
On 30.10.2012 10:00, Martin Kletzander wrote:
On 10/29/2012 04:18 PM, Michal Privoznik wrote:
through which user set under what permissions does sanlock daemon run so libvirt will set the same permissions for files exposed to it. ---
diff to v1: -update spec file so sanlock dir is installed with root:sanlock iff group sanlock exists
docs/locking.html.in | 22 +++++++++ libvirt.spec.in | 7 +++ src/locking/libvirt_sanlock.aug | 2 + src/locking/lock_driver_sanlock.c | 76 ++++++++++++++++++++++++++++++- src/locking/sanlock.conf | 11 ++++- src/locking/test_libvirt_sanlock.aug.in | 2 + 6 files changed, 118 insertions(+), 2 deletions(-)
diff --git a/docs/locking.html.in b/docs/locking.html.in index 6d7b517..19dd6a3 100644 --- a/docs/locking.html.in +++ b/docs/locking.html.in @@ -121,6 +121,28 @@ </pre>
<p> + If your sanlock daemon happen to run under non-root + privileges, you need to tell this to libvirt so it + chowns created files correctly. This can be done by + setting <code>user</code> and/or <code>group</code> + variables in the configuration file. Accepted values + range is specified in description to the same + variables in <code>/etc/libvirt/qemu.conf</code>. For + example: + </p> + + <pre> + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock + </pre> + + <p> + But remember, that if this is NFS share, you need a + no_root_squash-ed one for chown (and chmod possibly) + to succeed. + </p> + + <p> In terms of storage requirements, if the filesystem uses 512 byte sectors, you need to allow for <code>1MB</code> of storage for each guest disk. So if you have a network diff --git a/libvirt.spec.in b/libvirt.spec.in index ebebfab..edc43af 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1568,6 +1568,13 @@ fi /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || : %endif
+%pre lock-sanlock +if $(getent group sanlock > /dev/null; echo $?) == 0 + chmod 0770 %{_localstatedir}/lib/libvirt/sanlock + chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock +endif
Change this to:
%post lock-sanlock if getent group sanlock > /dev/null; then chmod 0770 %{_localstatedir}/lib/libvirt/sanlock chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock fi
and you've got my ACK (we should make this working in 1.0.0,
Martin
Changed and pushed. Thanks. Michal