5S3XPA4PYXG3OGUSHSVP/
[ovirt-users] Re: Still having NFS issues. (Permissions)
On Fri, Dec 13, 2019 at 1:39 AM Nir Soffer wrote: > > On Tue, Dec 10, 2019 at 4:35 PM Robert Webb wrote: > > ... > > >https://ovirt.org/develop/troubleshooting-nfs-storage-issues.html > > > > > >Generally speaking: > > > > > >Files there are created by vdsm (vdsmd), but are used (when running VMs) > > >by qemu. So both of them need access. > > > > So the link to the NFS storage troubleshooting page is where I found that > > the perms needed to be 755. > > I think this is an error in the troubleshooting page. There is no > reason to allow access to > other users except vdsm:kvm. The page mentions other daemons: >> In principle, the user vdsm, with uid 36 and gid 36, must have read and >> write permissions on >> all NFS exports. However, some daemons on the hypervisor hosts (for example, >> sanlock) >> use a different uid but need access to the directory too. But other daemon that should have access to vdsm storage are in the kvm group (vdsm configure this during installation): $ id sanlock uid=179(sanlock) gid=179(sanlock) groups=179(sanlock),6(disk),36(kvm),107(qemu) > ... > > Like this: > > > > drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . > > drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. > > -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 > > 5a514067-82fb-42f9-b436-f8f93883fe27 > > -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 > > 5a514067-82fb-42f9-b436-f8f93883fe27.lease > > -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 > > 5a514067-82fb-42f9-b436-f8f93883fe27.meta > > > > > > So, with all that said, I cleaned everything up and my directory > > permissions look like what Tony posted for his. I have added in his export > > options to my setup and rebooted my host. > > > > I created a new VM from scratch and the files under images now look like > > this: > > > > drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . > > drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. > > -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 > > 5a514067-82fb-42f9-b436-f8f93883fe27 > > -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 > > 5a514067-82fb-42f9-b436-f8f93883fe27.lease > > -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 > > 5a514067-82fb-42f9-b436-f8f93883fe27.meta > > > > > > Still not the 755 as expected, > > It is not expected, the permissions look normal. > > These are the permissions used for volumes on file based storage: > > lib/vdsm/storage/constants.py:FILE_VOLUME_PERMISSIONS = 0o660 > > but I am guessing with the addition of the "anonuid=36,anongid=36" to > the exports, everything is now working as expected. The VM will boot > and run as expected. There was nothing in the any of the documentation > which alluded to possibly needed the additional options in the NFS > export options. > > I this is a libvirt issue, it tries to access volumes as root, and > without anonuid=36,anongid=36 > it will be squashed to nobody and fail. > > Nir ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3KZII244RKMFPKSYD5WJ47IES4XLT2LI/
[ovirt-users] Re: Still having NFS issues. (Permissions)
On Tue, Dec 10, 2019 at 4:35 PM Robert Webb wrote: ... > >https://ovirt.org/develop/troubleshooting-nfs-storage-issues.html > > > >Generally speaking: > > > >Files there are created by vdsm (vdsmd), but are used (when running VMs) > >by qemu. So both of them need access. > > So the link to the NFS storage troubleshooting page is where I found that the > perms needed to be 755. I think this is an error in the troubleshooting page. There is no reason to allow access to other users except vdsm:kvm. ... > Like this: > > drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . > drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. > -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 > 5a514067-82fb-42f9-b436-f8f93883fe27 > -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 > 5a514067-82fb-42f9-b436-f8f93883fe27.lease > -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 > 5a514067-82fb-42f9-b436-f8f93883fe27.meta > > > So, with all that said, I cleaned everything up and my directory permissions > look like what Tony posted for his. I have added in his export options to my > setup and rebooted my host. > > I created a new VM from scratch and the files under images now look like this: > > drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . > drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. > -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 > 5a514067-82fb-42f9-b436-f8f93883fe27 > -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 > 5a514067-82fb-42f9-b436-f8f93883fe27.lease > -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 > 5a514067-82fb-42f9-b436-f8f93883fe27.meta > > > Still not the 755 as expected, It is not expected, the permissions look normal. These are the permissions used for volumes on file based storage: lib/vdsm/storage/constants.py:FILE_VOLUME_PERMISSIONS = 0o660 but I am guessing with the addition of the "anonuid=36,anongid=36" to the exports, everything is now working as expected. The VM will boot and run as expected. There was nothing in the any of the documentation which alluded to possibly needed the additional options in the NFS export options. I this is a libvirt issue, it tries to access volumes as root, and without anonuid=36,anongid=36 it will be squashed to nobody and fail. Nir ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/D6MXQGZB2SHJ2WCKBWYXD5CQ2WBJGT5B/
[ovirt-users] Re: Still having NFS issues. (Permissions)
