Bug#993920: Migration of guests fails on drbd with kvm

2022-02-08 Thread Antoine Beaupre 
Package: ganeti
Version: 3.0.1-2
Followup-For: Bug #993920

Hi,

I'd like to prepare a stable update for this, any objections?

I'll build a local package with the patch, in any case, for testing in
our prod environment...

a.


-- System Information:
Debian Release: 11.2
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), 
(1, 'unstable'), (1, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ganeti depends on:
ii  adduser  3.118
pn  ganeti-3.0   
pn  ganeti-haskell-3.0   
pn  ganeti-htools-3.0
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  python3  3.9.2-3

Versions of packages ganeti recommends:
pn  drbd-utils | drbd8-utils 
ii  fdisk2.36.1-8+deb11u1
pn  ganeti-instance-debootstrap  
ii  ndisc6   1.0.4-2
ii  qemu-system-x86 [qemu-kvm]   1:5.2+dfsg-11+deb11u1

Versions of packages ganeti suggests:
pn  blktap-dkms  
pn  ganeti-doc   
pn  molly-guard

Bug#993920: Migration of guests fails on drbd with kvm

2021-09-08 Thread Sascha Lucas 
On Wed, 08 Sep 2021 10:06:52 +0200 Santiago Garcia Mantinan  
wrote:

> When I tried to see what had happened to those guests connecting to the
> console...  I got:
>   
>   
> # gnt-instance console sid
> Instance sid is paused, unpausing
> 
> But the machine remains in a halted state, farder investigation of what had
> happened revealed...
>   
>   
> # cat /var/log/ganeti/kvm/sid.log
> kvm: Could not open '/var/run/ganeti/instance-disks/sid:0': Permission denied

Just for the record: Upstream PR https://github.com/ganeti/ganeti/pull/1603


pgp7W0XmAJLB9.pgp
Description: PGP signature

Bug#993920: Migration of guests fails on drbd with kvm

2021-09-08 Thread Santiago Garcia Mantinan 
Package: ganeti
Version: 3.0.1-2
Severity: important

Hi!

I tried to contact you through the ganeti at packages.d.o address but I'm
not sure that has arrived to any mailbox, so I'm opening a bug so that we
can comment this.

After having all the nodes of a ganeti cluster updated to bullseye and
cleaned, the cluster is running ok and everything looks fine, so...  I
started moving the guests to their default node and...  guests started to
freeze as they reached the destination node :-(

When I tried to see what had happened to those guests connecting to the
console...  I got:

# gnt-instance console sid
Instance sid is paused, unpausing

But the machine remains in a halted state, farder investigation of what had
happened revealed...

# cat /var/log/ganeti/kvm/sid.log
kvm: Could not open '/var/run/ganeti/instance-disks/sid:0': Permission denied
# ls -l /var/run/ganeti/instance-disks/sid:0
lrwxrwxrwx 1 root root 11 sep  2 12:48 /var/run/ganeti/instance-disks/sid:0 -> 
/dev/drbd11
# ls -l /dev/drbd*
brw-rw 1 root disk 147,  0 sep  2 12:50 /dev/drbd0
brw-rw 1 root disk 147,  1 sep  2 12:50 /dev/drbd1
brw-rw 1 root disk 147, 10 sep  2 12:50 /dev/drbd10
brw-rw 1 root disk 147, 11 sep  2 12:48 /dev/drbd11
# id sid
uid=123(sid) gid=105(kvm) groups=105(kvm)

I run the machine as user sid (security_domain: sid), of course user sid
cannot open the drbd I don't think it should either.

I tested to see if this was the real problem, I changed group from disk to
kvm on the secondary node of sid and then did a migration without any
problem.

So...  looks like we are dropping privilege too soon and we move to the
security domain user before the drbd is opened, so we can't open it when it
is needed.

I don't know if this is a problem on ganeti's side or if it is related to
kvm, but I wanted to comment on it so that we can find a fix.

Thanks in advance.

-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ganeti depends on:
ii  adduser  3.118
ii  ganeti-3.0   3.0.1-2
ii  ganeti-haskell-3.0   3.0.1-2
ii  ganeti-htools-3.03.0.1-2
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  python3  3.9.2-3

Versions of packages ganeti recommends:
ii  drbd-utils   9.15.0-1
ii  fdisk2.36.1-8
ii  ganeti-instance-debootstrap  0.16-6.1
pn  ndisc6   
ii  qemu-system-x86  1:5.2+dfsg-11

Versions of packages ganeti suggests:
pn  blktap-dkms  
pn  ganeti-doc   
pn  molly-guard