[Rdo-list] [rhos-list] Remote Cinder access

[Perry Myers]

On 08/27/2013 07:29 AM, Lutz Christoph wrote:
> Hi!
> 
> I'm in the last tests for a three node RDO setup, and I found that with

Since this is RDO related, I'm going to move this over to the community
oriented list :)

> the current default setup, qemu-kvm can't access a volume:
> 
> qemu-kvm: -drive
> file=/dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1,if=none,id=drive-virtio-disk0,format=raw,serial=229b80d0-ad10-4a3b-b022-d632de368001,cache=none:
> could not open disk image
> /dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1:
> Permission denied

SELinux issue perhaps?  Whenever I see a permission denied that's always
the first thing I check.  Try:

# getenforce
and
# audit2why -a

If it's not that, then maybe Eric (cc'd) from the Cinder team can help.

> The device looks just like any other disk device:
> 
> lrwxrwxrwx. 1 root root 9 Aug 27 10:40
> /dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1
> -> ../../sdj
> brw-rw----. 1 root disk 8, 144 Aug 27 10:40 /dev/sdj
> 
> qemu is running under the "nova" user (it is running as "qemu" on an
> all-in-one server). When I added the "disk" group to the "nova" user,
> the problem went away.

Hm, this seems to indicate that it might not be an SELinux issue, but
still run the above commands just to be sure.  Never hurts to check that :)

> Doing the same on the all-in-one machine did not have this problem, but
> them access is directly to the LV, not via iSCSI, and the user is
> different, though it does not have the "disk" group attached.
> 
> Now, I'm wondering if adding the "disk" group is the right thing to so,
> considering that the all-in-one does not need this, or there is a more
> elegant solution.
> 
> Best regards / Mit freundlichen Grüßen
> Lutz Christoph