From: Josh Durgin <josh.durgin@dreamhost.com>
To: "Sławomir Skowron" <szibis@gmail.com>
Cc: ceph-devel@vger.kernel.org
Subject: Re: Problem with attaching rbd device in qemu-kvm
Date: Mon, 12 Dec 2011 10:53:54 -0800 [thread overview]
Message-ID: <4EE64DC2.9090206@dreamhost.com> (raw)
In-Reply-To: <CAMwB3TgS0XuhqPEh5kTdJsNf1BP=2uOXUex4izTZhfbLbT9FNQ@mail.gmail.com>
On 12/09/2011 04:48 AM, Sławomir Skowron wrote:
> Sorry, for my lag, but i was sick.
>
> I handled problem with apparmor before and now it's not a problem,
> even when i send mail before, it was solved.
>
> Ok when i create image from qemu-img it's looks like that, and works
> perfect, (attachment with log of this opperation.)
>
> But when i use virsh, it's still a problem. Just like he don't know
> what user is going to be auth.
>
> I try, as client.admin (default i hope :)) only with id=admin in
> kvm.xml, or client=admin, and other combinations - like client.rbd
> etc., Still nothing.
admin is the default, and the correct option for client.admin is
id=admin, or id=foo for client.foo.
>
> I try, improve a keyring file, adding client rbd into keyring on
> machine with kvm hypervisor in /etc/ceph/keyring.bin
>
> [client.rbd]
> key = AAAAAAAAAAAAAAAA
> auid = 18446744073709551615
> caps mds = "allow"
> caps mon = "allow r"
> caps osd = "allow rw pool=kvmtest"
>
> and on cluster site like above. I was added, a section [client.rbd]
> with keyring path, and it's still a problem.
>
Did you run 'ceph auth add -i /etc/ceph/keyring.bin'?
Make sure 'ceph auth list' shows client.rbd with the right key.
> 2011-12-09 13:29:11.519096 7fe616b59700 mon.0@0(leader) e1
> ms_verify_authorizer 10.177.32.66:0/58020608 client protocol 0
> root@s3-10-177-64-4:~# tail -n10000 /var/log/ceph/mon.0.log | grep 13:29:11.
> 2011-12-09 13:29:11.519096 7fe616b59700 mon.0@0(leader) e1
> ms_verify_authorizer 10.177.32.66:0/58020608 client protocol 0
> 2011-12-09 13:29:11.519624 7fe61b090700 -- 10.177.64.4:6789/0<==
> client.? 10.177.32.66:0/58020608 1 ==== auth(proto 0 21 bytes) v1 ====
> 47+0+0 (3310669357 0 0) 0x17f2e00 con 0x19d2c80
> 2011-12-09 13:29:11.519645 7fe61b090700 mon.0@0(leader) e1 have connection
> 2011-12-09 13:29:11.519655 7fe61b090700 mon.0@0(leader) e1 do not have
> session, making new one
> 2011-12-09 13:29:11.519668 7fe61b090700 mon.0@0(leader) e1 ms_dispatch
> new session MonSession: client.? 10.177.32.66:0/58020608 is open for
> client.? 10.177.32.66:0/58020608
> 2011-12-09 13:29:11.519674 7fe61b090700 mon.0@0(leader) e1 setting
> timeout on session
> 2011-12-09 13:29:11.519680 7fe61b090700 mon.0@0(leader) e1 caps
> 2011-12-09 13:29:11.519688 7fe61b090700 mon.0@0(leader).auth v353
> AuthMonitor::update_from_paxos()
> 2011-12-09 13:29:11.519697 7fe61b090700 mon.0@0(leader).auth v353
> preprocess_query auth(proto 0 21 bytes) v1 from client.?
