[Openstack] Cinder and NFS: permission denied when creating a volume

Francesc Pinyol Margalef francesc.pinyol.m at gmail.com
Fri Jul 31 01:01:26 UTC 2015


Hi,
I'm trying to configure Cinder with NFS from a Fujitsu Eternus DX.
Mounting the remote resource works fine, but when I try to create
a volume, I get a "Permission denied" in the logs.

The Fujitsu Eternus DX (192.168.1.101) unit has a directory exported:
$ showmount -e 192.168.1.101
Export list for 192.168.1.101:
/mnt/nas/ 192.168.0.0/22

This directory is owned by uid=102 and gid=201.


In the storage node, the configuration files are:

- /etc/cinder/cinder.conf
[DEFAULT]
nfs_shares_config = /etc/cinder/nfsshares
volume_driver = cinder.volume.drivers.nfs.NfsDriver
[...]

- /etc/cinder/nfsshares
192.168.1.101:/mnt/nas/

I have changed the uid and gid of the user cinder, in order to have the
mentioned uid and gid:
# id cinder
uid=102(cinder) gid=201(cinder) groups=201(cinder),99(nobody)

When I start the service, the remote resource is mounted:
$ df -h
Filesystem                             Size  Used Avail Use% Mounted on
[...]
192.168.1.101:/mnt/nas/   59T  423G   58T   1%
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51

# ls -l /var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/
drwxrwxr-x. 15 cinder cinder       1024 Jul 30 09:55 cust

# ls -ln /var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/
drwxrwxr-x. 15 102 201       1024 Jul 30 09:55 cust


But when I try to create a volume from another node (controller) with:
$ cinder create --display-name myvol 1

I get the following message in the storage node
(/var/log/cinder/volume.log):
2015-07-31 02:45:19.325 28370 ERROR oslo_messaging.rpc.dispatcher
[req-047ed05d-cd56-410a-afa6-85a4db59728a 751edd7ef0494970bbeecaa5d2861450
f3680324d5124f8ca5937c310881cdb7 - - -] Exception during message handling:
Unexpected error while running command.
Command: None
Exit code: -
Stdout: u"Unexpected error while running command.\nCommand: sudo
cinder-rootwrap /etc/cinder/rootwrap.conf truncate -s 1G
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7\nExit
code: 1\nStdout: u''\nStderr: '/bin/truncate: cannot open
\\xe2\\x80\\x98/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7\\xe2\\x80\\x99
for writing: Permission denied\\n'"
Stderr: None


As expected, if I try to manually run the same problematic command as root,
I get the same error:
# sudo cinder-rootwrap /etc/cinder/rootwrap.conf truncate -s 1G
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7
/bin/truncate: cannot open
‘/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7’
for writing: Permission denied

But if I run it as cinder user, all is fine:
[root at storage-node cinder]# su -c "truncate -s 1G
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7"
cinder
[root at storage-node cinder]# ls -l
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7
-rw-r--r--. 1 cinder cinder 1073741824 Jul 31 02:51
/var/lib/cinder/mnt/9ae799cf301b19940950ae49dd800c51/volume-4ee83412-bf7d-4cd2-ae74-cffd5af3adc7


Why Cinder is not able to write to the mounted directory?
Should Cinder be forced to write to the mounted directory as cinder user?
How?


Francesc



-- 
Francesc Pinyol Margalef
http://www.francescpinyol.cat/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150731/b28c6687/attachment.html>


More information about the Openstack mailing list