[libvirt] [libvirt-users] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path

Martin Kletzander mkletzan at redhat.com
Tue Apr 12 19:40:08 UTC 2016 

[ I would be way easier to reply if you didn't top-post ]

On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
>Hey John,
>
>Hehe, I got the right guy then.  Very nice!  And very good ideas but I
>may need more time to reread and try them out later tonight.  I'm fully
>in agreement about providing more details.  Can't be accurate in a
>diagnosis if there isn't much data to go on.  This pool option is new to
>me.  Please tell me more on it.  Can't find it in the file below but
>maybe it's elsewhere?
>
>( <pool type="fs"> ) perhaps rather than the "NFS" pool ( e.g. <pool type="netfs"> )
>
>
>Allright, here's the details:
>
>[root at mdskvm-p01 ~]# rpm -aq|grep -i libvir
>libvirt-daemon-driver-secret-1.2.17-13.el7_2.4.x86_64
>libvirt-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-network-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-lxc-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-interface-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-config-network-1.2.17-13.el7_2.4.x86_64
>libvirt-client-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-qemu-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-storage-1.2.17-13.el7_2.4.x86_64
>libvirt-python-1.2.17-2.el7.x86_64
>libvirt-glib-0.1.9-1.el7.x86_64
>libvirt-daemon-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.4.x86_64
>libvirt-daemon-kvm-1.2.17-13.el7_2.4.x86_64
>[root at mdskvm-p01 ~]# cat /etc/release
>cat: /etc/release: No such file or directory
>[root at mdskvm-p01 ~]# cat /etc/*release*
>NAME="Scientific Linux"
>VERSION="7.2 (Nitrogen)"
>ID="rhel"
>ID_LIKE="fedora"
>VERSION_ID="7.2"
>PRETTY_NAME="Scientific Linux 7.2 (Nitrogen)"
>ANSI_COLOR="0;31"
>CPE_NAME="cpe:/o:scientificlinux:scientificlinux:7.2:GA"
>HOME_URL="http://www.scientificlinux.org//"
>BUG_REPORT_URL="mailto:scientific-linux-devel at listserv.fnal.gov"
>
>REDHAT_BUGZILLA_PRODUCT="Scientific Linux 7"
>REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
>REDHAT_SUPPORT_PRODUCT="Scientific Linux"
>REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
>Scientific Linux release 7.2 (Nitrogen)
>Scientific Linux release 7.2 (Nitrogen)
>Scientific Linux release 7.2 (Nitrogen)
>cpe:/o:scientificlinux:scientificlinux:7.2:ga
>[root at mdskvm-p01 ~]#
>
>[root at mdskvm-p01 ~]# mount /var/lib/one
>[root at mdskvm-p01 ~]# su - oneadmin
>Last login: Sat Apr  9 10:39:25 EDT 2016 on pts/0
>Last failed login: Tue Apr 12 12:00:57 EDT 2016 from opennebula01 on
>ssh:notty
>There were 9584 failed login attempts since the last successful login.
>i[oneadmin at mdskvm-p01 ~]$ id oneadmin
>uid=9869(oneadmin) gid=9869(oneadmin)
>groups=9869(oneadmin),992(libvirt),36(kvm)
>[oneadmin at mdskvm-p01 ~]$ pwd
>/var/lib/one
>[oneadmin at mdskvm-p01 ~]$ ls -altriR|grep -i root
>134320262 drwxr-xr-x. 45 root     root        4096 Apr 12 07:58 ..
>[oneadmin at mdskvm-p01 ~]$
>
>
>
>[oneadmin at mdskvm-p01 ~]$ cat /var/lib/one//datastores/0/38/deployment.0
><domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
>         <name>one-38</name>
>         <vcpu>1</vcpu>
>         <cputune>
>                 <shares>1024</shares>
>         </cputune>
>         <memory>524288</memory>
>         <os>
>                 <type arch='x86_64'>hvm</type>
>                 <boot dev='hd'/>
>         </os>
>         <devices>
><emulator>/usr/libexec/qemu-kvm</emulator>
>                 <disk type='file' device='disk'>
>                         <source
>file='/var/lib/one//datastores/0/38/disk.0'/>
>                         <target dev='hda'/>
>                         <driver name='qemu' type='qcow2' cache='none'/>
>                 </disk>
>                 <disk type='file' device='cdrom'>
>                         <source
>file='/var/lib/one//datastores/0/38/disk.1'/>
>                         <target dev='hdb'/>
>                         <readonly/>
>                         <driver name='qemu' type='raw'/>
>                 </disk>
>                 <interface type='bridge'>
>                         <source bridge='br0'/>
>                         <mac address='02:00:c0:a8:00:64'/>
>                 </interface>
>                 <graphics type='vnc' listen='0.0.0.0' port='5938'/>
>         </devices>
>         <features>
>                 <acpi/>
>         </features>
></domain>
>
>[oneadmin at mdskvm-p01 ~]$ cat
>/var/lib/one//datastores/0/38/deployment.0|grep -i nfs
>[oneadmin at mdskvm-p01 ~]$
>
>
>
>Cheers,
>Tom K.
>-------------------------------------------------------------------------------------
>
>Living on earth is expensive, but it includes a free trip around the sun.
>
>On 4/12/2016 11:45 AM, John Ferlan wrote:
>>
>> On 04/12/2016 10:58 AM, TomK wrote:
>>> Hey Martin,
>>>
>>> Thanks very much.  Appreciate you jumping in on this thread.
>> Can you provide some more details with respect to which libvirt version
>> you have installed. I know I've made changes in this space in more
>> recent versions (not the most recent). I'm no root_squash expert, but I
>> was the last to change things in the space so that makes me partially
>> fluent ;-) in NFS/root_squash speak.
>>

I'm always lost in how do we handle *all* the corner cases that are not
even used anywhere at all, but care about the conditions we have in the
code.  Especially when it's constantly changing.  So thanks for jumping
in.  I only replied because nobody else did and I had only the tiniest
clue as to what could happen.

>> Using root_squash is very "finicky" (to say the least)... It wasn't
>> really clear from what you posted how you are attempting to reference
>> things. Does the "/var/lib/one//datastores/0/38/deployment.0" XML file
>> use a direct path to the NFS volume or does it use a pool? If a pool,
>> then what type of pool? It is beneficial to provide as many details as
>> possible about the configuration because (so to speak) those that are
>> helping you won't know your environment (I've never used OpenNebula) nor
>> do I have a 'oneadmin' uid:gid.
>>
>> What got my attention was the error message "initializing FS storage
>> file" with the "file:" prefix to the name and 9869:9869 as the uid:gid
>> trying to access the file (I assume that's oneadmin:oneadmin on your
>> system).
>>

I totally missed this.  So the only thing that popped on my mind now was
checking the whole path:

  ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}

You can also run it as root and oneadmin, however after reading through
all the info again, I don't think that'll help.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160412/8fa0770e/attachment-0001.sig>

More information about the libvir-list mailing list