> 10.177.32.66:0/58020608
> 2011-12-09 13:29:11.519703 7fe61b090700 mon.0@0(leader).auth v353
> prep_auth() blob_size=21
> 2011-12-09 13:29:11.519735 7fe61b090700 -- 10.177.64.4:6789/0 -->
> 10.177.32.66:0/58020608 -- auth_reply(proto 0 -95 Operation not
> supported) v1 -- ?+0 0x1246200 con 0x19d2c80
>
> from libvirt.log
>
> 23:20:56.689: 1309: error : virSecurityDACRestoreSecurityFileLabel:143
> : cannot resolve symlink rbd:kvmtest/kvmtest1:name=admin: No such file
> or directory
> 23:20:56.882: 1309: warning : qemuDomainAttachPciDiskDevice:250 :
> Unable to restore security label on rbd:kvmtest/kvmtest1:name=admin
> 23:21:09.172: 1309: error : qemuMonitorTextAddDrive:2418 : operation
> failed: open disk image file failed
> 23:21:09.172: 1309: error : virSecurityDACRestoreSecurityFileLabel:143
> : cannot resolve symlink rbd:kvmtest/kvmtest1:name=admin: No such file
> or directory
> 23:21:09.364: 1309: warning : qemuDomainAttachPciDiskDevice:250 :
> Unable to restore security label on rbd:kvmtest/kvmtest1:name=admin
> 23:21:49.645: 1309: error : qemuMonitorTextAddDrive:2418 : operation
> failed: open disk image file failed
> 23:21:49.645: 1309: error : virSecurityDACRestoreSecurityFileLabel:143
> : cannot resolve symlink rbd:kvmtest/kvmtest1:id=admin: No such file
> or directory
> 23:21:49.853: 1309: warning : qemuDomainAttachPciDiskDevice:250 :
> Unable to restore security label on rbd:kvmtest/kvmtest1:id=admin
> 13:08:08.924: 1309: error : qemuMonitorTextAddDrive:2418 : operation
> failed: open disk image file failed
> 13:08:08.924: 1309: error : virSecurityDACRestoreSecurityFileLabel:143
> : cannot resolve symlink rbd:kvmtest/kvmtest1: No such file or
> directory
> 13:08:09.117: 1309: warning : qemuDomainAttachPciDiskDevice:250 :
> Unable to restore security label on rbd:kvmtest/kvmtest1
> 13:09:45.402: 1309: error : qemuMonitorTextAddDrive:2418 : operation
> failed: open disk image file failed
> 13:29:05.554: 1310: error : qemuMonitorTextAddDrive:2418 : operation
> failed: open disk image file failed
> 13:29:05.554: 1310: error : virSecurityDACRestoreSecurityFileLabel:143
> : cannot resolve symlink kvmtest/kvmtest1: No such file or directory
> 13:29:05.751: 1310: warning : qemuDomainAttachPciDiskDevice:250 :
> Unable to restore security label on kvmtest/kvmtest1
> 13:29:05.751: 1310: warning : virEventPollUpdateHandle:147 : Ignoring
> invalid update watch -1
This is libvirt mistakenly trying to treat the rbd disk as a file -
fixed in 20e1233c31e3150d259073c523077acdccb5d419 to libvirt. If you
don't want to upgrade libvirt, someone on IRC last week reported that
installing libapparmor1 fixed this problem for them, since libvirt no
longer fell back to it's own DAC implementation.
> 2011/12/1 Josh Durgin<josh.durgin@dreamhost.com>:
>> On 12/01/2011 11:37 AM, Sławomir Skowron wrote:
>>>
>>> I have some problems. Can you help me ??
>>>
>>> ceph cluster:
>>> ceph 0.38, oneiric, kernel 3.0.0 x86_64 - now only one machine.
>>>
>>> kvm hypervisor:
>>> kvm version 1.0-rc4 (0.15.92), libvirt 0.9.2, kernel 3.0.0, Ubuntu
>>> oneiric x86_64.
>>>
>>> I create image from qemu-img on machine with kvm VM's, and it works very
>>> well:
>>>
>>> qemu-img create -f rbd rbd:kvmtest/kvmtest1 10G
>>> Formatting 'rbd:kvmtest/kvmtest1', fmt=rbd size=10737418240 cluster_size=0
>>>
>>> in ceph cluster machines:
>>>
>>> rados -p kvmtest ls
>>> kvmtest1.rbd
>>> rbd_directory
>>> rbd_info
>>>
>>> But when i try to attach new device to kvm VM like this:
>>>
>>> virsh attach-device one-10 /tmp/kvm.xml
>>>
>>> with kvm.xml like this:
>>>
>>> <disk type='network' device='disk'>
>>> <driver name='qemu' type='raw' cache='writeback'/>
>>> <source protocol='rbd' name='rbd:kvmtest/kvmtest1'>
>>> <host name='10.177.64.4' port='6789'/>
>>> </source>
>>> <target dev='vdc' bus='virtio'/>
>>> </disk>
>>>
>>> output of virsh:
>>>
>>> error: Failed to attach device from /tmp/kvm.xml
>>> error: cannot resolve symlink rbd:kvmtest/kvmtest1: No such file or
>>> directory
>>
>>
>> From the monitor output below, I'm assuming this is just a bad error message
>> from libvirt.
>>
>>
>>> and mon.0 log in ceph cluster.
>>>
>>> 2011-12-01 20:18:17.142595 7fe02dd04700 mon.0@0(leader) e1
>>> ms_verify_authorizer 10.177.32.66:0/25020608 client protocol 0
>>> 2011-12-01 20:18:17.143041 7fe03223b700 -- 10.177.64.4:6789/0<==
>>> client.? 10.177.32.66:0/25020608 1 ==== auth(proto 0 21 bytes) v1 ====
>>> 47+0+0 (3310669357 0 0) 0x29f6a00 con 0x297adc0
>>> 2011-12-01 20:18:17.143095 7fe03223b700 mon.0@0(leader) e1 ms_dispatch
>>> new session MonSession: client.? 10.177.32.66:0/25020608 is open for
>>> client.? 10.177.32.66:0/25020608
>>> 2011-12-01 20:18:17.143125 7fe03223b700 mon.0@0(leader).auth v146
>>> preprocess_query auth(proto 0 21 bytes) v1 from client.?
>>> 10.177.32.66:0/25020608
>>> 2011-12-01 20:18:17.143168 7fe03223b700 -- 10.177.64.4:6789/0 -->
>>> 10.177.32.66:0/25020608 -- auth_reply(proto 0 -95 Operation not
>>> supported) v1 -- ?+0 0x2f30600 con 0x297adc0
>>
>>
>> Here you can see qemu isn't authenticating correctly, probably because the
>> rados user isn't being set by libvirt. With your libvirt version, you'll
>> need to change:
>>
>>
>> <source protocol='rbd' name='rbd:kvmtest/kvmtest1'>
>>
>> to
>>
>> <source protocol='rbd' name='rbd:kvmtest/kvmtest1:id=foo'>
>>
>> to authenticate as client.foo. Any ceph config option can be set like that,
>> separated by colons.
>>
>> If this still doesn't work, I'd suggest setting
>> debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2 to get more info in
>> the libvirt instance log (usually /var/log/libvirt/qemu/instance_name.log).
>> There may be apparmour restrictions preventing qemu from reading the keyring
>> or ceph config files.
>>
>>
>>> ceph.conf, and keyring.bin exists on server, and machine with qemu-kvm
>>> in same directory:
>>> ; global
>>> [global]
>>> ; enable secure authentication
>>>
>>> auth supported = cephx
>>> keyring = /etc/ceph/keyring.bin
>>>
>>> debug rgw = 1
>>>
>>> rgw print continue = false
>>> rgw socket path = /var/run/radosgw.sock
>>>
>>> ; monitors
>>> ; You need at least one. You need at least three if you want to
>>> ; tolerate any node failures. Always create an odd number.
>>> [mon]
>>> mon data = /vol0/data/mon.$id
>>>
>>> ; some minimal logging (just message traffic) to aid debugging
>>>
>>> debug ms = 1 ; see message traffic
>>> debug mon = 0 ; monitor
>>> debug paxos = 0 ; monitor replication
>>> debug auth = 0 ;
>>>
>>> mon allowed clock drift = 2
>>>
>>> [mon.0]
>>> host = 10-177-64-4
>>> mon addr = 10.177.64.4:6789
>>>
>>> ; radosgw client list
>>> [client.radosgw.10-177-64-4]
>>>
>>> host = 10-177-64-4
>>> log file = /var/log/ceph/$name.log
>>> debug rgw = 1
>>> debug ms = 1
>>>
>>> ; osd
>>> ; You need at least one. Two if you want data to be replicated.
>>> ; Define as many as you like.
>>> [osd]
>>> ; This is where the btrfs volume will be mounted.
