RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1158036 - Fail to save guest to the pre-create save file which locate in root_squash nfs server
Summary: Fail to save guest to the pre-create save file which locate in root_squash nf...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.7
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: John Ferlan
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1158034
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-28 11:41 UTC by zhenfeng wang
Modified: 2015-07-22 05:48 UTC (History)
12 users (show)

Fixed In Version: libvirt-0.10.2-49.el6
Doc Type: Bug Fix
Doc Text:
Prior to this update, when using the "virsh save" command to save a domain to an NFS client with the "root squash" access rights reduction while running the libvirtd daemon with a non-default owner:group configuration, saving the NFS client failed with a "Transport endpoint is not connected" error message. This update ensures that the chmod operation during the saving process correctly specifies the non-default owner:group configuration, and using "virsh save" in the described scenario works as expected.
Clone Of: 1158034
Environment:
Last Closed: 2015-07-22 05:48:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1252 0 normal SHIPPED_LIVE libvirt bug fix update 2015-07-20 17:50:06 UTC

Description zhenfeng wang 2014-10-28 11:41:43 UTC 
+++ This bug was initially created as a clone of Bug #1158034 +++

Description of problem:
Fail to save guest to the pre-create save file which locate in root_squash nfs server

Version-Release number of selected component (if applicable):
libvirt-1.2.8-5.el7.x86_64
qemu-kvm-rhev-2.1.2-3.el7.x86_64
kernel-3.10.0-191.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a nfs server with root_squash
# cat /etc/exports
/var/tmp/nfs *(rw,root_squash)

# ll /var/tmp/nfs -d
drwxrwxrwx. 2 root root 4096 Sep 29 16:08 /var/tmp/nfs

2.Pre-create the guest's save file and prepare a guest img on the nfs server
# ll /var/tmp/nfs/
total 5077000
-rw-r--r--. 1 root root 4984995840 Oct 28 12:23 rhel7.img
-rw-r--r--. 1 root root  213851864 Oct 28 12:23 rhel7.save

3.Change the guest's image and pre-create save file's group to qemu, so that
qemu group user can read&write the image and pre-create save file
#chmod 777 /var/tmp/nfs/rhel7.img
#chmod 777 /var/tmp/nfs/rhel7.save

#chown root:qemu /var/tmp/nfs/rhel7.img
#chown root:qemu /var/tmp/nfs/rhel7.save

# ll /var/tmp/nfs/
total 5077000
-rwxrwxrwx. 1 root qemu 4984995840 Oct 28 12:23 rhel7.img
-rwxrwxrwx. 1 root qemu  213851864 Oct 28 12:23 rhel7.save

4.keep the qemu.conf default configuration in nfs client
#vim /etc/libvirt/qemu.conf
user = "qemu"
group= "qemu"
dynamic_ownership = 1

5.create a nfs pool on the nfs client
#cat nfs.xml
<pool type='netfs'>
  <name>nfs</name>
  <uuid>08380649-cf25-4af7-b816-6f8494003f69</uuid>
  <capacity unit='bytes'>206423719936</capacity>
  <allocation unit='bytes'>121639010304</allocation>
  <available unit='bytes'>84784709632</available>
  <source>
    <host name='$nfs_server_addr'/>
    <dir path='/var/tmp/nfs'/>
    <format type='nfs'/>
  </source>
  <target>
    <path>/tmp/pl</path>
    <permissions>
      <mode>0700</mode>
      <owner>0</owner>
      <group>0</group>
    </permissions>
  </target>
</pool>

#mkdir /tmp/pl
#virsh pool-define nfs.xml
#virsh pool-start nfs

5.Start a normal guest which guest's img locate in the nfs server
#virsh dumpxml rhel6
--
<disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/tmp/pl/rhel7.img'/>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
--

#virsh start rhel6
Domain rhel7 started

6.Save the guest to the pre-create save file, will fail to save the guest to the pre-create save file and report the following error
# virsh save rhel7 /tmp/pl/rhel7.save 
error: Failed to save domain rhel7 to /tmp/pl/rhel7.save
error: Error from child process creating '/tmp/pl/rhel7.save': Transport endpoint is not connected

7.Also hit this issue in rhel6.6 host

Actual results:
Fail to save guest to the pre-create save file which both guest's image and save file locate in the nfs share directory

Expected results:
Should save the guest successfully

Additional info:
Comment 1 zhenfeng wang 2014-10-28 11:44:42 UTC 
Get different error info in upper step6 in rhel6.6
In rhel6.6 , I get the following error info
# virsh save rhel7 /tmp/pl/rhel7.save 
error: Failed to save domain rhel7 to /tmp/pl/rhel7.save
error: Error from child process creating '/tmp/pl/rhel7.save': Operation not permitted
Comment 5 vivian zhang 2015-02-27 10:29:06 UTC 
Hi, John
I can produce this bug on build libvirt-0.10.2-44.el6.x86_64

