You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Nicolas Bouige <n....@dimsi.fr> on 2017/01/02 12:38:58 UTC
RE: SSVM add new SecStr
Hello Dag,
Thanks for the details.
i misconfigured the port on the switch...wrong VLAN :/
Now all works fine.
Thanks a lot for your help and i wish you an happy new year :)
Nicolas Bouige
DIMSI
cloud.dimsi.fr<http://www.cloud.dimsi.fr>
4, avenue Laurent Cely
Tour d’Asnière – 92600 Asnière sur Seine
T/ +33 (0)6 28 98 53 40
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : jeudi 29 décembre 2016 13:09:53
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Is your new secondary storage share is on a different server / appliance than your first secondary storage pool?
In short the best way to troubleshoot this is to increase logging verbosity on your NFS server and see if this highlights what the issue is.
One other thing to check is the actual folder permissions on the share (rather than the NFS ACLs) – can you e.g. briefly test what happens if you fully open this up (chmod –R 777 /folder…)?
We have also seen issues in the past where the user UID used by CloudStack – SSVM and hypervisors – is mismatched on additional secondary storage shares. In short connections come in from e.g. user UID 1000, which matches the permissions on the first secondary storage pool. However on the second share the permissions are set up for e.g. UID 1003 – and since inbound connections still use UID 1000 you have a permission mismatch. The cases I’ve seen have generally been when the new share is hosted on a new NFS server, otherwise this scenario would not normally apply. I believe various NFS flavours have ways of dealing with this though.
Hope this helps,
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 29/12/2016, 10:07, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hello Dag,
I tried yesterday but it can't connect the share to the SSVM...
Permission denied.
On the mgmt-server its okay and there are the same permission rules.
i added the ip range vlan-storage on the NFS Share
BR,
Nicolas Bouige
DIMSI
cloud.dimsi.fr<http://www.cloud.dimsi.fr>
4, avenue Laurent Cely
Tour d’Asnière – 92600 Asnière sur Seine
T/ +33 (0)6 28 98 53 40
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : mercredi 28 décembre 2016 20:21:14
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Can you mount the new secstorage share manually on the SSVM? If so can you write to it?
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 28/12/2016, 17:04, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hi Dag,
thanks for your answer,
Yes, i opened up the permissions to the full range IP management and storage vlan.
BR
Nicolas Bouige
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : mercredi 28 décembre 2016 17:19:24
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Have you opened up the permissions on your new secondary storage share to the full management IP range?
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 28/12/2016, 16:02, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hello All,
Im trying to add a new secondary storage on my cloudstack envoronment (4.7) but it seems to not working.
The SSVM works fine as i already have a SecStr configured and on the GUI VM is running and agent is up.
I checked my NFS by added it directly on the mgmt server and all works fine, i can create file..etc....
I used the script "/usr/local/cloud/systemvm/ssvm-check.sh" and the script see only one SecStr and i got an error :
the script doesn't have permission to create file.
I exported the NFS with "norootsquash" and as i said i can create file on it directly.
For information, the first SecStr is full, do you think there is a relation ?
Thanks for your help
BR,
Nicolas Bouige
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Re: SSVM add new SecStr
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Glad you found the problem, Happy New Year to you as well.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 02/01/2017, 12:38, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hello Dag,
Thanks for the details.
i misconfigured the port on the switch...wrong VLAN :/
Now all works fine.
Thanks a lot for your help and i wish you an happy new year :)
Nicolas Bouige
DIMSI
cloud.dimsi.fr<http://www.cloud.dimsi.fr>
4, avenue Laurent Cely
Tour d’Asnière – 92600 Asnière sur Seine
T/ +33 (0)6 28 98 53 40
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : jeudi 29 décembre 2016 13:09:53
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Is your new secondary storage share is on a different server / appliance than your first secondary storage pool?
In short the best way to troubleshoot this is to increase logging verbosity on your NFS server and see if this highlights what the issue is.
One other thing to check is the actual folder permissions on the share (rather than the NFS ACLs) – can you e.g. briefly test what happens if you fully open this up (chmod –R 777 /folder…)?
We have also seen issues in the past where the user UID used by CloudStack – SSVM and hypervisors – is mismatched on additional secondary storage shares. In short connections come in from e.g. user UID 1000, which matches the permissions on the first secondary storage pool. However on the second share the permissions are set up for e.g. UID 1003 – and since inbound connections still use UID 1000 you have a permission mismatch. The cases I’ve seen have generally been when the new share is hosted on a new NFS server, otherwise this scenario would not normally apply. I believe various NFS flavours have ways of dealing with this though.
Hope this helps,
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 29/12/2016, 10:07, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hello Dag,
I tried yesterday but it can't connect the share to the SSVM...
Permission denied.
On the mgmt-server its okay and there are the same permission rules.
i added the ip range vlan-storage on the NFS Share
BR,
Nicolas Bouige
DIMSI
cloud.dimsi.fr<http://www.cloud.dimsi.fr>
4, avenue Laurent Cely
Tour d’Asnière – 92600 Asnière sur Seine
T/ +33 (0)6 28 98 53 40
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : mercredi 28 décembre 2016 20:21:14
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Can you mount the new secstorage share manually on the SSVM? If so can you write to it?
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 28/12/2016, 17:04, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hi Dag,
thanks for your answer,
Yes, i opened up the permissions to the full range IP management and storage vlan.
BR
Nicolas Bouige
________________________________
De : Dag Sonstebo <Da...@shapeblue.com>
Envoyé : mercredi 28 décembre 2016 17:19:24
À : users@cloudstack.apache.org
Objet : Re: SSVM add new SecStr
Hi Nicolas,
Have you opened up the permissions on your new secondary storage share to the full management IP range?
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 28/12/2016, 16:02, "Nicolas Bouige" <n....@dimsi.fr> wrote:
Hello All,
Im trying to add a new secondary storage on my cloudstack envoronment (4.7) but it seems to not working.
The SSVM works fine as i already have a SecStr configured and on the GUI VM is running and agent is up.
I checked my NFS by added it directly on the mgmt server and all works fine, i can create file..etc....
I used the script "/usr/local/cloud/systemvm/ssvm-check.sh" and the script see only one SecStr and i got an error :
the script doesn't have permission to create file.
I exported the NFS with "norootsquash" and as i said i can create file on it directly.
For information, the first SecStr is full, do you think there is a relation ?
Thanks for your help
BR,
Nicolas Bouige
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue