Solved. The problem was that nfs must correctly map uid:gid from client to server. By default, the root is mapped to default anonymous uid which is nobody. I have the following statement on NFS server in /etc/exports<br><br>
/export gss/krb5p(rw,fsid=0,sync,anonuid=2005,anongid=2005,subtree_check,root_squash)<br><br>so the root requests are mapped in 2005:2005 which are oneadmin:cloud from my LDAP. <br> <br><br><br><br><br><div class="gmail_quote">
On Mon, May 24, 2010 at 1:16 PM, Vladimir Kozhukalov <span dir="ltr"><<a href="mailto:kozhukalov@gmail.com" target="_blank">kozhukalov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I have a fault. Non-root virsh sets NOBODY:NOGROUP to the file where it saves virtual machine because of kerberos NFS. I don't know why, but for usual filesystems it sets root:root owner. So I see now why touch command is used in onevm stop script. Possible way to solve this problem is to launch libvirt daemon in oneadmin:cloud environment, but there will be another problem when network interfaces will bind to the bridge. Will think of it :) <br>
<div><div></div><div>
<br><br><br><br><div class="gmail_quote">On Mon, May 24, 2010 at 12:04 PM, Vladimir Kozhukalov <span dir="ltr"><<a href="mailto:kozhukalov@gmail.com" target="_blank">kozhukalov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I have a problem when I try to stop VM with "onevm stop VMID" command. Log messages is the following <br><br> Mon May 24 11:41:09 2010 [LCM][I]: New VM state is SAVE_STOP<br>Mon May 24 11:41:09 2010 [VMM][I]: Command execution fail: 'touch /srv/cloud/one/var/67/images/checkpoint;virsh --connect qemu:///system save one-67 /srv/cloud/one/var/67/images/checkpoint'<br>
Mon May 24 11:41:09 2010 [VMM][I]: STDERR follows.<br>Mon May 24 11:41:09 2010 [VMM][I]: libvir: QEMU error : operation failed: failed to create '/srv/cloud/one/var/67/images/checkpoint'<br>Mon May 24 11:41:09 2010 [VMM][I]: error: Failed to save domain one-67 to /srv/cloud/one/var/67/images/checkpoint<br>
Mon May 24 11:41:09 2010 [VMM][I]: ExitCode: 1<br>Mon May 24 11:41:09 2010 [VMM][E]: Error saving VM state, -<br>Mon May 24 11:41:09 2010 [LCM][I]: Fail to save VM state. Assuming that the VM is still RUNNING (will poll VM).<br>
Mon May 24 11:41:09 2010 [VMM][I]: VM running but new state from monitor is PAUSED.<br>Mon May 24 11:41:09 2010 [LCM][I]: VM is suspended.<br>Mon May 24 11:41:09 2010 [DiM][I]: New VM state is SUSPENDED<br><br>The problem is that virsh beeing launched in non-root environment saves virtual machine ("virsh save $VM $FILE" command) in file with nobody:nogroup uid and gid. But the touch command in opennebula stop script creates checkpoint file with oneadmin:cloud uid and gid (it is my choice of uid and gid to launch opennebula). I don't know why libvirt uses nobody:nogroup and I don't know how to change such behaviour. Could you help me in this situation? Of course, I can modify opennebula script and remove "touch" command, but I think that is not a way. <br>
<br>And also I have a question (I havn't found in documentaion): why "onevm create VM" command chowns a+w ${ONE_LOCATION}/var/$VMID/images directory? I use shared NFS filesystem with kerberos, and nobody can have write access in NFS untill he has a kerberos ticket even chown a+w had been set on file or directory. Why a+w is used? And who is supposed to write into ${ONE_LOCATION}/var/$VMID/imeges?<br>
<br> <br clear="all"><br>-- <br>Best regards,<br><font color="#888888">Kozhukalov Vladimir<br>
</font></blockquote></div><br><br clear="all"><br></div></div>-- <br>Best regards,<br><font color="#888888">Kozhukalov Vladimir<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Best regards,<br>Kozhukalov Vladimir<br>