On Thu, Dec 12, 2019 at 6:36 PM Milan Zamazal <mzama...@redhat.com> wrote: > > Strahil <hunter86...@yahoo.com> writes: > > > Why do you use 'all_squash' ? > > > > all_squashMap all uids and gids to the anonymous user. Useful for > > NFS-exported public FTP directories, news spool directories, etc. The > > opposite option is no_all_squash, which is the default setting. > > AFAIK all_squash,anonuid=36,anongid=36 is the recommended NFS setting > for oVirt and the only one guaranteed to work.
Any user which is not vdsm or in group kvm should not have access to storage, so all_squash is not needed. anonuid=36,anongid=36 is required only for root_squash, I think because libvirt is accessing storage as root. We probably need to add libvirt to kvm group like we do with sanlock, so we don't have to allow root access to storage. This how we allow sanlock access to vdsm managed storage. > Regards, > Milan > > > Best Regards, > > Strahil NikolovOn Dec 10, 2019 07:46, Tony Brian Albers <t...@kb.dk> wrote: > >> > >> On Mon, 2019-12-09 at 18:43 +0000, Robert Webb wrote: > >> > To add, the 757 permission does not need to be on the .lease or the > >> > .meta files. > >> > > >> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2QV3PUEJCJW5DZ54DLAOGAA/ > >> > >> Good morning, > >> > >> Check SELinux just in case. > >> > >> Here's my config: > >> > >> NFS server: > >> /etc/exports: > >> /data/ovirt > >> *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) > >> > >> Folder: > >> [root@kst001 ~]# ls -ld /data/ovirt > >> drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt > >> > >> Subfolders: > >> [root@kst001 ~]# ls -l /data/ovirt/* > >> -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__ > >> > >> /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0: > >> total 4 > >> drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md > >> drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images > >> drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master > >> [root@kst001 ~]# > >> > >> > >> The user: > >> [root@kst001 ~]# id vdsm > >> uid=36(vdsm) gid=36(kvm) groups=36(kvm) > >> [root@kst001 ~]# > >> > >> And output from 'mount' on a host: > >> kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs > >> (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock, > >> nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr=<nfs- > >> server- > >> ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr=<nfs > >> -server-ip>) > >> > >> > >> HTH > >> > >> /tony > >> _______________________________________________ > >> Users mailing list -- users@ovirt.org > >> To unsubscribe send an email to users-le...@ovirt.org > >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > >> oVirt Code of Conduct: > >> https://www.ovirt.org/community/about/community-guidelines/ > >> List Archives: > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S67PH5TOZZ6ZAD6KMVA3G6/ > > _______________________________________________ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z5XPTK5B4KTITNDRFKR3C7TQYUXQTC4A/ > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/TSSPIUYPPGSAS5TUV3GUWMWNIGGIB2NF/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CO4UFLVDTSLO5S3XPA4PYXG3OGUSHSVP/
