Re: [libvirt] [PATCH v2] sanlock: Introduce 'user' and 'group' conf variables

30 Oct 2012

On 30.10.2012 10:00, Martin Kletzander wrote:
...
On 10/29/2012 04:18 PM, Michal Privoznik wrote:
...
through which user set under what permissions does sanlock
daemon run so libvirt will set the same permissions for
files exposed to it.
---
diff to v1:
-update spec file so sanlock dir is installed with root:sanlock
 iff group sanlock exists
docs/locking.html.in                    |   22 +++++++++
 libvirt.spec.in                         |    7 +++
 src/locking/libvirt_sanlock.aug         |    2 +
 src/locking/lock_driver_sanlock.c       |   76 ++++++++++++++++++++++++++++++-
 src/locking/sanlock.conf                |   11 ++++-
 src/locking/test_libvirt_sanlock.aug.in |    2 +
 6 files changed, 118 insertions(+), 2 deletions(-)

diff --git a/docs/locking.html.in b/docs/locking.html.in
index 6d7b517..19dd6a3 100644
--- a/docs/locking.html.in
+++ b/docs/locking.html.in
@@ -121,6 +121,28 @@
     </pre>
<p>
+      If your sanlock daemon happen to run under non-root
+      privileges, you need to tell this to libvirt so it
+      chowns created files correctly. This can be done by
+      setting <code>user</code> and/or <code>group</code>
+      variables in the configuration file. Accepted values
+      range is specified in description to the same
+      variables in <code>/etc/libvirt/qemu.conf</code>. For
+      example:
+    </p>
+
+    <pre>
+      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
+      augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
+    </pre>
+
+    <p>
+      But remember, that if this is NFS share, you need a
+      no_root_squash-ed one for chown (and chmod possibly)
+      to succeed.
+    </p>
+
+    <p>
       In terms of storage requirements, if the filesystem
       uses 512 byte sectors, you need to allow for <code>1MB</code>
       of storage for each guest disk. So if you have a network
diff --git a/libvirt.spec.in b/libvirt.spec.in
index ebebfab..edc43af 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1568,6 +1568,13 @@ fi
 /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || :
 %endif
+%pre lock-sanlock
+if $(getent group sanlock > /dev/null; echo $?) == 0
+    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
+    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
+endif
Change this to:
%post lock-sanlock
if getent group sanlock > /dev/null; then
    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
fi
and you've got my ACK (we should make this working in 1.0.0,
Martin
Changed and pushed. Thanks.

Michal

    