Public bug reported:
Maybe wishlist: it would be nice to have GlusterFS client mounts in an
unprivileged container.
Tested with LXD 2.0.0 and glusterfs 3.7.6 (i.e. Xenial without any PPA)
on an LXD container with the same versions and fuse enabled in the
profile.
Currently, trying a mount in an unprivileged container results in the following:
/usr/bin/fusermount-glusterfs: mount failed: Operation not permitted
Mount failed. Please check the log file for more details.
The log shows:
[2016-05-19 19:29:47.683013] I [MSGID: 100030] [glusterfsd.c:2318:main]
0-/usr/sbin/glusterfs: Started running /usr/sbin/glusterfs version 3.7.6 (args:
/usr/sbin/glusterfs --volfile-server=10.1.0.3 --volfile-id=/backuppc
/srv/backuppc)
[2016-05-19 19:29:47.684158] E [mount.c:318:fuse_mount_sys] 0-glusterfs-fuse:
ret = -1
[2016-05-19 19:29:47.684269] I [mount.c:365:gf_fuse_mount] 0-glusterfs-fuse:
direct mount failed (Operation not permitted) errno 1, retry to mount via
fusermount
[2016-05-19 19:29:47.685970] E [mount.c:373:gf_fuse_mount] 0-glusterfs-fuse:
mount of 10.1.0.3:/backuppc to /srv/backuppc
(default_permissions,allow_other,max_read=131072) failed
[2016-05-19 19:29:47.686509] E [MSGID: 100025] [glusterfsd.c:2141:daemonize]
0-daemonize: mount failed
[2016-05-19 19:29:47.690507] I [MSGID: 101190]
[event-epoll.c:632:event_dispatch_epoll_worker] 0-epoll: Started thread with
index 1
[2016-05-19 19:29:47.711689] I [MSGID: 101190]
[event-epoll.c:632:event_dispatch_epoll_worker] 0-epoll: Started thread with
index 2
[2016-05-19 19:29:47.712298] I [MSGID: 114020] [client.c:2118:notify]
0-backuppc-client-0: parent translators are ready, attempting connect on
transport
[2016-05-19 19:29:47.713374] I [MSGID: 114020] [client.c:2118:notify]
0-backuppc-client-1: parent translators are ready, attempting connect on
transport
Final graph:
+------------------------------------------------------------------------------+
1: volume backuppc-client-0
2: type protocol/client
3: option ping-timeout 42
4: option remote-host gluster1
5: option remote-subvolume /srv/aec/backuppc
6: option transport-type socket
7: option send-gids true
8: end-volume
9:
10: volume backuppc-client-1
11: type protocol/client
12: option ping-timeout 42
13: option remote-host gluster2
14: option remote-subvolume /srv/aec/backuppc
15: option transport-type socket
16: option send-gids true
17: end-volume
18:
19: volume backuppc-replicate-0
20: type cluster/replicate
[2016-05-19 19:29:47.714077] I [rpc-clnt.c:1847:rpc_clnt_reconfig]
0-backuppc-client-1: changing port to 49152 (from 0)
21: subvolumes backuppc-client-0 backuppc-client-1
22: end-volume
[2016-05-19 19:29:47.714373] I [rpc-clnt.c:1847:rpc_clnt_reconfig]
0-backuppc-client-0: changing port to 49152 (from 0)
23:
24: volume backuppc-dht
25: type cluster/distribute
26: subvolumes backuppc-replicate-0
27: end-volume
28:
29: volume backuppc-write-behind
30: type performance/write-behind
31: subvolumes backuppc-dht
32: end-volume
33:
34: volume backuppc-read-ahead
35: type performance/read-ahead
36: subvolumes backuppc-write-behind
37: end-volume
38:
39: volume backuppc-readdir-ahead
40: type performance/readdir-ahead
41: subvolumes backuppc-read-ahead
42: end-volume
43:
44: volume backuppc-io-cache
45: type performance/io-cache
46: subvolumes backuppc-readdir-ahead
47: end-volume
48:
49: volume backuppc-quick-read
50: type performance/quick-read
51: subvolumes backuppc-io-cache
52: end-volume
53:
54: volume backuppc-open-behind
55: type performance/open-behind
56: subvolumes backuppc-quick-read
57: end-volume
58:
59: volume backuppc-md-cache
60: type performance/md-cache
61: subvolumes backuppc-open-behind
62: end-volume
63:
64: volume backuppc
65: type debug/io-stats
66: option latency-measurement off
67: option count-fop-hits off
68: subvolumes backuppc-md-cache
69: end-volume
70:
71: volume meta-autoload
72: type meta
73: subvolumes backuppc
74: end-volume
75:
+------------------------------------------------------------------------------+
[2016-05-19 19:29:47.715475] I [MSGID: 114057]
[client-handshake.c:1437:select_server_supported_programs] 0-backuppc-client-1:
Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2016-05-19 19:29:47.715744] I [MSGID: 114046]
[client-handshake.c:1213:client_setvolume_cbk] 0-backuppc-client-1: Connected
to backuppc-client-1, attached to remote volume '/srv/aec/backuppc'.
