Re: [libvirt] [PATCH v2] sanlock: Introduce 'user' and 'group' conf variables
On 10/29/2012 04:18 PM, Michal Privoznik wrote:
through which user set under what permissions does sanlock
daemon run so libvirt will set the same permissions for
files exposed to it.
---
diff to v1:
-update spec file so sanlock dir is installed with root:sanlock
iff group sanlock exists
docs/locking.html.in | 22 +++++++++
libvirt.spec.in | 7 +++
src/locking/libvirt_sanlock.aug | 2 +
src/locking/lock_driver_sanlock.c | 76 ++++++++++++++++++++++++++++++-
src/locking/sanlock.conf | 11 ++++-
src/locking/test_libvirt_sanlock.aug.in | 2 +
6 files changed, 118 insertions(+), 2 deletions(-)
diff --git a/docs/locking.html.in b/docs/locking.html.in
index 6d7b517..19dd6a3 100644
--- a/docs/locking.html.in
+++ b/docs/locking.html.in
@@ -121,6 +121,28 @@
</pre>
<p>
+ If your sanlock daemon happen to run under non-root
+ privileges, you need to tell this to libvirt so it
+ chowns created files correctly. This can be done by
+ setting <code>user</code> and/or <code>group</code>
+ variables in the configuration file. Accepted values
+ range is specified in description to the same
+ variables in <code>/etc/libvirt/qemu.conf</code>. For
+ example:
+ </p>
+
+ <pre>
+ augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
+ augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
+ </pre>
+
+ <p>
+ But remember, that if this is NFS share, you need a
+ no_root_squash-ed one for chown (and chmod possibly)
+ to succeed.
+ </p>
+
+ <p>
In terms of storage requirements, if the filesystem
uses 512 byte sectors, you need to allow for <code>1MB</code>
of storage for each guest disk. So if you have a network
diff --git a/libvirt.spec.in b/libvirt.spec.in
index ebebfab..edc43af 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1568,6 +1568,13 @@ fi
/bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || :
%endif
+%pre lock-sanlock
+if $(getent group sanlock > /dev/null; echo $?) == 0
+ chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
+ chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
+endif
Change this to:
%post lock-sanlock
if getent group sanlock > /dev/null; then
chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
fi
and you've got my ACK (we should make this working in 1.0.0,
Martin