Verify it on build with following result, could you please help us confirm whether they are worked as expected now?

libvirt-0.10.2-49.el6.x86_64

1.Prepare a nfs server with root_squash
# cat /etc/exports
/var/tmp/nfs *(rw,root_squash)

# ll /var/tmp/nfs/ -d
drwxrwxrwx. 2 root root 4096 Feb 27 18:05 /var/tmp/nfs/

2. Pre-create the guest's save file and prepare a guest img on the nfs server

3. touch two pre-create save file from nfs server, the default user and group permission are root:root, chown one of them to root:qemu

# touch server1.save
# touch server2.save
# ll
total 3739908
-rwxrwxrwx. 1 root qemu 3829661696 Feb 27 18:05 rhel6.img
-rw-r--r--. 1 root root          0 Feb 27 18:14 server1.save
-rw-r--r--. 1 root qemu          0 Feb 27 18:14 server2.save

4. touch one pre-create save file from nfs client, the default user and group permission are nfsnobody:nfsnobody

# touch client.save
[root@client pl]# ll
total 3739908
-rw-r--r--. 1 nfsnobody nfsnobody          0 Feb 27 05:15 client.save
-rwxrwxrwx. 1 root      qemu      3829661696 Feb 27 05:05 rhel6.img
-rw-r--r--. 1 root      root               0 Feb 27 05:14 server1.save
-rw-r--r--. 1 root      qemu               0 Feb 27 05:14 server2.save

5. keep the qemu.conf default configuration in nfs client
#vim /etc/libvirt/qemu.conf
user = "qemu"
group= "qemu"
dynamic_ownership = 1

6.create a nfs pool on the nfs client, and start the pool
#cat nfs.xml
<pool type='netfs'>
  <name>nfs</name>
  <uuid>08380649-cf25-4af7-b816-6f8494003f69</uuid>
  <capacity unit='bytes'>206423719936</capacity>
  <allocation unit='bytes'>121639010304</allocation>
  <available unit='bytes'>84784709632</available>
  <source>
    <host name='$nfs_server_addr'/>
    <dir path='/var/tmp/nfs'/>
    <format type='nfs'/>
  </source>
  <target>
    <path>/tmp/pl</path>
    <permissions>
      <mode>0700</mode>
      <owner>0</owner>
      <group>0</group>
    </permissions>
  </target>
</pool>

#mkdir /tmp/pl
#virsh pool-define nfs.xml
#virsh pool-start nfs

7.Start a normal guest which guest's img locate in the nfs server

# virsh list
 Id    Name                           State
----------------------------------------------------
 6     test1                          running

8. try to save guest to the nfs server using pre-create save file, all failed

# virsh save test /tmp/pl/server1.save 
error: Failed to save domain test to /tmp/pl/server1.save
error: Error from child process creating '/tmp/pl/server1.save': Permission denied

[root@client pl]# virsh save test /tmp/pl/server2.save 
error: Failed to save domain test to /tmp/pl/server2.save
error: Error from child process creating '/tmp/pl/server2.save': Permission denied

# virsh save test /tmp/pl/client.save 
error: Failed to save domain test to /tmp/pl/client.save
error: Error from child process creating '/tmp/pl/client.save': Operation not permitted

9. check the pre-create save file still existing, libvirt does not delete them even though save guest failed with above error

# ll
total 3739908
-rw-r--r--. 1 nfsnobody nfsnobody          0 Feb 27 18:15 client.save
-rwxrwxrwx. 1 root      qemu      3829661696 Feb 27 18:20 rhel6.img
-rw-r--r--. 1 root      root               0 Feb 27 18:14 server1.save
-rw-r--r--. 1 root      qemu               0 Feb 27 18:14 server2.save

10. try to save guest to nfs server directory with a non-existing file, it is successful

# virsh save test1 /tmp/pl/new.save

Domain test saved to /tmp/pl/new.save

the save file generated success on nfs server and with qemu:qemu permission
]# ll
total 4143012
-rw-r--r--. 1 nfsnobody nfsnobody          0 Feb 27 18:15 client.save
-rw-r-----. 1 qemu      qemu       412776683 Feb 27 18:24 new.save
-rwxrwxrwx. 1 root      qemu      3829661696 Feb 27 18:24 rhel6.img
-rw-r--r--. 1 root      root               0 Feb 27 18:14 server1.save
-rw-r--r--. 1 root      qemu               0 Feb 27 18:14 server2.save


11. restore guest with this save file, also successful, guest works well
# virsh restore /tmp/pl/new.save 
Domain restored from /tmp/pl/new.save

are the above steps enough to verify this bug?
Comment 6 John Ferlan 2015-02-27 11:28:27 UTC 
Looks fine to me
Comment 8 errata-xmlrpc 2015-07-22 05:48:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1252.html
Note You need to log in before you can comment on or make changes to this bug.