Bug#887520: nbd-client: does not connect if export is named "server-media"
Hi Wouter, * Wouter Verhelst[2018-01-18; 23:42]: > On Thu, Jan 18, 2018 at 12:01:48AM +0100, Gregor Zattler wrote: >> $ sudo nbd-client -name "server-media" shi /dev/nbd1 >> Negotiation: ..Error: Read failed: End of file >> Exiting. > > What does your syslog say at that point in time? nbd-server should log > something when it fails. I changed the config to "server-media" as name for the export and did a 'sudo systemctl restart nbd-server.service' on the server and then I connected from the client via 'sudo nbd-client -name "server-media" shi /dev/nbd1': Jan 19 11:05:55 shi nbd-server[20236]: Stopping Network Block Device server: nbd-server. Jan 19 11:05:55 shi nbd-server[20239]: nbd-server. Jan 19 11:06:13 shi nbd_server[20241]: Spawned a child process Jan 19 11:06:13 shi nbd_server[20257]: Connection not allowed (unknown by parent?!?) Jan 19 11:06:13 shi nbd_server[20257]: Modern initial negotiation failed Jan 19 11:06:13 shi nbd_server[20241]: Child exited with 1 Then I changed the name of the export back to "shi-media", did the same to restart and connected from the client to shi-media: Jan 19 11:08:16 shi nbd-server[20597]: Stopping Network Block Device server: nbd-server. Jan 19 11:08:16 shi nbd-server[20599]: nbd-server. Jan 19 11:08:23 shi nbd_server[20601]: Spawned a child process Jan 19 11:08:23 shi nbd_server[20615]: virtstyle ipliteral Jan 19 11:08:23 shi nbd_server[20615]: connect from 192.168.1.22, assigned file is /dev/sda5 Jan 19 11:08:23 shi nbd_server[20615]: No authorization file, granting access. Jan 19 11:08:23 shi nbd_server[20615]: Size of exported file/device is 966367641600 Jan 19 11:08:23 shi nbd_server[20615]: Starting to serve In order to get the above excerpt of syslog I did 'sudo grep nbd /var/log/syslog' on the server. HTH and thanks for looking into this. ATM I'm hearing music thanks to your nbd related efforts.Regards, Gregor
Bug#887520: nbd-client: does not connect if export is named "server-media"
On Thu, Jan 18, 2018 at 12:01:48AM +0100, Gregor Zattler wrote: > $ sudo nbd-client -name "server-media" shi /dev/nbd1 > Negotiation: ..Error: Read failed: End of file > Exiting. What does your syslog say at that point in time? nbd-server should log something when it fails. Thanks, -- Could you people please use IRC like normal people?!? -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008 Hacklab
Bug#887520: nbd-client: does not connect if export is named "server-media"
Hi Wouter, * Wouter Verhelst[2018-01-17; 18:33]: > On Wed, Jan 17, 2018 at 06:12:59PM +0100, Gregor Zattler wrote: >> There is a nbd server version 1:3.16.2-1 running on a debian >> testing/buster server with amongst others this definition of an >> export in /etc/nbd-server/config: >> >> [server-media] >> exportname = /dev/sda5 > > If you're doing that, you need to ensure that the NBD server has access > to /dev/sda5, at least read access (but possibly write access, too). Out > of the box, this is not possible (you can export files too). > > In order to do so, you have two options: > > - Either tell udev to change ownership and/or permissions of /dev/sda5 > so that a process running as the "nbd" user and/or group can read (and > possibly write) to the device; > - Or comment out or change the "user" and/or "group" setting in the > configuration file, so that the user and/or group are no longer set to > "nbd" but instead to "disk" or left as "root". > > If you don't do either of those, then the nbd-server will not have > access to the partitions and cannot possibly export it. > >> flush = true >> fua = true >> >> When I connect to this export with nbd-client version 1:3.15.2-3 >> from a debian stretch system I get: >> >> $ sudo nbd-client -name server-media shi /dev/nbd1 >> Negotiation: ..Error: Read failed: End of file >> Exiting. > > This is the normal error message you get when the server cannot access > the device in question. IMHO this is not a permissions problem, as shown with this log of my actions: on server (shi): $ egrep "user|group" /etc/nbd-server/config # If you want to run everything as root rather than the nbd user, you user = nbd group = nbd $ sudo systemctl restart nbd-server.service $ ls -l /dev/sda*|grep nbd brw-rw 1 root nbd 8, 5 Jan 17 23:44 /dev/sda5 brw-rw 1 root nbd 8, 6 Jan 17 17:48 /dev/sda6 on client (len): $ sudo nbd-client -l shi Negotiation: .. crypt-server-backup shi-media $ sudo nbd-client -name "shi-media" shi /dev/nbd1 Negotiation: ..size = 921600MB bs=1024, sz=966367641600 bytes now on server again: $ sudo sed -i -e "s/shi-media/server-media/" /etc/nbd-server/config $ sudo systemctl restart nbd-server.service $ ls -l /dev/sda*|grep nbd brw-rw 1 root nbd 8, 5 Jan 17 23:50 /dev/sda5 brw-rw 1 root nbd 8, 6 Jan 17 17:48 /dev/sda6 back to client: $ sudo nbd-client -l shi Negotiation: .. crypt-server-backup server-media $ sudo nbd-client -name "server-media" shi /dev/nbd1 Negotiation: ..Error: Read failed: End of file Exiting. what happened to the permissions on the server?: $ ls -l /dev/sda*|grep nbd brw-rw 1 root nbd 8, 5 Jan 17 23:50 /dev/sda5 brw-rw 1 root nbd 8, 6 Jan 17 17:48 /dev/sda6 Now on server I change my nbd-server config not to use nbd as user/group: $ egrep "user|group" /etc/nbd-server/config # If you want to run everything as root rather than the nbd user, you # user = nbd # group = nbd $ sudo chgrp disk /dev/sda5 $ ls -l /dev/sda5 brw-rw 1 root disk 8, 5 Jan 17 23:50 /dev/sda5 $ sudo systemctl restart