Bug 1278051

Summary: All-In-One: sanlock: Cannot acquire host id
Product: [oVirt] vdsm Reporter: Bo Lei <bobo_lei>
Component: GeneralAssignee: Fred Rolland <frolland>
Status: CLOSED DUPLICATE QA Contact: Aharon Canan <acanan>
Severity: medium Docs Contact:
Priority: high    
Version: 4.17.9CC: acanan, amureini, bobo_lei, bugs, nsoffer, tnisan, ylavi
Target Milestone: ovirt-4.0.0-alphaFlags: amureini: ovirt-4.0.0?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: storage
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-04 09:30:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
logs none

Description Bo Lei 2015-11-04 15:44:05 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
VDSM 4.17.999-XX

How reproducible:


Steps to Reproduce:
1.install ovirt 3.6 all-in-one
2.add local-datacenter
3.add local-cluster
4.add local-host
5.add local data storage domain for local-host


Actual results:
Error while executing action New Local Storage Domain: AcquireHostIdFailure

Expected results:
add local data storage domain success

Additional info:
log:
VDSM 172.168.1.98 command failed: Cannot acquire host id: (u'805bc73e-21d6-490f-9348-62b994e7f388', SanlockException(19, 'Sanlock lockspace add failure', 'No such device'))
Comment 1 Yaniv Kaul 2015-11-05 10:40:18 UTC 
*** Bug 1278050 has been marked as a duplicate of this bug. ***
Comment 2 Nir Soffer 2015-11-05 13:25:14 UTC 
Please attach logs:

/var/log/ovirt-engine/engine.log
/var/log/vdsm/vdsm.log
/var/log/sanlock.log
/var/log/messages
Comment 3 Bo Lei 2015-11-06 14:58:25 UTC 
Created attachment 1090682 [details]
logs

added all the logs.
Comment 4 Tal Nisan 2015-11-23 12:21:49 UTC 
Nir, any news on that one? Logs are attached
Comment 5 Nir Soffer 2015-12-07 12:30:32 UTC 
(In reply to Tal Nisan from comment #4)
I can check this next week.
Comment 6 Fred Rolland 2016-01-03 10:29:32 UTC 
Hi,

From the messages log, we can see that SE Linux is preventing Sanlock access:



Nov  4 22:20:49 localhost sanlock[16565]: 2015-11-04 22:20:49+0800 884 [17529]: open error -13 /rhev/data-center/mnt/_home_data/d65c4762-bd59-4ac7-ab49-4a05fa4d61dc/dom_md/ids
...

Nov  4 22:20:49 localhost python: SELinux is preventing /usr/sbin/sanlock from 'read, write' accesses on the file ids.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that sanlock should be allowed read write access on the ids file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sanlock /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 7 Fred Rolland 2016-01-03 11:54:35 UTC 
Bo hi,

Can you retry with SElinux on permissive mode ?

Also, can you please provide AVC log from SElinux ? - best way is with ausearch

Thanks,

Fred
Comment 8 Bo Lei 2016-01-03 14:07:51 UTC 
(In reply to Fred Rolland from comment #7)
> Bo hi,
> 
> Can you retry with SElinux on permissive mode ?
> 
> Also, can you please provide AVC log from SElinux ? - best way is with
> ausearch
> 
> Thanks,
> 
> Fred

I will retry this week.

Bo
Comment 9 Fred Rolland 2016-01-04 09:16:22 UTC 
I have checked on 7.2 and it works fine also on Enforcing mode.

Ovirt 3.6 should work with 7.2
Comment 10 Fred Rolland 2016-02-17 12:41:30 UTC 

*** This bug has been marked as a duplicate of bug 1305768 ***
Comment 11 Fred Rolland 2016-02-22 13:57:54 UTC 
This issue is not present in ovirt 3.6, it was introduced in master later (future 4.0.0)