Tuesday, October 23, 2012

KVM file permissions

Recently I have been testing CentOS 6 with libvirt & KVM. My goal is to set up a cluster of servers and enable migration between them without shared storage.

This seems possible but I hit a roadblock with file permissions. I am using a directory pool but any newly created file is assigned the permissions 0600 and owned by root:cso (cso is the group that all the sysadmins are in). The XML schema for libvirt pools allows me to specify a mode, owner & group but they don't seem to be honoured when the file is created.

My workaround to this problem was to create a hook which runs when a virtual machine is started. This gives me a chance to change the permissions to the correct values. The libvirt hooks are not widely publicised but at least on CentOS 6, you create the file and it just works. See http://libvirt.org/hooks.html

The basic skeleton for my hook is:
/etc/libvirt/hooks/qemu

#!/bin/bash
if [ "$2" = "prepare" -a "$3" = "begin" ] ; then
   # Fix the permissions
fi
exit 0


The next headache is that I don't know which disks are needed for this virtual machine. This info is provided on stdin but it is in XML which is not easy for bash to process.

My solution to this was to use XSLT to transform the XML into a bash script.
I have never used XSLT before so there was a fair amount of guessing involved. The output of xsltproc always has an XML header which I strip off with grep. The output is logged to syslog with the logger command. The final hook script looks like this:
/etc/libvirt/hooks/qemu
#!/bin/bash
if [ "$2" = "prepare" -a "$3" = "begin" ] ; then
   /usr/bin/xsltproc /etc/libvirt/hooks/qemu.hook.xsl - | \
      grep -v '?xml' | \
      sh -x | logger
fi
exit 0

As for the XSL, I am no expert but I got it working. I could not work out how to correctly escape the values of the file names so there could be a nasty surprise in there if you don't trust your users.

/etc/libvirt/hooks/qemu.hook.xsl 
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:for-each select="domain/devices/disk/source">
chown qemu:cso '<xsl:value-of select="@file"/>'
chmod 0660 '<xsl:value-of select="@file"/>'
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>


25 comments:

  1. translate(@file, '/ \:', '____') or something along those lines would get rid of some of the trickier characters (can also use character entities to specify, iirc).

    ReplyDelete
  2. This article gives a lot to think about. Lola

    ReplyDelete
  3. Surpassing Article, This post contains great in sequence about this topic. Can you please do a more additional post like from this blog and Thank you much more for sharing this useful info. Best essay writing service delivers high-value content related to experience. We have experienced experts who someone writes my essay hold the highest degree qualifications and have vast years of helping the scholars.

    ReplyDelete
  4. Hey! My name is Eshley and I am professional writer! I know a lot about writing process, education, good articles and so on. When I was a student, I have lots of tasks, home assignments and coped with them great, even I had much free time, so tried to help my classmates, so later I decided to enter master degree in education and become a professional writer, so you can ask me for help, and I will definitely conduct instead of you, your home assignments, at my cheap-papers writing platform which you can find simply following the link - https://cheap-papers.com/write-my-discussion-board-post.php you can find already pre written papers or simply order some of them.

    ReplyDelete
  5. Your blog is informative for me. I study economics at university. I want to recommend you use business essay writing. This service is very useful for me.

    ReplyDelete
  6. شركة نقل عفش تقوم الشركه بنقل الأثاث داخل شاحنات مغلقه لضمان اقصى حماية للأثاث اثناء عملية النقل , فالشركه لديها اسطول كبير من السيارات التى تضمن السرعه والجوده فى نقل الأثاث من والى جمع انحاء المملكه, والشركه ايضاً لديها طاقم من افضل الفنيين والعمال المتخصصين فى نقل الأثاث وتغليفه لحمايته الصدمات والتلف فالشركه هدفها الأول والأخير هو رضاء عملائها

