Details
-
Type:
Bug
-
Status: Verified
-
Priority:
Major
-
Resolution: Fixed
-
Fix Version/s: Vz7.0-Update1
-
Component/s: Containers::Kernel
-
Security Level: Public
Description
>Description of problem: I am working with containers. I install GlusterFS on three containers (Debian 8) to have a synchronized version of my website files. I will have a load balancer on another container that forwards http requests to these three containers. When I go to create a GlusterFS volume, an error about extended attributes is displayed.
According to my knowledge, use of extended attributes and others commands like mount, need the SYS_ADMIN capability. According to official doc (https://docs.openvz.org/openvz_users_guide.webhelp/_linux_specific_capabilities.html) this capability is off by default. Then i try to activate this capability:
1. Official doc (https://docs.openvz.org/openvz_users_guide.webhelp/_available_capabilities_for_containers.html) explains that I have to use vzctl set command. It does not specify that I have to use --capability and vzctl manual neither. So, when I use vzctl set with --capability it displays only a message with a warning that explains that option --capability is deprecated. Then I try to create the GlusterFS volume with "supposedly" sys_admin capability but I continue receiving the same error.
2. I try to activate SYS_CAPABILITY with prlctl set with --capability option although it is not specified in official doc and prlctl manual neither. Now, I received a message indicating that capability was activated succesfully.
Then I try to create the gluster volume and I get the same error about extended attributes. Too, I tried to set extended attributes manually and I recive an error with "Operation not permitted".
Too I tried to specify the user_xattr option to partition /vz in /etc/fstab file, but It did not work.
Too I followed this steps (https://wiki.openvz.org/FUSE) but It did not work.
>How reproducible:
>Steps to Reproduce:
1. vzctl set <container> --devices c:10:229:rw –save
2. vzctl exec <nombre container> mknod /dev/fuse c 10 229
3. apt-get -y install glusterfs-server
4. gluster peer probe <container to peer>
5. mkdir /gluster-storage
6. gluster volume create <volume name to create> replica <number of replicas> transport tcp <IPContainer1>:<DirectoryToSyncronize> <IPContainer1>:<DirectoryToSyncronize> force
>Actual results: volume create: volume1: failed: Glusterfs is not supported on brick. Setting extended attributes failed, reason : Operation not permitted
>Expected results: be able to set extended attributes
>Host OS: OpenVZ 7.0
>Guest OS: Debian 8
>Additional info (see https://openvz.org/Reporting_OpenVZ_problem):
Too I tried to set extended attributes manually after activate the SYS_ADMIN capability but "Operation not permitted"
Steps to reproduce:
1. touch a
2. setfattr -n trusted.foo1 -v "bar" a
Result:
setfattr: a: Operation not permitted
According to my knowledge, use of extended attributes and others commands like mount, need the SYS_ADMIN capability. According to official doc (https://docs.openvz.org/openvz_users_guide.webhelp/_linux_specific_capabilities.html) this capability is off by default. Then i try to activate this capability:
1. Official doc (https://docs.openvz.org/openvz_users_guide.webhelp/_available_capabilities_for_containers.html) explains that I have to use vzctl set command. It does not specify that I have to use --capability and vzctl manual neither. So, when I use vzctl set with --capability it displays only a message with a warning that explains that option --capability is deprecated. Then I try to create the GlusterFS volume with "supposedly" sys_admin capability but I continue receiving the same error.
2. I try to activate SYS_CAPABILITY with prlctl set with --capability option although it is not specified in official doc and prlctl manual neither. Now, I received a message indicating that capability was activated succesfully.
Then I try to create the gluster volume and I get the same error about extended attributes. Too, I tried to set extended attributes manually and I recive an error with "Operation not permitted".
Too I tried to specify the user_xattr option to partition /vz in /etc/fstab file, but It did not work.
Too I followed this steps (https://wiki.openvz.org/FUSE) but It did not work.
>How reproducible:
>Steps to Reproduce:
1. vzctl set <container> --devices c:10:229:rw –save
2. vzctl exec <nombre container> mknod /dev/fuse c 10 229
3. apt-get -y install glusterfs-server
4. gluster peer probe <container to peer>
5. mkdir /gluster-storage
6. gluster volume create <volume name to create> replica <number of replicas> transport tcp <IPContainer1>:<DirectoryToSyncronize> <IPContainer1>:<DirectoryToSyncronize> force
>Actual results: volume create: volume1: failed: Glusterfs is not supported on brick. Setting extended attributes failed, reason : Operation not permitted
>Expected results: be able to set extended attributes
>Host OS: OpenVZ 7.0
>Guest OS: Debian 8
>Additional info (see https://openvz.org/Reporting_OpenVZ_problem):
Too I tried to set extended attributes manually after activate the SYS_ADMIN capability but "Operation not permitted"
Steps to reproduce:
1. touch a
2. setfattr -n trusted.foo1 -v "bar" a
Result:
setfattr: a: Operation not permitted
Attachments
Issue Links
- cloned to
-
-
- Verified
-