Strahil writes: > Why do you use 'all_squash' ? > > all_squashMap all uids and gids to the anonymous user. Useful for > NFS-exported public FTP directories, news spool directories, etc. The > opposite option is no_all_squash, which is the default setting. AFAIK all_squash,anonuid=36,anongid=36 is the recommended NFS setting for oVirt and the only one guaranteed to work. Regards, Milan > Best Regards, > Strahil NikolovOn Dec 10, 2019 07:46, Tony Brian Albers wrote: >> >> On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: >> > To add, the 757 permission does not need to be on the .lease or the >> > .meta files. >> > >> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ >> > >> >> Good morning, >> >> Check SELinux just in case. >> >> Here's my config: >> >> NFS server: >> /etc/exports: >> /data/ovirt >> *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) >> >> Folder: >> [root@kst001 ~]# ls -ld /data/ovirt >> drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt >> >> Subfolders: >> [root@kst001 ~]# ls -l /data/ovirt/* >> -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ >> >> /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: >> total 4 >> drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md >> drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images >> drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master >> [root@kst001 ~]# >> >> >> The user: >> [root@kst001 ~]# id vdsm >> uid=36(vdsm) gid=36(kvm) groups=36(kvm) >> [root@kst001 ~]# >> >> And output from 'mount' on a host: >> kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs >> (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, >> nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr=> server- >> ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr=> -server-ip>) >> >> >> HTH >> >> /tony >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z5XPTK5B4KTITNDRFKR3C7TQYUXQTC4A/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TSSPIUYPPGSAS5TUV3GUWMWNIGGIB2NF/
[ovirt-users] Re: Still having NFS issues. (Permissions)
Why do you use 'all_squash' ? all_squashMap all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting. Best Regards, Strahil NikolovOn Dec 10, 2019 07:46, Tony Brian Albers wrote: > > On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: > > To add, the 757 permission does not need to be on the .lease or the > > .meta files. > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ > > > > Good morning, > > Check SELinux just in case. > > Here's my config: > > NFS server: > /etc/exports: > /data/ovirt > *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) > > Folder: > [root@kst001 ~]# ls -ld /data/ovirt > drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt > > Subfolders: > [root@kst001 ~]# ls -l /data/ovirt/* > -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ > > /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: > total 4 > drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md > drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images > drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master > [root@kst001 ~]# > > > The user: > [root@kst001 ~]# id vdsm > uid=36(vdsm) gid=36(kvm) groups=36(kvm) > [root@kst001 ~]# > > And output from 'mount' on a host: > kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs > (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, > nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr= server- > ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr= -server-ip>) > > > HTH > > /tony > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z5XPTK5B4KTITNDRFKR3C7TQYUXQTC4A/
[ovirt-users] Re: Still having NFS issues. (Permissions)
>> Good morning, >> > >Check SELinux just in case. > >Indeed, please do. > For testing, I have set SELinux to permissive on the oVirt host. The NFS server is Debian based and does not use SELinux. >> Here's my config: >> > >NFS server: > >/etc/exports: > >/data/ovirt > >*(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) >> > >Folder: > >[root@kst001 ~]# ls -ld /data/ovirt > >drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt > >You should not need the '7' for 'other'. Does it work for you with 750? > >See also: > >https://ovirt.org/develop/troubleshooting-nfs-storage-issues.html > >Generally speaking: > >Files there are created by vdsm (vdsmd), but are used (when running VMs) >by qemu. So both of them need access. So the link to the NFS storage troubleshooting page is where I found that the perms needed to be 755. So in my OpenMediaVault setup under shared folders, I have set the owner as vdsm:36 and group as kvm:36. I have set owner as rwx, group as rx, and other as rx. However, when oVirt writes new files, the image file and the .lease file gets perm of 660, and the .meta file gets perms of 644. Like this: drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 5a514067-82fb-42f9-b436-f8f93883fe27 -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 5a514067-82fb-42f9-b436-f8f93883fe27.lease -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 5a514067-82fb-42f9-b436-f8f93883fe27.meta So, with all that said, I cleaned everything up and my directory permissions look like what Tony posted for his. I have added in his export options to my setup and rebooted my host. I created a new VM from scratch and the files under images now look like this: drwxr-xr-x+ 2 vdsm kvm4096 Dec 10 09:03 . drwxr-xr-x+ 3 vdsm kvm4096 Dec 10 09:02 .. -rw-rw 1 vdsm kvm 53687091200 Dec 10 09:02 5a514067-82fb-42f9-b436-f8f93883fe27 -rw-rw 1 vdsm kvm 1048576 Dec 10 09:03 5a514067-82fb-42f9-b436-f8f93883fe27.lease -rw-r--r-- 1 vdsm kvm 298 Dec 10 09:03 5a514067-82fb-42f9-b436-f8f93883fe27.meta Still not the 755 as expected, but I am guessing with the addition of the "anonuid=36,anongid=36" to the exports, everything is now working as expected. The VM will boot and run as expected. There was nothing in the any of the documentation which alluded to possibly needed the additional options in the NFS export options. Since I now know what to add to make it work, whether it is right or just a workaround, I can now move forward with more testing. For documentation purposes, here is what my mount looks like on the oVirt host: nfs_server:/export/Datastore2 on /rhev/data-center/mnt/nfs_server:_export_Datastore2 type nfs rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock,nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr=nfs_server,mountvers=3,mountport=36103,mountproto=udp,local_lock=all,addr=nfs_server) Here is what my vdsm user looks like: id vdsm uid=36(vdsm) gid=36(kvm) groups=36(kvm),179(sanlock),107(qemu) Thanks for all the help. From: Yedidyah Bar David Sent: Tuesday, December 10, 2019 2:36 AM To: Tony Brian Albers Cc: users@ovirt.org; Robert Webb Subject: Re: [ovirt-users] Re: Still having NFS issues. (Permissions) On Tue, Dec 10, 2019 at 7:52 AM Tony Brian Albers wrote: > > On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: > > To add, the 757 permission does not need to be on the .lease or the > > .meta files. > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ > > Good morning, > > Check SELinux just in case. Indeed, please do. > > Here's my config: > > NFS server: > /etc/exports: > /data/ovirt > *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) > > Folder: > [root@kst001 ~]# ls -ld /data/ovirt > drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt You should not need the '7' for 'other'. Does it work for you with 750? See also: https://ovirt.org/develop/troubleshooting-nfs-storage-issues.html Generally speaking: Files there are created by vdsm (vdsmd), but are used (when running VMs) by qemu. So both of them need access. Good luck, > > Subfolders: > [root@kst001 ~]# ls -l /data/ovirt/* > -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ > > /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: > total 4 > drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md > drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images > drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master > [root@kst001 ~]# > > > The user: > [root@kst001 ~]# id vdsm > uid=36(vdsm) gid=36(kvm) groups=36(kvm) >
[ovirt-users] Re: Still having NFS issues. (Permissions)
On Tue, Dec 10, 2019 at 7:52 AM Tony Brian Albers wrote: > > On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: > > To add, the 757 permission does not need to be on the .lease or the > > .meta files. > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ > > Good morning, > > Check SELinux just in case. Indeed, please do. > > Here's my config: > > NFS server: > /etc/exports: > /data/ovirt > *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) > > Folder: > [root@kst001 ~]# ls -ld /data/ovirt > drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt You should not need the '7' for 'other'. Does it work for you with 750? See also: https://ovirt.org/develop/troubleshooting-nfs-storage-issues.html Generally speaking: Files there are created by vdsm (vdsmd), but are used (when running VMs) by qemu. So both of them need access. Good luck, > > Subfolders: > [root@kst001 ~]# ls -l /data/ovirt/* > -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ > > /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: > total 4 > drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md > drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images > drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master > [root@kst001 ~]# > > > The user: > [root@kst001 ~]# id vdsm > uid=36(vdsm) gid=36(kvm) groups=36(kvm) > [root@kst001 ~]# > > And output from 'mount' on a host: > kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs > (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, > nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr= server- > ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr= -server-ip>) > > > HTH > > /tony > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/ -- Didi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QXZ6TLPQHHI7CY2BG5PCLTFS6VBPEUWB/
[ovirt-users] Re: Still having NFS issues. (Permissions)
On Mon, 2019-12-09 at 18:43 +, Robert Webb wrote: > To add, the 757 permission does not need to be on the .lease or the > .meta files. > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ Good morning, Check SELinux just in case. Here's my config: NFS server: /etc/exports: /data/ovirt *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) Folder: [root@kst001 ~]# ls -ld /data/ovirt drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt Subfolders: [root@kst001 ~]# ls -l /data/ovirt/* -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: total 4 drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master [root@kst001 ~]# The user: [root@kst001 ~]# id vdsm uid=36(vdsm) gid=36(kvm) groups=36(kvm) [root@kst001 ~]# And output from 'mount' on a host: kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr=,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr=) HTH /tony ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/
[ovirt-users] Re: Still having NFS issues. (Permissions)
To add, the 757 permission does not need to be on the .lease or the .meta files. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/