    ReplyDelete
  7. برخورداری از اقلیم مناسب، آب و هوای معتدل و نزدیکی به کوه های البرز در کنار ساخت و ساز های آپارتمان نشینی و همچنین ایجاد شهرک های صنعتی آن را تبدیل به موقعیت مناسبی برای زندگی کردن و همچنین کسب درآمد نموده است. از این رو در سال های اخیر شاهد رشد جمعیت و مهاجرت از شهرهای اطراف به خصوص تهران به این شهرستان پهناور می باشیم.
    آپارتمان کرج

    ReplyDelete
  8. There are certainly a lot of details like that to take into consideration. That is a great point to bring up. I offer the thoughts above as general inspiration but clearly there are questions like the one you bring up where the most important thing will be working in honest good faith. I don?t know if best practices have emerged around things like that, but I am sure that your job is clearly identified as a fair game. Both boys and girls feel the impact of just a moment’s pleasure, for the rest of their lives.

    110designs.com
    Information
    Click Here
    Visit Web

    ReplyDelete
  9. The site is dedicated to showcasing the most recent and cutting-edge technological advancements since 2005. AtozTopNews provides everything you need, from top-of-the-line tech equipment to the most current technological trends in lifestyle. Innovative, insightful and contemporary, AtoztopNews brings you to devise reviews and information you can trust, along with thought-provoking and insightful comments. AtoztopNews loves gadgets as well as the technologies that make devices go. They write about technology in a manner that everybody can relate to. They've created lists to help you determine which gadgets are essential (or do not need), from design interface to practicality and competition.

    ReplyDelete
  10. Bonus pendaftaran ini tidak hanya untuk slot saja, kami juga memberikan bonus untuk permainan lainnya seperti judi bola, live casino, poker online dan masih banyak lagi. Bonus ini bervariasi, mulai dari 10% untuk judi bola sampai dengan 100% untuk judi slot online. Ini berarti jika Anda mendaftar untuk bermain slot dan melakukan deposit 100 ribu maka Anda akan mendapat 200 ribu pada akun Anda.Slot online

    ReplyDelete
  11. s your reliable news source of everything that you need to know about what is going on in the military community Gadgetbox

    ReplyDelete
  12. The site is dedicated to showcasing the most recent and cutting-edge technological advancements Gadgetbox

    ReplyDelete
  13. Get the best air duct cleaning service in Surprise from https://www.airanddryerventcleaningsurprise.com. Anyway, I used to create files like this one before for local SEO purposes. I'm not sure if this is still relevant today.

    ReplyDelete
  14. This is just the information I am finding everywhere. Thanks for your blog, I just subscribe your blog. This is a nice blog.
    ARET 0.05%

    ReplyDelete
  15. หากว่าคุณเป็นคนหนึ่งที่พึงพอใจสำหรับการพนันเงินสล็อต วันนี้เรามี สูตรสล็อตแจกฟรี ที่ทำให้ผู้เล่นนั้นรู้สึกถึงการเดิมพันได้อย่างแน่ใจสำหรับเพื่อการที่เข้ามาเล่นเกมในเว็บของเรา เนื่องจากว่าทางเว็บได้มีการเสนอสิ่งที่ดี ให้กับคุณได้มากที่สุด ยกตัวอย่างเช่น การบริการเกี่ยวกับปัญหาด้วยความเร็ว สูตรสแกนสล็อต

    ReplyDelete
  16. Appreciating the persistence you put into your blog and the detailed information you provide. www.contractorlethbridge.com

    ReplyDelete
  17. Great post list, I really appreciate your effort. You shared a great guide. Drywall Contractor

    ReplyDelete
  18. Thanks for sharing this article ! it's really useful
    Plastic Surgeon Scottsdale

    ReplyDelete
  19. Quantitative Reasoning: Mathematics helps individuals develop quantitative reasoning skills, which involve understanding and interpreting numerical and statistical information play online. It enables people to make informed decisions, analyze data, and solve real-world problems in various fields such as finance, science, engineering, and economics.

    ReplyDelete