Bug 853986
Summary: | ISO uploader uploads files with bad owner / permissions | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Barak Dagan <bdagan> |
Component: | ovirt-engine-iso-uploader | Assignee: | Keith Robertson <kroberts> |
Status: | CLOSED NOTABUG | QA Contact: | Barak Dagan <bdagan> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.1.0 | CC: | dyasny, hateya, iheim, jmoran, kroberts, mgoldboi, oramraz, pstehlik, Rhev-m-bugs, ykaul |
Target Milestone: | --- | Flags: | bdagan:
needinfo+
bdagan: needinfo+ |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | integration | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-06 12:37:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 1
Barak Dagan
2012-09-03 13:50:07 UTC
Please run the same test with verbose logging (i.e. -v) and post the output. Also, please... 1- mount the NFS export domain 2- su - vdsm 3- tree -pug /path/to/export (In reply to comment #2) > Please run the same test with verbose logging (i.e. -v) and post the output. > Also, please... > 1- mount the NFS export domain > 2- su - vdsm > 3- tree -pug /path/to/export ------------------------------------- [root@fire-vdc ~]# rhevm-iso-uploader -v -i fire-NFS-ISO upload /usr/share/rhev-guest-tools-iso/rhev-tools-setup.iso Please provide the REST API password for the admin@internal RHEV-M user (CTRL+D to abort): DEBUG: API Vendor(Red Hat) API Version(3.1.0) DEBUG: id=66daa2c4-61b9-4dc7-b983-c78032e00cee address=wolf.qa.lab.tlv.redhat.com path=/volumes/wolf/fire-vdc_fire_0_nfs_20120830143719465893 DEBUG: local NFS mount point is /tmp/tmp0KVK42 DEBUG: NFS mount command (/bin/mount -t nfs -o rw,sync,soft wolf.qa.lab.tlv.redhat.com:/volumes/wolf/fire-vdc_fire_0_nfs_20120830143719465893 /tmp/tmp0KVK42) DEBUG: /bin/mount -t nfs -o rw,sync,soft wolf.qa.lab.tlv.redhat.com:/volumes/wolf/fire-vdc_fire_0_nfs_20120830143719465893 /tmp/tmp0KVK42 DEBUG: _cmds(['/bin/mount', '-t', 'nfs', '-o', 'rw,sync,soft', 'wolf.qa.lab.tlv.redhat.com:/volumes/wolf/fire-vdc_fire_0_nfs_20120830143719465893', '/tmp/tmp0KVK42']) DEBUG: returncode(0) DEBUG: STDOUT() DEBUG: STDERR() DEBUG: Size of /usr/share/rhev-guest-tools-iso/rhev-tools-setup.iso: 222666752 bytes 217448.0 1K-blocks 212.0 MB DEBUG: Available space in /tmp/tmp0KVK42/66daa2c4-61b9-4dc7-b983-c78032e00cee/images/11111111-1111-1111-1111-111111111111: 7169320681472 bytes 7001289728.0 1K-blocks 6837197.0 MB DEBUG: euid(0) egid(0) DEBUG: euid(0) egid(0) WARNING: failed to refresh the list of files available in the fire-NFS-ISO ISO storage domain. Please refresh the list manually using the 'Refresh' button in the RHEV-M Webadmin console. DEBUG: status: 400 reason: Bad Request detail: Error connecting to the Storage Pool Manager service. Possible reasons: - Storage Pool Manager service is in non-active state. - No Active Host in the Data Center. DEBUG: /bin/umount -t nfs -f /tmp/tmp0KVK42 DEBUG: /bin/umount -t nfs -f /tmp/tmp0KVK42 DEBUG: _cmds(['/bin/umount', '-t', 'nfs', '-f', '/tmp/tmp0KVK42']) DEBUG: returncode(0) DEBUG: STDOUT() DEBUG: STDERR() ------------------------------------- [root@puma31 11111111-1111-1111-1111-111111111111]# su - vdsm -bash-4.1$ tree -pug /rhev/data-center/be2f412a-f28f-11e1-9cdc-001a4a169798/66daa2c4-61b9-4dc7-b983-c78032e00cee/images/11111111-1111-1111-1111-111111111111/ /rhev/data-center/be2f412a-f28f-11e1-9cdc-001a4a169798/66daa2c4-61b9-4dc7-b983-c78032e00cee/images/11111111-1111-1111-1111-111111111111/ ├── [-rw-rw-rw- nobody nobody ] en_windows_7_enterprise_x64.iso ├── [-rw-r----- nobody nobody ] rhev-tools-setup.iso └── [-rw-rw-rw- nobody nobody ] virtio-win-1.4.0.vfd 0 directories, 3 files -bash-4.1$ Note: we can see en_windows_... and virtio-win.... but can't see rhev-tools. **************************************************************************** ------------------------------------- The tool is correctly setting the permissions to 640. It is a *bad* idea to set r/w for world on an NFS export domain. This is a serious security risk. I think that the problem is with the NFS server and not with the tool. Have you tried the suggestions listed in [1] for configuring your NFS server. [1] http://wiki.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues#RHEL6_based_distro (In reply to comment #4) > The tool is correctly setting the permissions to 640. It is a *bad* idea to > set r/w for world on an NFS export domain. This is a serious security risk. > > I think that the problem is with the NFS server and not with the tool. Have > you tried the suggestions listed in [1] for configuring your NFS server. > > [1] > http://wiki.ovirt.org/wiki/ > Troubleshooting_NFS_Storage_Issues#RHEL6_based_distro as for the user and group: are alreadu sets: [root@fire-vdc ~]# egrep -i "^kvm" /etc/group kvm:x:36: [root@fire-vdc ~]# egrep -i "^vdsm" /etc/passwd vdsm:x:36:36:Node Virtualization Manager:/var/lib/vdsm:/sbin/nologin as for the storgae directory, it doesn't exist, but the files are saved in /rhev/data-center/be2f412a-f28f-11e1-9cdc-001a4a169798/66daa2c4-61b9-4dc7-b983-c78032e00cee/images/11111111-1111-1111-1111-111111111111/ which has problematic permissions: [root@puma31 images]# ls -l drwxr-xr-x 2 nobody nobody 5 Sep 4 17:44 11111111-1111-1111-1111-111111111111 (In reply to comment #5) > [root@puma31 images]# ls -l > drwxr-xr-x 2 nobody nobody 5 Sep 4 17:44 > 11111111-1111-1111-1111-111111111111 The problem is right that you are logged in as *root* and browsing your NFS export. To verify that VDSM could actually see the files you need to *be* the VDSM user when walking around the NFS export. To do this you must: 1) Mount the NFS export as root. Only root can issue 'mount' 2) su - vdsm <--- Critically important. 3) cd /mount/.../be2f412a-f28f-11e1-9cdc-001a4a169798/66daa2c4-61b9-4dc7-b983-c78032e00cee/images/11111111-1111-1111-1111-111111111111/ 4) Look for files as the user VDSM If you cannot see the files... the problem is with your permissions on your NFS server. Barak, You need to verify that as a user with UID=36 and GID=36 that you could actually see the files on the NFS export. Mounting the NFS export as root and browsing around as root is not a valid test. You must mount as root 'su - vdsm' and browse around. The easiest way to do this is via a hypervisor. Keith closing as not a bug since its a configuration problem with Nexenta and NFSv4. |