[Rdo-list] [rhos-list] Remote Cinder access

Lutz Christoph lchristoph at arago.de
Tue Aug 27 12:25:30 UTC 2013 

Hello!

I wasn't aware of the rdo list until now. I just subscribed.

No, it isn't SELinux. I had already fixed all SELinux problems the packstack setup had. No "denied" when the permission problem occurs. It's a good old Linux permission problem. Just as you surmised.

So I hope Eric Harney will have something.

Thank so far!

Best regards / Mit freundlichen Grüßen 
Lutz Christoph 

-- 

Lutz Christoph 

arago Institut für komplexes Datenmanagement AG 

Eschersheimer Landstraße 526 - 532 
60433 Frankfurt am Main 

eMail: lchristoph at arago.de - www: http://www.arago.de 
Tel: 0172/6301004 
Mobil: 0172/6301004 

 

-- 
Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343 
Vorstand: Hans-Christian Boos, Martin Friedrich 
Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther 
Sitz: Kronberg im Taunus - HRB 5731 - Registergericht: Königstein i.Ts 
Ust.Idnr. DE 178572359 - Steuernummer 2603 003 228 43435 
________________________________________
Von: Perry Myers <pmyers at redhat.com>
Gesendet: Dienstag, 27. August 2013 13:58
An: Lutz Christoph
Cc: rdo-list; Eric Harney; Ayal Baron
Betreff: Re: [rhos-list] Remote Cinder access

On 08/27/2013 07:29 AM, Lutz Christoph wrote:
> Hi!
>
> I'm in the last tests for a three node RDO setup, and I found that with

Since this is RDO related, I'm going to move this over to the community
oriented list :)

> the current default setup, qemu-kvm can't access a volume:
>
> qemu-kvm: -drive
> file=/dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1,if=none,id=drive-virtio-disk0,format=raw,serial=229b80d0-ad10-4a3b-b022-d632de368001,cache=none:
> could not open disk image
> /dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1:
> Permission denied

SELinux issue perhaps?  Whenever I see a permission denied that's always
the first thing I check.  Try:

# getenforce
and
# audit2why -a

If it's not that, then maybe Eric (cc'd) from the Cinder team can help.

> The device looks just like any other disk device:
>
> lrwxrwxrwx. 1 root root 9 Aug 27 10:40
> /dev/disk/by-path/ip-192.168.104.61:3260-iscsi-iqn.2010-10.org.openstack:volume-229b80d0-ad10-4a3b-b022-d632de368001-lun-1
> -> ../../sdj
> brw-rw----. 1 root disk 8, 144 Aug 27 10:40 /dev/sdj
>
> qemu is running under the "nova" user (it is running as "qemu" on an
> all-in-one server). When I added the "disk" group to the "nova" user,
> the problem went away.

Hm, this seems to indicate that it might not be an SELinux issue, but
still run the above commands just to be sure.  Never hurts to check that :)

> Doing the same on the all-in-one machine did not have this problem, but
> them access is directly to the LV, not via iSCSI, and the user is
> different, though it does not have the "disk" group attached.
>
> Now, I'm wondering if adding the "disk" group is the right thing to so,
> considering that the all-in-one does not need this, or there is a more
> elegant solution.
>
> Best regards / Mit freundlichen Grüßen
> Lutz Christoph

More information about the dev mailing list