[one-users] Fwd: Permissions of Checkpoint file

Tino Vazquez tinova at fdi.ucm.es
Fri Jul 31 09:37:58 PDT 2009


FYI

---

Hi Richard,

This turned out to be an issue dependant on linux distributions. In
most of them, the default virsh connection uri is qemu:///system,
which makes the libvirt daemon to perform operations as root. I've
filed an issue to make OpenNebula configurable in this regard [1].

Meanwhile, a possible workaround is to patch the
$ONE_LOCATION/lib/mads/one_vmm_kvm.rb, changing lines 48-56 to read:

  LIBVIRT       = {
      :create   => "virsh -c qemu:///session create",
      :shutdown => "virsh -c qemu:///session  shutdown",
      :cancel   => "virsh -c qemu:///session destroy",
      :save     => "virsh -c qemu:///session save",
      :restore  => "virsh -c qemu:///session restore",
      :migrate  => "virsh -c qemu:///session migrate --live",
      :poll     => "virsh -c qemu:///session dominfo"
  }

Libvirt daemon will create the checkpointing file with <oneadmin> ownership.

Hope it helps,

-Tino

[1] http://dev.opennebula.org/issues/131

--
Constantino Vázquez, Grid Technology Engineer/Researcher:
http://www.dsa-research.org/tinova
DSA Research Group: http://dsa-research.org
Globus GridWay Metascheduler: http://www.GridWay.org
OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org



On Thu, Jul 30, 2009 at 5:36 PM, Primrose,
Richard<richard.primrose at sap.com> wrote:
>
> No, open nebula is run under the oneadmin account.
>
> But libvirtd is run as root (I think it cannot be changed due to requirement for kvm).
> Which means that when kvm process is spawned. It is also owned by root. As a conscequence the checkpoint file is owned by root too. Hence the problem.
>
>
>
>
> -----Original Message-----
> From: tinova79 at gmail.com [mailto:tinova79 at gmail.com] On Behalf Of Tino Vazquez
> Sent: 30 July 2009 16:31
> To: Primrose, Richard
> Subject: Re: [one-users] Permissions of Checkpoint file
>
> Ok let me get this straight. So OpenNebula is being ran as root?
>
> If so, I assume that the ssh access to the other machines is done as
> root as well, in which case it should copy the file with no problems.
>
> In any case, use a non root user to run OpenNebula, root is not recommended.
>
> Another question, which user in the remote nodes is running the libvirtd daemon?
>
> Regards,
>
> -Tino
>
> ---
> Constantino Vázquez, Grid Technology Engineer/Researcher:
> http://www.dsa-research.org/tinova
> DSA Research Group: http://dsa-research.org
> Globus GridWay Metascheduler: http://www.GridWay.org
> OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org
>
>
>
> On Thu, Jul 30, 2009 at 4:32 PM, Primrose,
> Richard<richard.primrose at sap.com> wrote:
>>
>> Hi Tino,
>>
>> Thanks for your quick reply.
>>
>> We are currently using KVM Virtualization and OpenNebula is starting the process under root ownership ( probably why the file is owned by root) , we are also using SSH transport (tm_SSH)as our current storage model.
>>
>> I hope this information helps.
>> Thanks again,
>>
>> Richard
>>
>> -----Original Message-----
>> From: tinova79 at gmail.com [mailto:tinova79 at gmail.com] On Behalf Of Tino Vazquez
>> Sent: 30 July 2009 15:12
>> To: Primrose, Richard
>> Cc: users at lists.opennebula.org
>> Subject: Re: [one-users] Permissions of Checkpoint file
>>
>> Hi there Richard,
>>
>> This checkpoint file permission problem rings a bell, but I need more
>> information.
>>
>> 1) Are you using KVM virtualization?
>> 2) Which storage model are you following, i.e., what transfer manager
>> (nfs or ssh) are you using?
>>
>> Best regards,
>>
>> -Tino
>>
>> --
>> Constantino Vázquez, Grid Technology Engineer/Researcher:
>> http://www.dsa-research.org/tinova
>> DSA Research Group: http://dsa-research.org
>> Globus GridWay Metascheduler: http://www.GridWay.org
>> OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org
>>
>>
>>
>> On Thu, Jul 30, 2009 at 12:29 PM, Primrose,
>> Richard<richard.primrose at sap.com> wrote:
>>>
>>>
>>> Hi,
>>>
>>> I am encountering an error when stopping my VM in opennebula. From the state
>>> diagram, I see that when a VM shuts down/stops, it moves to the EPIL state,
>>> where the local copy of the VM is copied back to the Frontend, and then the
>>> state should progress to DONE as ours is going to FAIL. My problem arises in
>>> this copying phase and I have identified that it has something to do with
>>> the permissions of a Checkpoint file which is owned by root, created on the
>>> node and it does not have permission to copy this file back to the frontend,
>>> any help on this would be much appreciated,
>>>
>>> Thanks in advance,
>>> Richard
>>>
>>> Richard Primrose
>>> Student Intern
>>> SAP Research CEC Belfast
>>> SAP (UK) Limited
>>> University of Ulster - TEIC Building
>>> BT37 0QB Newtownabbey, U.K.
>>> T +44 (0)28 909 30090
>>> mailto:richard.primrose at sap.com
>>> www.sap.com/research
>>>
>>> This communication contains information which is confidential and may also
>>> be privileged. It is for the exclusive use of the addressee. If you are not
>>> the addressee please contact us immediately and also delete the
>>> communication from your computer. Steps have been taken to ensure this
>>> e-mail is free from computer viruses but the recipient is responsible for
>>> ensuring that it is actually virus free before opening it or any
>>> attachments. Any views and/or opinions expressed in this e-mail are of the
>>> author only and do not represent the views of SAP.
>>>
>>> SAP (UK) Limited, Registered in England No. 2152073. Registered Office:
>>> Clockhouse Place, Bedfont Road, Feltham, Middlesex, TW14 8HD.
>>> SAP (UK) Limited, Registered in Northern Ireland No. NFC04016.
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>


More information about the Users mailing list