[2016-05-19 19:29:47.715800] I [MSGID: 114047]
[client-handshake.c:1224:client_setvolume_cbk] 0-backuppc-client-1: Server and
Client lk-version numbers are not same, reopening the fds
[2016-05-19 19:29:47.715885] I [MSGID: 108005] [afr-common.c:3841:afr_notify]
0-backuppc-replicate-0: Subvolume 'backuppc-client-1' came back up; going
online.
[2016-05-19 19:29:47.715957] I [MSGID: 114035]
[client-handshake.c:193:client_set_lk_version_cbk] 0-backuppc-client-1: Server
lk version = 1
[2016-05-19 19:29:47.716049] I [MSGID: 114057]
[client-handshake.c:1437:select_server_supported_programs] 0-backuppc-client-0:
Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2016-05-19 19:29:47.716475] I [MSGID: 114046]
[client-handshake.c:1213:client_setvolume_cbk] 0-backuppc-client-0: Connected
to backuppc-client-0, attached to remote volume '/srv/aec/backuppc'.
[2016-05-19 19:29:47.716508] I [MSGID: 114047]
[client-handshake.c:1224:client_setvolume_cbk] 0-backuppc-client-0: Server and
Client lk-version numbers are not same, reopening the fds
[2016-05-19 19:29:47.720527] I [fuse-bridge.c:5137:fuse_graph_setup] 0-fuse:
switched to graph 0
[2016-05-19 19:29:47.720672] I [MSGID: 114035]
[client-handshake.c:193:client_set_lk_version_cbk] 0-backuppc-client-0: Server
lk version = 1
[2016-05-19 19:29:47.720708] I [fuse-bridge.c:4984:fuse_thread_proc] 0-fuse:
unmounting /srv/backuppc
[2016-05-19 19:29:47.721069] W [glusterfsd.c:1236:cleanup_and_exit]
(-->/lib/x86_64-linux-gnu/libpthread.so.0(+0x76fa) [0x7fba742286fa]
-->/usr/sbin/glusterfs(glusterfs_sigwaiter+0xdd) [0x40810d]
-->/usr/sbin/glusterfs(cleanup_and_exit+0x4d) [0x407f8d] ) 0-: received signum
(15), shutting down
[2016-05-19 19:29:47.721143] I [fuse-bridge.c:5683:fini] 0-fuse: Unmounting
'/srv/backuppc'.
A privileged container gives no error and the log shows:
2016-05-19 19:32:18.319128] I [MSGID: 100030] [glusterfsd.c:2318:main]
0-/usr/sbin/glusterfs: Started running /usr/sbin/glusterfs version 3.7.6 (args:
/usr/sbin/glusterfs --volfile-server=10.1.0.3 --volfile-id=/backuppc
/srv/backuppc)
[2016-05-19 19:32:18.328612] I [MSGID: 101190]
[event-epoll.c:632:event_dispatch_epoll_worker] 0-epoll: Started thread with
index 1
[2016-05-19 19:32:18.350087] I [MSGID: 101190]
[event-epoll.c:632:event_dispatch_epoll_worker] 0-epoll: Started thread with
index 2
[2016-05-19 19:32:18.350855] I [MSGID: 114020] [client.c:2118:notify]
0-backuppc-client-0: parent translators are ready, attempting connect on
transport
[2016-05-19 19:32:18.351606] I [MSGID: 114020] [client.c:2118:notify]
0-backuppc-client-1: parent translators are ready, attempting connect on
transport
Final graph:
+------------------------------------------------------------------------------+
1: volume backuppc-client-0
2: type protocol/client
3: option ping-timeout 42
4: option remote-host gluster1
5: option remote-subvolume /srv/aec/backuppc
6: option transport-type socket
7: option send-gids true
8: end-volume
9:
10: volume backuppc-client-1
11: type protocol/client
12: option ping-timeout 42
13: option remote-host gluster2
14: option remote-subvolume /srv/aec/backuppc
15: option transport-type socket
[2016-05-19 19:32:18.352364] I [rpc-clnt.c:1847:rpc_clnt_reconfig]
0-backuppc-client-1: changing port to 49152 (from 0)
16: option send-gids true
17: end-volume
18:
19: volume backuppc-replicate-0
[2016-05-19 19:32:18.352514] I [rpc-clnt.c:1847:rpc_clnt_reconfig]
