[libvirt] [PATCH v2] sanlock: Introduce 'user' and 'group' conf variables

Michal Privoznik mprivozn at redhat.com
Tue Oct 30 09:12:45 UTC 2012 

On 30.10.2012 10:00, Martin Kletzander wrote:
> On 10/29/2012 04:18 PM, Michal Privoznik wrote:
>> through which user set under what permissions does sanlock
>> daemon run so libvirt will set the same permissions for
>> files exposed to it.
>> ---
>>
>> diff to v1:
>> -update spec file so sanlock dir is installed with root:sanlock
>>  iff group sanlock exists
>>
>>  docs/locking.html.in                    |   22 +++++++++
>>  libvirt.spec.in                         |    7 +++
>>  src/locking/libvirt_sanlock.aug         |    2 +
>>  src/locking/lock_driver_sanlock.c       |   76 ++++++++++++++++++++++++++++++-
>>  src/locking/sanlock.conf                |   11 ++++-
>>  src/locking/test_libvirt_sanlock.aug.in |    2 +
>>  6 files changed, 118 insertions(+), 2 deletions(-)
>>
>> diff --git a/docs/locking.html.in b/docs/locking.html.in
>> index 6d7b517..19dd6a3 100644
>> --- a/docs/locking.html.in
>> +++ b/docs/locking.html.in
>> @@ -121,6 +121,28 @@
>>      </pre>
>>  
>>      <p>
>> +      If your sanlock daemon happen to run under non-root
>> +      privileges, you need to tell this to libvirt so it
>> +      chowns created files correctly. This can be done by
>> +      setting <code>user</code> and/or <code>group</code>
>> +      variables in the configuration file. Accepted values
>> +      range is specified in description to the same
>> +      variables in <code>/etc/libvirt/qemu.conf</code>. For
>> +      example:
>> +    </p>
>> +
>> +    <pre>
>> +      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
>> +      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
>> +    </pre>
>> +
>> +    <p>
>> +      But remember, that if this is NFS share, you need a
>> +      no_root_squash-ed one for chown (and chmod possibly)
>> +      to succeed.
>> +    </p>
>> +
>> +    <p>
>>        In terms of storage requirements, if the filesystem
>>        uses 512 byte sectors, you need to allow for <code>1MB</code>
>>        of storage for each guest disk. So if you have a network
>> diff --git a/libvirt.spec.in b/libvirt.spec.in
>> index ebebfab..edc43af 100644
>> --- a/libvirt.spec.in
>> +++ b/libvirt.spec.in
>> @@ -1568,6 +1568,13 @@ fi
>>  /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || :
>>  %endif
>>  
>> +%pre lock-sanlock
>> +if $(getent group sanlock > /dev/null; echo $?) == 0
>> +    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
>> +    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
>> +endif
> 
> Change this to:
> 
> %post lock-sanlock
> if getent group sanlock > /dev/null; then
>     chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
>     chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
> fi
> 
> and you've got my ACK (we should make this working in 1.0.0,
> 
> Martin
> 

Changed and pushed. Thanks.

Michal

More information about the libvir-list mailing list