Cannot create image from path

Community Support
1

Hi,

I have a qcow2 image on an external drive which is mounted as /mnt/sdh1
ownership is oneadmin:oneadmin and i can manually copy the file to /var/lib/one/datastores while logged in as oneadmin. But through sunstone it gives error:
“Error copying image in the datastore: Not allowed to copy image file /mnt/sdh1/cld_transfer/xxxx.qcow2”

oned.log:
Wed Jul 20 17:18:57 2016 [Z0][ImM][I]: Copying /mnt/sdh1/cld_transfer/xxxx.qcow2 to repository for image 48
Wed Jul 20 17:18:57 2016 [Z0][ReM][D]: Req:7920 UID:0 ImageAllocate result SUCCESS, 48
Wed Jul 20 17:18:57 2016 [Z0][AuM][D]: Message received: AUTHENTICATE SUCCESS 588 -

Wed Jul 20 17:18:57 2016 [Z0][ReM][D]: Req:9328 UID:0 ImageInfo invoked , 48
Wed Jul 20 17:18:57 2016 [Z0][ReM][D]: Req:9328 UID:0 ImageInfo result SUCCESS, "48<U…"
Wed Jul 20 17:18:58 2016 [Z0][ReM][D]: Req:432 UID:0 ImagePoolInfo invoked , -2, 0, -2000, -1
Wed Jul 20 17:18:58 2016 [Z0][ReM][D]: Req:432 UID:0 ImagePoolInfo result SUCCESS, "<IMAGE_POOL><…"
Wed Jul 20 17:18:58 2016 [Z0][ImM][I]: Command execution fail: /var/lib/one/remotes/datastore/fs/cp PERTX0RSSVZFUl9BQ1RJT05fREFUQT48SU1BR0U+PElEPjQ4PC9JRD48VUlEPjA8L1VJRD48R0lEPjA8L0dJRD48VU5BTUU+b25lYWRtaW48L1VOQU1FPjxHTkFNRT5vbmVhZG1pbjwvR05BTUU+PE5BTUU+RktNLUNsb2c8L05BTUU+PFBFUk1JU1NJT05TPjxPV05FUl9VPjE8L09XTkVSX1U+PE9XTkVSX00+MTwvT1dORVJfTT48T1dORVJfQT4wPC9PV05FUl9BPjxHUk9VUF9VPjA8L0dST1VQX1U+PEdST1VQX00+MDwvR1JPVVBfTT48R1JPVVBfQT4wPC9HUk9VUF9BPjxPVEhFUl9VPjA8L09USEVSX1U+PE9USEVSX00+MDwvT1RIRVJfTT48T1RIRVJfQT4wPC9PVEhFUl9BPjwvUEVSTUlTU0lPTlM+PFRZUEU+MDwvVFlQRT48RElTS19UWVBFPjA8L0RJU0tfVFlQRT48UEVSU0lTVEVOVD4xPC9QRVJTSVNURU5UPjxSRUdUSU1FPjE0NjkwMjQzMzc8L1JFR1RJTUU+PFNPVVJDRT48IVtDREFUQVtdXT48L1NPVVJDRT48UEFUSD48IVtDREFUQVsvbW50L3NkaDEvY2xkX3RyYW5zZmVyL0NyeXB0b1NJTV9TZW5zb3ItZmxhdC5xY293Ml1dPjwvUEFUSD48RlNUWVBFPjwhW0NEQVRBW3Fjb3cyXV0+PC9GU1RZUEU+PFNJWkU+NTEyMDA8L1NJWkU+PFNUQVRFPjQ8L1NUQVRFPjxSVU5OSU5HX1ZNUz4wPC9SVU5OSU5HX1ZNUz48Q0xPTklOR19PUFM+MDwvQ0xPTklOR19PUFM+PENMT05JTkdfSUQ+LTE8L0NMT05JTkdfSUQ+PFRBUkdFVF9TTkFQU0hPVD4tMTwvVEFSR0VUX1NOQVBTSE9UPjxEQVRBU1RPUkVfSUQ+MTAxPC9EQVRBU1RPUkVfSUQ+PERBVEFTVE9SRT5uZnNfaW1hZ2VzPC9EQVRBU1RPUkU+PFZNUz48L1ZNUz48Q0xPTkVTPjwvQ0xPTkVTPjxBUFBfQ0xPTkVTPjwvQVBQX0NMT05FUz48VEVNUExBVEU+PERFVl9QUkVGSVg+PCFbQ0RBVEFbaGRdXT48L0RFVl9QUkVGSVg+PERSSVZFUj48IVtDREFUQVtxY293Ml1dPjwvRFJJVkVSPjwvVEVNUExBVEU+PFNOQVBTSE9UUz48L1NOQVBTSE9UUz48L0lNQUdFPjxEQVRBU1RPUkU+PElEPjEwMTwvSUQ+PFVJRD4wPC9VSUQ+PEdJRD4wPC9HSUQ+PFVOQU1FPm9uZWFkbWluPC9VTkFNRT48R05BTUU+b25lYWRtaW48L0dOQU1FPjxOQU1FPm5mc19pbWFnZXM8L05BTUU+PFBFUk1JU1NJT05TPjxPV05FUl9VPjE8L09XTkVSX1U+PE9XTkVSX00+MTwvT1dORVJfTT48T1dORVJfQT4wPC9PV05FUl9BPjxHUk9VUF9VPjE8L0dST1VQX1U+PEdST1VQX00+MDwvR1JPVVBfTT48R1JPVVBfQT4wPC9HUk9VUF9BPjxPVEhFUl9VPjA8L09USEVSX1U+PE9USEVSX00+MDwvT1RIRVJfTT48T1RIRVJfQT4wPC9PVEhFUl9BPjwvUEVSTUlTU0lPTlM+PERTX01BRD48IVtDREFUQVtmc11dPjwvRFNfTUFEPjxUTV9NQUQ+PCFbQ0RBVEFbcWNvdzJdXT48L1RNX01BRD48QkFTRV9QQVRIPjwhW0NEQVRBWy92YXIvbGliL29uZS8vZGF0YXN0b3Jlcy8xMDFdXT48L0JBU0VfUEFUSD48VFlQRT4wPC9UWVBFPjxESVNLX1RZUEU+MDwvRElTS19UWVBFPjxTVEFURT4wPC9TVEFURT48Q0xVU1RFUlM+PElEPjA8L0lEPjwvQ0xVU1RFUlM+PFRPVEFMX01CPjM5NTE1MjM8L1RPVEFMX01CPjxGUkVFX01CPjMzODYxMTY8L0ZSRUVfTUI+PFVTRURfTUI+NTY1NDA4PC9VU0VEX01CPjxJTUFHRVM+PElEPjI8L0lEPjxJRD45PC9JRD48SUQ+MTA8L0lEPjxJRD4xMzwvSUQ+PElEPjE0PC9JRD48SUQ+MTU8L0lEPjxJRD4xOTwvSUQ+PElEPjIwPC9JRD48SUQ+MjE8L0lEPjxJRD4yMjwvSUQ+PElEPjIzPC9JRD48SUQ+MjQ8L0lEPjxJRD4yNTwvSUQ+PElEPjI2PC9JRD48SUQ+Mjc8L0lEPjxJRD4yODwvSUQ+PElEPjI5PC9JRD48SUQ+MzA8L0lEPjxJRD4zMTwvSUQ+PElEPjMyPC9JRD48SUQ+MzM8L0lEPjxJRD4zNDwvSUQ+PElEPjM3PC9JRD48SUQ+Mzg8L0lEPjxJRD4zOTwvSUQ+PElEPjQwPC9JRD48SUQ+NDE8L0lEPjxJRD40MjwvSUQ+PElEPjQzPC9JRD48SUQ+NDQ8L0lEPjwvSU1BR0VTPjxURU1QTEFURT48Q0xPTkVfVEFSR0VUPjwhW0NEQVRBW1NZU1RFTV1dPjwvQ0xPTkVfVEFSR0VUPjxESVNLX1RZUEU+PCFbQ0RBVEFbRklMRV1dPjwvRElTS19UWVBFPjxEU19NQUQ+PCFbQ0RBVEFbZnNdXT48L0RTX01BRD48TE5fVEFSR0VUPjwhW0NEQVRBW05PTkVdXT48L0xOX1RBUkdFVD48UkVTVFJJQ1RFRF9ESVJTPjwhW0NEQVRBWy9dXT48L1JFU1RSSUNURURfRElSUz48U0FGRV9ESVJTPjwhW0NEQVRBWy92YXIvdG1wXV0+PC9TQUZFX0RJUlM+PFRNX01BRD48IVtDREFUQVtxY293Ml1dPjwvVE1fTUFEPjwvVEVNUExBVEU+PC9EQVRBU1RPUkU+PC9EU19EUklWRVJfQUNUSU9OX0RBVEE+ 48
Wed Jul 20 17:18:58 2016 [Z0][ImM][E]: cp: Not allowed to copy images from /var/lib/one/ /etc/one/ /var/lib/one/ /
Wed Jul 20 17:18:58 2016 [Z0][ImM][E]: Not allowed to copy image file /mnt/sdh1/cld_transfer/xxxx.qcow2
Wed Jul 20 17:18:58 2016 [Z0][ImM][I]: ExitCode: 255
Wed Jul 20 17:18:58 2016 [Z0][ImM][E]: Error copying image in the datastore: Not allowed to copy image file /mnt/sdh1/cld_transfer/xxxx.qcow2