0-backuppc-client-0: changing port to 49152 (from 0)
20: type cluster/replicate
21: subvolumes backuppc-client-0 backuppc-client-1
22: end-volume
23:
24: volume backuppc-dht
25: type cluster/distribute
26: subvolumes backuppc-replicate-0
27: end-volume
28:
29: volume backuppc-write-behind
30: type performance/write-behind
31: subvolumes backuppc-dht
32: end-volume
33:
34: volume backuppc-read-ahead
35: type performance/read-ahead
36: subvolumes backuppc-write-behind
37: end-volume
38:
39: volume backuppc-readdir-ahead
40: type performance/readdir-ahead
41: subvolumes backuppc-read-ahead
42: end-volume
43:
44: volume backuppc-io-cache
45: type performance/io-cache
46: subvolumes backuppc-readdir-ahead
47: end-volume
48:
49: volume backuppc-quick-read
50: type performance/quick-read
51: subvolumes backuppc-io-cache
52: end-volume
53:
54: volume backuppc-open-behind
55: type performance/open-behind
56: subvolumes backuppc-quick-read
57: end-volume
58:
59: volume backuppc-md-cache
60: type performance/md-cache
61: subvolumes backuppc-open-behind
62: end-volume
63:
64: volume backuppc
65: type debug/io-stats
66: option latency-measurement off
67: option count-fop-hits off
68: subvolumes backuppc-md-cache
69: end-volume
70:
71: volume meta-autoload
72: type meta
73: subvolumes backuppc
74: end-volume
75:
+------------------------------------------------------------------------------+
[2016-05-19 19:32:18.354106] I [MSGID: 114057]
[client-handshake.c:1437:select_server_supported_programs] 0-backuppc-client-1:
Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2016-05-19 19:32:18.354437] I [MSGID: 114046]
[client-handshake.c:1213:client_setvolume_cbk] 0-backuppc-client-1: Connected
to backuppc-client-1, attached to remote volume '/srv/aec/backuppc'.
[2016-05-19 19:32:18.354485] I [MSGID: 114047]
[client-handshake.c:1224:client_setvolume_cbk] 0-backuppc-client-1: Server and
Client lk-version numbers are not same, reopening the fds
[2016-05-19 19:32:18.354630] I [MSGID: 108005] [afr-common.c:3841:afr_notify]
0-backuppc-replicate-0: Subvolume 'backuppc-client-1' came back up; going
online.
[2016-05-19 19:32:18.354680] I [MSGID: 114035]
[client-handshake.c:193:client_set_lk_version_cbk] 0-backuppc-client-1: Server
lk version = 1
[2016-05-19 19:32:18.354728] I [MSGID: 114057]
[client-handshake.c:1437:select_server_supported_programs] 0-backuppc-client-0:
Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2016-05-19 19:32:18.356872] I [MSGID: 114046]
[client-handshake.c:1213:client_setvolume_cbk] 0-backuppc-client-0: Connected
to backuppc-client-0, attached to remote volume '/srv/aec/backuppc'.
[2016-05-19 19:32:18.356915] I [MSGID: 114047]
[client-handshake.c:1224:client_setvolume_cbk] 0-backuppc-client-0: Server and
Client lk-version numbers are not same, reopening the fds
[2016-05-19 19:32:18.364149] I [fuse-bridge.c:5137:fuse_graph_setup] 0-fuse:
switched to graph 0
[2016-05-19 19:32:18.364521] I [MSGID: 114035]
[client-handshake.c:193:client_set_lk_version_cbk] 0-backuppc-client-0: Server
lk version = 1
[2016-05-19 19:32:18.364568] I [fuse-bridge.c:4030:fuse_init] 0-glusterfs-fuse:
FUSE inited with protocol versions: glusterfs 7.22 kernel 7.23
** Affects: lxd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1583765
Title:
Mounting GlusterFS in LXD requires privileged container
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1583765/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
