[libvirt] [PATCH v2] sanlock: Introduce 'user' and 'group' conf variables

Martin Kletzander mkletzan at redhat.com
Tue Oct 30 09:00:15 UTC 2012 

On 10/29/2012 04:18 PM, Michal Privoznik wrote:
> through which user set under what permissions does sanlock
> daemon run so libvirt will set the same permissions for
> files exposed to it.
> ---
> 
> diff to v1:
> -update spec file so sanlock dir is installed with root:sanlock
>  iff group sanlock exists
> 
>  docs/locking.html.in                    |   22 +++++++++
>  libvirt.spec.in                         |    7 +++
>  src/locking/libvirt_sanlock.aug         |    2 +
>  src/locking/lock_driver_sanlock.c       |   76 ++++++++++++++++++++++++++++++-
>  src/locking/sanlock.conf                |   11 ++++-
>  src/locking/test_libvirt_sanlock.aug.in |    2 +
>  6 files changed, 118 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/locking.html.in b/docs/locking.html.in
> index 6d7b517..19dd6a3 100644
> --- a/docs/locking.html.in
> +++ b/docs/locking.html.in
> @@ -121,6 +121,28 @@
>      </pre>
>  
>      <p>
> +      If your sanlock daemon happen to run under non-root
> +      privileges, you need to tell this to libvirt so it
> +      chowns created files correctly. This can be done by
> +      setting <code>user</code> and/or <code>group</code>
> +      variables in the configuration file. Accepted values
> +      range is specified in description to the same
> +      variables in <code>/etc/libvirt/qemu.conf</code>. For
> +      example:
> +    </p>
> +
> +    <pre>
> +      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
> +      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
> +    </pre>
> +
> +    <p>
> +      But remember, that if this is NFS share, you need a
> +      no_root_squash-ed one for chown (and chmod possibly)
> +      to succeed.
> +    </p>
> +
> +    <p>
>        In terms of storage requirements, if the filesystem
>        uses 512 byte sectors, you need to allow for <code>1MB</code>
>        of storage for each guest disk. So if you have a network
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index ebebfab..edc43af 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1568,6 +1568,13 @@ fi
>  /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || :
>  %endif
>  
> +%pre lock-sanlock
> +if $(getent group sanlock > /dev/null; echo $?) == 0
> +    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
> +    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
> +endif

Change this to:

%post lock-sanlock
if getent group sanlock > /dev/null; then
    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
fi

and you've got my ACK (we should make this working in 1.0.0,

Martin

More information about the libvir-list mailing list