[libvirt] Question about verifying same uid:gid in src and dstfor live migration

[Fei Li]

Hi Daniel,

On 05/09/2018 03:55 PM, Daniel P. Berrangé wrote:
> On Wed, May 09, 2018 at 01:45:53PM +0800, Fei Li wrote:
>> Hi,
>>
>> When I do live migration using virsh command line based on NFS shared
>> storage between two systems
>> having the same security mechanism and having the same kvm/qemu/libvirt
>> version, I encounter the
>> following error:
>>
>> debug : qemuMonitorJSONIOProcessLine:193 : Line [{"timestamp": {"seconds": 1524893525, "microseconds": 522686},
>> "event": "BLOCK_IO_ERROR", "data": {"device": "drive-virtio-disk0", "nospace": false, "node-name": "#block120",
>> "reason": "Permission denied", "operation": "write", "action": "report"}}]
>> ...
>> error: internal error: qemu unexpectedly closed the monitor:
>> qemu-system-x86_64: load of migration failed: Input/output error
>> ...
>>
>> According to the "Permission denied" && "write" information, I find the
>> below 2 ways can fix this error:
>> - Change the mode of guest's .qcow2 file from 644 to 646
> Absolutely no - any process or user that can access the mount can
> then compromise your disk images
Right, this should not be a fix. :)
>
>> - Keep qemu's uid the same one between src host and dst host (They are not
>> same before I change them)
> You *must* have the same uid+gid between source and dest hosts
>
>> After confirming that keeping qemu's uid identical between src host and dst
>> host can fix such issue,
>> my question is whether a fix in libvirt should be pursued or just document
>> the requirement for same
>> uid:gid across host systems in a migration cluster is ok?
> In Fedora and RHEL at least the system is setup so that these users get
> a fixed uid:gid upon installation to avoid this kind of problem.
Thanks for the "fixed uid:gid" advice, this helps a lot.

Have a nice day, thanks again
Fei
>
> Regards,
> Daniel