问题分析:
这个问题的原因从CloudStack日志文件里面很难找出如何解决该问题的出口,这个问题从上面的日志分析,不管是从Cloudstack管理节点还是安装代理软件的KVM节点,问题大概出现在主存储上面,但是又并不是权限的问题。
查看存储节点NFS的配置文件:
[root@storage252 ~]# cat /etc/exports
/primary *(rw,async,no_root_squash)
/secondary *(rw,async,no_root_squash)
[root@storage252 ~]# ll /primary/ /secondary/ -d
drwxrwxrwx 3 root root 4096 Aug 14 09:09 /primary/
drwxrwxrwx 3 root root 4096 Aug 13 18:33 /secondary/
[root@storage252 ~]# service nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 26157) is running...
nfsd (pid 26222 26221 26220 26219 26218 26217 26216 26215) is running...
rpc.rquotad (pid 26153) is running...
[root@storage252 ~]# exportfs
/primary <world>
/secondary <world>
可以看出NFS服务器的配置文件跟导出的目录均没有问题。
手动挂载NFS导出的目录到KVM 主机上
[root@kvm01 ~]# showmount -e 192.168.150.252
Export list for 192.168.150.252:
/secondary *
/primary *
[root@kvm01 ~]# mkdir /mnt/1
[root@kvm01 ~]# mkdir /mnt/2
[root@kvm01 ~]# mount -t nfs 192.168.150.252:/primary /mnt/1
[root@kvm01 ~]# mount -t nfs 192.168.150.252:/secondary /mnt/2
[root@kvm01 ~]# ll /mnt/
total 8
drwxrwxrwx. 3 nobody nobody 4096 Aug 14 09:09 1
drwxrwxrwx. 3 nobody nobody 4096 Aug 13 18:33 2
创建目录查看权限是否没有限制
[root@kvm01 ~]# touch /mnt/1/test1
[root@kvm01 ~]# touch /mnt/2/test1
[root@kvm01 ~]# ll /mnt/1/
total 1
-rw-r--r--. 1 nobody nobody 0 Aug 14 09:35 test1
[root@kvm01 ~]# ll /mnt/2/
total 1
-rw-r--r--. 1 nobody nobody 0 Aug 14 09:35 test1
可以看出KVM主机对主存储跟二级存储目录均有可写权限。而且日志中也没有显示Operation xxx的报错。
但是可以发现挂载到KVM 主机上面的NFS目录的属主跟属组都是nobody,而我们在NFS服务器上面设置了no_root_squash参数,表明客户端使用root用户创建的文件的权限也应该是root.root,而非nobody.nobody。
从而去查看两个节点的系统日志文件,/var/log/message
Cloudstack Management:
Aug 13 16:50:25 storage252 rpc.idmapd[19778]: nss_getpwnam: name '0' does not map into domain 'clovem.com'
Aug 13 16:50:25 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
Aug 13 16:55:54 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
Aug 13 17:00:56 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
Aug 13 17:06:24 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
Aug 13 17:11:54 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
Aug 13 17:17:24 storage252 rpc.idmapd[19778]: nss_getpwnam: name 'root@sjcloud.cn' does not map into domain 'clovem.com'
KVM Host(Cloudstack Aent):
Aug 13 15:23:35 kvm01 kernel: FS-Cache: Netfs 'nfs' registered for caching
2333 Aug 13 15:23:35 kvm01 nfsidmap[13080]: nss_getpwnam: name 'root@clovem.com' does not map into domain 'sjcloud.cn'
2334 Aug 13 15:26:48 kvm01 kernel: NFS: v4 server 192.168.150.252 does not accept raw uid/gids. Reenabling the idmapper.
2335 Aug 13 15:37:22 kvm01 kernel: lo: Disabled Privacy Extensions
2336 Aug 13 15:40:33 kvm01 gnome-session[17824]: WARNING: GSIdleMonitor: IDLETIME counter not found
2337 Aug 13 15:40:33 kvm01 gnome-session[17824]: WARNING: Unable to determine session: Unable to lookup session information for process '17824'