[root@node01 cld_transfer]# pwd
/mnt/sdh1/cld_transfer
[root@node01 cld_transfer]# ll -a
total 19729984
drwxr-xr-x 2 oneadmin oneadmin 40 Jul 20 16:43 .
drwxr-xr-x 3 oneadmin oneadmin 25 Jul 20 16:42 …
-rwxr-xr-x 1 oneadmin oneadmin 20203503616 Jul 20 16:53 xxxx.qcow2

Any idea what i’m missing and how to fix it?

Thanks,
Orhan

2

changed mountpoint and tried through CLI:
[oneadmin@node01 ~]$ oneimage create -d 101 --name Clog_test --type OS --prefix hd --driver qcow2 --path /home/aktarim/cld_transfer/xxxx.qcow2 --persistent

but no luck… the very same error again…

[oneadmin@node01 ~]$ onedatastore list
ID NAME SIZE AVAIL CLUSTERS IMAGES TYPE DS TM STAT
100 nfs_system 3.8T 85% 0 0 sys - shared on
101 nfs_images 3.8T 85% 0 33 img fs qcow2 on

3

It’s somehow incorrectly assuming the image source location as a RESTRICTED_DIRS. As a way around I’ve had to change the control line in the code: check_restricted $SRC -eq 1

And it worked… Fyi…

Kind regards,
Orhan

4

Hi,

The way I see it, check_restricted is working as it should. It looks like your datastore has RESTRICTED_DIRS set to “/”, the default value.

5

Hello,
Have a similar problem,

Error executing image transfer script: Error copying opennebula:/var/lib/one//datastores/1/290167b06398c9b40e59d76228b9bd5f to 192.168.0.151:/var/lib/one//datastores/0/0/disk.0

I have used 192.168.0.151 as a node-kvm, and the rule ssh-copy image.

Well, the problem was the level right the /var/lib/one/.ssh directory
and /var/lib/one/.ssh/authrized_keys

Do it on the all servers

-rwxr–r-- 1 oneadmin oneadmin 401 июл 18 17:17 authorized_keys
-rw------- 1 oneadmin oneadmin 1679 июл 18 17:16 id_rsa
-rw-r–r-- 1 oneadmin oneadmin 401 июл 18 17:16 id_rsa.pub
-rw-r–r-- 1 oneadmin oneadmin 376 июл 20 17:51 known_hosts

with b.r, Ilya

6

Hi Carlos,

Yes you’re right, onedatastore show 101:
DATASTORE TEMPLATE
CLONE_TARGET="SYSTEM"
DISK_TYPE="FILE"
DS_MAD="fs"
LN_TARGET=“NONE"
RESTRICTED_DIRS=”/“
SAFE_DIRS=”/var/tmp"
TM_MAD="qcow2"
TYPE=“IMAGE_DS”

The warning mentions only about /var/lib/one but setting the default value to / makes impossible to use local path. I think it’d be better to set /var/lib/one.

Thanks,
Orhan

2 Likes
7

Hi Carlos,
I have to agree that the default value of “/” is not a very useful choice. If for security reasons you decided to use this path, then at least the error message in oned.log should state something more obvious than “Not allowed to copy image file” maybe something like “this is a restricted path, if you want to allow it, you can do so in your datastore configuration” or something alike. other idea would be to mention in the gui that uploading is only allowed from /var/tmp.
right now, it’s far from intuitive :wink:
thanks for considering
hope that helps
Jojo

2 Likes
8

I think everyone would appreciate a more specific error message.
I was looking for an NFS permission issue for a long time.

1 Like
9

There is SAFE_DIRS="/var/tmp" that you can put your file there to load without a problem.