1377820 – vdsm-tool does not check for correct permissions

Bug 1377820 - vdsm-tool does not check for correct permissions

Summary: vdsm-tool does not check for correct permissions

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	BLL.Storage
Sub Component:
Version:	4.0.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium vote
Target Milestone:	---
Target Release:	---
Assignee:	Maor
QA Contact:	Raz Tamir
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-20 17:16 UTC by Logan Kuhn
Modified:	2022-06-30 08:39 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-02-07 15:46:56 UTC
oVirt Team:	Storage
Dependent Products:
Flags:	sbonazzo: ovirt-4.1-

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-46814	0	None	None	None	2022-06-30 08:39:54 UTC

Description Logan Kuhn 2016-09-20 17:16:16 UTC

Description of problem:
On a 4.0.3 host if /var/run/sanlock/sanlock.pid's permissions are sanlock:sanlock it will get permission denied when trying to take over as SPM either forced or not.  If I run vdsm-tool configure --force it doesn't check or fix permissions.  

If I chgrp to qemu it works fine.  
If I add vdsm to the sanlock group it doesn't.

/etc/group:
qemu:*:107:noentrylisted,vdsm
sanlock:*:179:vdsm

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Install new host via web gui
2. SPM will remain normal and the engine log will try endlessly to make it SPM

Actual results:
Host cannot be SPM

Expected results:
Host becomes SPM

Additional info:
2016-09-20 12:07:46,420 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStoragePoolVDSCommand] (DefaultQuartzScheduler1) [4c6f90de] START, ConnectStoragePoolVDSCommand(HostName = ovirt-reqa1, ConnectStoragePoolVDSCommandParameters:{runAsync='true', hostId='5d9188df-aafd-45c9-bc4b-03357ed790b2', vdsId='5d9188df-aafd-45c9-bc4b-03357ed790b2', storagePoolId='00000001-0001-0001-0001-0000000000d8', masterVersion='1'}), log id: 35331970
2016-09-20 12:07:47,624 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStoragePoolVDSCommand] (DefaultQuartzScheduler1) [4c6f90de] FINISH, ConnectStoragePoolVDSCommand, log id: 35331970
2016-09-20 12:07:47,763 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStatusVDSCommand] (DefaultQuartzScheduler1) [4c6f90de] Failed in 'SpmStatusVDS' method
2016-09-20 12:07:47,767 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler1) [4c6f90de] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VDSM ovirt-reqa1 command failed: (13, 'Sanlock resource read failure', 'Permission denied')
2016-09-20 12:07:47,767 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStatusVDSCommand] (DefaultQuartzScheduler1) [4c6f90de] Command 'SpmStatusVDSCommand(HostName = ovirt-reqa1, SpmStatusVDSCommandParameters:{runAsync='true', hostId='5d9188df-aafd-45c9-bc4b-03357ed790b2', storagePoolId='00000001-0001-0001-0001-0000000000d8'})' execution failed: VDSGenericException: VDSErrorException: Failed to SpmStatusVDS, error = (13, 'Sanlock resource read failure', 'Permission denied'), code = 100
2016-09-20 12:07:47,767 INFO  [org.ovirt.engine.core.vdsbroker.irsbroker.I

Comment 1 Yaniv Lavi 2017-02-07 15:46:56 UTC

This should not happen on clean install, please reopen if this recreates on a clean system.

Note You need to log in before you can comment on or make changes to this bug.