[Openstack] Cinder and NFS: permission denied when creating a volume

Francesc Pinyol Margalef francesc.pinyol.m at gmail.com
Fri Jul 31 01:01:26 UTC 2015

I'm trying to configure Cinder with NFS from a Fujitsu Eternus DX.
Mounting the remote resource works fine, but when I try to create
a volume, I get a "Permission denied" in the logs.

The Fujitsu Eternus DX ( unit has a directory exported:
$ showmount -e
Export list for

This directory is owned by uid=102 and gid=201.

In the storage node, the configuration files are:

- /etc/cinder/cinder.conf
nfs_shares_config = /etc/cinder/nfsshares
volume_driver = cinder.volume.drivers.nfs.NfsDriver

- /etc/cinder/nfsshares

I have changed the uid and gid of the user cinder, in order to have the
mentioned uid and gid:
# id cinder
uid=102(cinder) gid=201(cinder) groups=201(cinder),99(nobody)

When I start the service, the remote resource is mounted:
$ df -h
Filesystem                             Size  Used Avail Use% Mounted on
[...]   59T  423G   58T   1%

# ls -l /var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/
drwxrwxr-x. 15 cinder cinder       1024 Jul 30 09:55 cust

# ls -ln /var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/
drwxrwxr-x. 15 102 201       1024 Jul 30 09:55 cust

But when I try to create a volume from another node (controller) with:
$ cinder create --display-name myvol 1

I get the following message in the storage node
2015-07-31 02:45:19.325 28370 ERROR oslo_messaging.rpc.dispatcher
[req-047ed05d-cd56-410a-afa6-85a4db59728a 751edd7ef0494970bbeecaa5d2861450
f3680324d5124f8ca5937c310881cdb7 - - -] Exception during message handling:
Unexpected error while running command.
Command: None
Exit code: -
Stdout: u"Unexpected error while running command.\nCommand: sudo
cinder-rootwrap /etc/cinder/rootwrap.conf truncate -s 1G
code: 1\nStdout: u''\nStderr: '/bin/truncate: cannot open
for writing: Permission denied\\n'"
Stderr: None

As expected, if I try to manually run the same problematic command as root,
I get the same error:
# sudo cinder-rootwrap /etc/cinder/rootwrap.conf truncate -s 1G
/bin/truncate: cannot open
for writing: Permission denied

But if I run it as cinder user, all is fine:
[root at storage-node cinder]# su -c "truncate -s 1G
[root at storage-node cinder]# ls -l
-rw-r--r--. 1 cinder cinder 1073741824 Jul 31 02:51

Why Cinder is not able to write to the mounted directory?
Should Cinder be forced to write to the mounted directory as cinder user?


Francesc Pinyol Margalef
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150731/b28c6687/attachment.html>

More information about the Openstack mailing list