>>>
>>> osd data = /vol0/data/osd.$id
>>>
>>> ; Ideally, make this a separate disk or partition. A few GB
>>> ; is usually enough; more if you have fast disks. You can use
>>> ; a file under the osd data dir if need be
>>> ; (e.g. /data/osd$id/journal), but it will be slower than a
>>> ; separate disk or partition.
>>>
>>> osd journal = /vol0/data/osd.$id/journal
>>>
>>> ; If the OSD journal is a file, you need to specify the size.
>>> This is specified in MB.
>>>
>>> osd journal size = 512
>>>
>>> filestore journal writeahead = 1
>>> osd heartbeat grace = 5
>>>
>>> debug ms = 0 ; message traffic
>>> debug osd = 0
>>> debug filestore = 0 ; local object storage
>>> debug journal = 0 ; local journaling
>>> debug monc = 0
>>> debug rados = 1
>>>
>>> [osd.0]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.0
>>> keyring = /vol0/data/osd.0/keyring
>>>
>>> [osd.1]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.1
>>> keyring = /vol0/data/osd.1/keyring
>>>
>>> [osd.2]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.2
>>> keyring = /vol0/data/osd.2/keyring
>>>
>>> [osd.3]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.3
>>> keyring = /vol0/data/osd.3/keyring
>>>
>>> [osd.4]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.4
>>> keyring = /vol0/data/osd.4/keyring
>>>
>>> [osd.5]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.5
>>> keyring = /vol0/data/osd.5/keyring
>>>
>>> [osd.6]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.6
>>> keyring = /vol0/data/osd.6/keyring
>>>
>>> [osd.7]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.7
>>> keyring = /vol0/data/osd.7/keyring
>>>
>>> [osd.8]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.8
>>> keyring = /vol0/data/osd.8/keyring
>>>
>>> [osd.9]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.9
>>> keyring = /vol0/data/osd.9/keyring
>>>
>>> [osd.10]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.10
>>> keyring = /vol0/data/osd.10/keyring
>>>
>>> [osd.11]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.11
>>> keyring = /vol0/data/osd.11/keyring
>>>
>>> [osd.12]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.12
>>> keyring = /vol0/data/osd.12/keyring
>>>
>>> [osd.13]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.13
>>> keyring = /vol0/data/osd.13/keyring
>>>
>>> [osd.14]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.14
>>> keyring = /vol0/data/osd.14/keyring
>>>
>>> [osd.15]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.15
>>> keyring = /vol0/data/osd.15/keyring
>>>
>>> [osd.16]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.16
>>> keyring = /vol0/data/osd.16/keyring
>>>
>>> [osd.17]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.17
>>> keyring = /vol0/data/osd.17/keyring
>>>
>>> [osd.18]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.18
>>> keyring = /vol0/data/osd.18/keyring
>>>
>>> [osd.19]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.19
>>> keyring = /vol0/data/osd.19/keyring
>>>
>>> [osd.20]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.20
>>> keyring = /vol0/data/osd.20/keyring
>>>
>>> [osd.21]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.21
>>> keyring = /vol0/data/osd.21/keyring
>>>
>>> [osd.22]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.22
>>> keyring = /vol0/data/osd.22/keyring
>>>
>>> [osd.23]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.23
>>> keyring = /vol0/data/osd.23/keyring
>>>
>>> [osd.24]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.24
>>> keyring = /vol0/data/osd.24/keyring
>>>
>>> [osd.25]
>>> host = 10-177-64-4
>>> osd data = /vol0/data/osd.25
>>> keyring = /vol0/data/osd.25/keyring
>>>
>>>
>>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-12-12 18:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-01 19:37 Problem with attaching rbd device in qemu-kvm Sławomir Skowron
2011-12-01 20:42 ` Josh Durgin
2011-12-09 12:48 ` Sławomir Skowron
2011-12-12 18:53 ` Josh Durgin [this message]
2011-12-13 12:56 ` Sławomir Skowron
2011-12-13 20:08 ` Josh Durgin
2011-12-16 12:17 ` Sławomir Skowron
2011-12-19 15:37 ` Sławomir Skowron
2011-12-20 2:41 ` Josh Durgin
2011-12-20 9:38 ` Sławomir Skowron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EE64DC2.9090206@dreamhost.com \
--to=josh.durgin@dreamhost.com \
--cc=ceph-devel@vger.kernel.org \
--cc=szibis@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.