Hi,

 

we are solving this issue for us by creating a “cinder” group on all hypervisors with the same gid (64061 in your case).

Then we add the nova user to the cinder group and we are fine afterwards.

 

You might need set “dynamic_ownership = 0" In your libvirt qemu.conf

--

Felix Huettner

 

From: 박경원 <park0kyung0won@dgist.ac.kr>
Sent: Monday, October 24, 2022 7:21 AM
To: openstack-discuss@lists.openstack.org
Subject: [yoga][cinder] Cinder NFS backend: Compute service cannot access volume file (UID/GID problem)

 

Hi

I'm trying to setup cinder-volume service with NFS backend

 

When I create a new VM instance with a volume from web UI, cinder-volume service on storage node creates volume file just fine

But I get the following error on compute node and instance fails to spawn.

 

2022-10-24 02:14:25.347 402789 ERROR nova.compute.manager [req-47ec9fb1-9daa-4c24-8673-538797a217cc 8769cfaf608349bd9fbb36f92b188fe3 e1e8e8397cde49899b00d09dec76b29e - default default] [instance: 5acb1dc3-0685-4980-977b-b6dfff6dfb45] Instance failed to spawn: libvirt.libvirtError: internal error: process exited while connecting to monitor: 2022-10-24T02:14:24.819644Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/nova/mnt/99c4f7e8b15983b65e20cb7d37db899f/volume-8f478992-dde3-4c20-9005-61cd34eacf30","aio":"native","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/nova/mnt/99c4f7e8b15983b65e20cb7d37db899f/volume-8f478992-dde3-4c20-9005-61cd34eacf30': Permission denied

 

I've added appropriate configs to apparmor profile. (Using Ubuntu 22.04) Apparmor isn't blocking this access.

While the instance is spawning, I've checked ownership of the volume file on compute node:

 

root@compute-node:/var/lib/nova/mnt$ ls -al

 

total 17

drwxr-xr-x  3 nova  nova  4096 Oct 24 04:19 .

drwxr-xr-x 12 nova  nova  4096 Oct 24 02:14 ..

drwxr-x---  2 64061 64061   11 Oct 24 04:19 99c4f7e8b15983b65e20cb7d37db899f

 

It seems like cinder user on storage node creates volume file with UID/GID of 64061 (cinder user's UID/GID)

But nova user on compute node has UID/GID of 64060, therefore cannot open volume file(/var/lib/nova/mnt/99c4f7e8b15983b65e20cb7d37db899f/volume-8f478992-dde3-4c20-9005-61cd34eacf30)

 

Should I manually set the UID/GID of nova user on compute node to 64061, so both nova user on compute node and cinder user on storage node would have the same UID/GID?

Feels like this duct taping isn't a proper solution. Did I miss something?

 

Thank you

Diese E Mail enthält möglicherweise vertrauliche Inhalte und ist nur für die Verwertung durch den vorgesehenen Empfänger bestimmt. Sollten Sie nicht der vorgesehene Empfänger sein, setzen Sie den Absender bitte unverzüglich in Kenntnis und löschen diese E Mail. Hinweise zum Datenschutz finden Sie hier.