nbd-server.service and back to client: $ sudo nbd-client -l shi Negotiation: .. crypt-server-backup server-media $ sudo nbd-client -c /dev/nbd1 || echo not connected not connected $ sudo nbd-client -name "server-media" shi /dev/nbd1 Negotiation: ..Error: Read failed: End of file Exiting. Changing the exports name helps while changing the user/group does not help with this problem. >> When I rename this export on the server to "shi-media", restart the >> nbd-server.service and do: >> >> $ sudo nbd-client -name shi-media shi /dev/nbd1 >> Negotiation: ..size = 921600MB >> bs=1024, sz=966367641600 bytes > > I suspect that something changed related to permissions in between the > two runs, and that that, rather than the name change, is responsible for > it succeeding the second time. > >> I would assume this bug applies to all export names beginning >> with "server-". >> >> It should be possible to use export names beginning with >> "server-" or at least this restriction should be documented. > > There is no such restriction. The only restrictions existing for export > names are one of length (4096 bytes maximum, although "only" 256 should > be used if one desires to remain compatible with other implementations) > and a practical one of legal characters for section headers implemented > by glib's GKeyFile API. Thanks for looking into this. Ciao; Gregor -- -... --- .-. . -.. ..--.. ...-.-
Bug#887520: nbd-client: does not connect if export is named "server-media"
Hi Gregor, On Wed, Jan 17, 2018 at 06:12:59PM +0100, Gregor Zattler wrote: > Package: nbd-client > Version: 1:3.15.2-3 > Severity: normal > > Dear Maintainer, > > I do not know if this is a nbd-client or nbd-server related bug: > > There is a nbd server version 1:3.16.2-1 running on a debian > testing/buster server with amongst others this definition of an > export in /etc/nbd-server/config: > > [server-media] > exportname = /dev/sda5 If you're doing that, you need to ensure that the NBD server has access to /dev/sda5, at least read access (but possibly write access, too). Out of the box, this is not possible (you can export files too). In order to do so, you have two options: - Either tell udev to change ownership and/or permissions of /dev/sda5 so that a process running as the "nbd" user and/or group can read (and possibly write) to the device; - Or comment out or change the "user" and/or "group" setting in the configuration file, so that the user and/or group are no longer set to "nbd" but instead to "disk" or left as "root". If you don't do either of those, then the nbd-server will not have access to the partitions and cannot possibly export it. > flush = true > fua = true > > When I connect to this export with nbd-client version 1:3.15.2-3 > from a debian stretch system I get: > > $ sudo nbd-client -name server-media shi /dev/nbd1 > Negotiation: ..Error: Read failed: End of file > Exiting. This is the normal error message you get when the server cannot access the device in question. > When I rename this export on the server to "shi-media", restart the > nbd-server.service and do: > > $ sudo nbd-client -name shi-media shi /dev/nbd1 > Negotiation: ..size = 921600MB > bs=1024, sz=966367641600 bytes I suspect that something changed related to permissions in between the two runs, and that that, rather than the name change, is responsible for it succeeding the second time. > I would assume this bug applies to all export names beginning > with "server-". > > It should be possible to use export names beginning with > "server-" or at least this restriction should be documented. There is no such restriction. The only restrictions existing for export names are one of length (4096 bytes maximum, although "only" 256 should be used if one desires to remain compatible with other implementations) and a practical one of legal characters for section headers implemented by glib's GKeyFile API. -- Could you people please use IRC like normal people?!? -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008 Hacklab
Bug#887520: nbd-client: does not connect if export is named "server-media"
Package: nbd-client Version: 1:3.15.2-3 Severity: normal Dear Maintainer, I do not know if this is a nbd-client or nbd-server related bug: There is a nbd server version 1:3.16.2-1 running on a debian testing/buster server with amongst others this definition of an export in /etc/nbd-server/config: [server-media] exportname = /dev/sda5 flush = true fua = true When I connect to this export with nbd-client version 1:3.15.2-3 from a debian stretch system I get: $ sudo nbd-client -name server-media shi /dev/nbd1 Negotiation: ..Error: Read failed: End of file Exiting. When I rename this export on the server to "shi-media", restart the nbd-server.service and do: $ sudo nbd-client -name shi-media shi /dev/nbd1 Negotiation: ..size = 921600MB bs=1024, sz=966367641600 bytes I would assume this bug applies to all export names beginning with "server-". It should be possible to use export names beginning with "server-" or at least this restriction should be documented. Thanks for providing and maintaining nbd. Ciao; Gregor -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nbd-client depends on: ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u1 ii libgnutls303.5.8-5+deb9u3 nbd-client recommends no packages. nbd-client suggests no packages. -- Configuration Files: /etc/nbdtab changed: nbd0 shi crypt-server-backup nbd1 shi server-media -- debconf information: nbd-client/no-auto-config: nbd-client/killall_set: