Xen Orchestra - Permissions Issue - File level restore

DustinB3403

So here's the issue, and the two choices for a solution, either make sure XO is being run under root, or add my user XOAdmin to the fuse group.

xoadmin@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7$ sudo -s
[sudo] password for xoadmin:
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# vhdimount 20161220T134332Z_delta.vhd foo
vhdimount 20150110

root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# ok, it worked
bash: ok,: command not found
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# ls foo/
vhdi1  vhdi2  vhdi3  vhdi4  vhdi5  vhdi6  vhdi7
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# fusermount -u foo/
bash: fusermount: command not found
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# rmdir foo
rmdir: failed to remove âfooâ: Device or resource busy
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # either run xo-server as root or figure out how to enable fuse for xoadmin user :)
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # normally there should be a fuse group but I don't know why you don't have it
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # #good luck mate ;)
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # hah, ok so add a fuse group
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7#
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# #and add my user and root to it?
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # roothas already the permission to do this
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # just the xoadmin user, and maybe it will work
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # but this is a config system issue, not a XO one
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # #so mGy oTjob here is done ;)
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # gotcha, will investigate
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # keep me posted, have a nice day
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# # will do
root@xo-test-debian-3:/run/xo-server/mounts/remote-17/vm_delta_Critical VMs_b3d4662d-7358-0f49-e4c0-14bf3958488e/vdi_ee8f1bc2-fdd3-46b7-a44b-cf60a7b2f8b7# ls
20161215T040507Z_full.vhd            20161217T040416Z_delta.vhd           20161218T040415Z_delta.vhd.checksum  20161220T041727Z_delta.vhd           20161220T134332Z_delta.vhd.checksum
20161216T040517Z_delta.vhd           20161217T040416Z_delta.vhd.checksum  201612

Which searching for the fuse group doesn't result in any visible output. So I have to either get XO to run under root (which systemctl should already be doing this...... ) or I need to add xoadmin to the fuse group.

Any pointers?

@danp was having similar issues, waiting to get some feed back from his investigation with @julian.

DustinB3403

Here are the security groups on this host.

root@xo-test-debian-3:/opt/xo-server# cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:xoadmin
floppy:x:25:xoadmin
tape:x:26:
sudo:x:27:
audio:x:29:xoadmin
dip:x:30:xoadmin
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:xoadmin
sasl:x:45:
plugdev:x:46:xoadmin
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
input:x:101:
systemd-journal:x:102:
systemd-timesync:x:103:
systemd-network:x:104:
systemd-resolve:x:105:
systemd-bus-proxy:x:106:
crontab:x:107:
netdev:x:108:xoadmin
Debian-exim:x:109:
messagebus:x:110:
mlocate:x:111:
ssh:x:112:
xoadmin:x:1000:
redis:x:113:

DustinB3403

Under /dev I do have fuse.

So the system is there, yet there is no security group for fuse. . .

Danp

How are you currently starting xo-server?

Danp

@DustinB3403 said in Xen Orchestra - Permissions Issue - File level restore:

@danp was having similar issues, waiting to get some feed back from his investigation with @julian.

AFAICS, my issues are unrelated.

DustinB3403

@Danp said in Xen Orchestra - Permissions Issue - File level restore:

How are you currently starting xo-server?

It must be starting under xoadmin (but it starts before login).

DustinB3403

Systemctl is operating the server service.

systemctl status xo-server.service
â xo-server.service - XO Server
  Loaded: loaded (/etc/systemd/system/xo-server.service; enabled)
   Active: active (running) since Tue 2016-12-20 16:13:31 EST; 7min ago
 Main PID: 414 (node)
   CGroup: /system.slice/xo-server.service
           ââ414 /usr/local/bin/node ./bin/xo-server

Danp

@DustinB3403 Details please! I know you're on Debian 8. Is the process different than on Unbuntu where we used systemctl to create a service?

Edit: Thanks!

DustinB3403

I'm stretching my memory here, now only god knows what I did to get this working....

FML.... the service has to be started with my user account, it's the only thing that makes any sense. So I'm curious if I can get the service to start with root instead...

travisdh1

@DustinB3403 said in Xen Orchestra - Permissions Issue - File level restore:

I'm stretching my memory here, now only god knows what I did to get this working....

FML.... the service has to be started with my user account, it's the only thing that makes any sense. So I'm curious if I can get the service to use root instead...

Did you use the instructions on Mangolassi here to get everything installed and running? If so, it's running under systemd.

DustinB3403

@travisdh1 said in Xen Orchestra - Permissions Issue - File level restore:

@DustinB3403 said in Xen Orchestra - Permissions Issue - File level restore:

I'm stretching my memory here, now only god knows what I did to get this working....

FML.... the service has to be started with my user account, it's the only thing that makes any sense. So I'm curious if I can get the service to use root instead...

Did you use the instructions on Mangolassi here to get everything installed and running? If so, it's running under systemd.

I wrote the instructions!

DustinB3403

ps aux | grep xo-server
root       414  1.6  9.3 295696 192600 ?       Ssl  16:13   0:14 /usr/local/bin/node ./bin/xo-server
xoadmin   1407  0.0  0.1   4564  2232 pts/0    S+   16:28   0:00 grep xo-server

Danp

@DustinB3403 The 2nd line is just your current command. So it appears that node / xo-server are running as root.

DustinB3403

@Danp said in Xen Orchestra - Permissions Issue - File level restore:

@DustinB3403 The 2nd line is just your current command. So it appears that node / xo-server are running as root.

Then the issues isn't a permission one, as @julian said in the OP..... which means it's something else to be able to mount the VHD..

DustinB3403

This is what I currently get from logging while trying to select a VHD to mount.

Dec 20 16:35:56 xo-test-debian-3 xo-server[414]: Tue, 20 Dec 2016 21:35:56 GMT xo:api [email protected] | remote.getAll(...) [2ms] ==> array
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: Tue, 20 Dec 2016 21:35:57 GMT xo:perf blocked for 108ms
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: Tue, 20 Dec 2016 21:35:57 GMT xo:api [email protected] | backup.scanDisk(...) [311ms] =!> Error: Command failed: vhdimount /run/xo-server/mounts/remote-17/vm_delta_qlik-exchange_0d05dd84-91eb-473b-d11d-7864049430b5/vdi_c143c2e0-5149-455b-9730-73e08585e09a/20161214T030158Z_delta.vhd /tmp/tmp-4144UyM2UZtgAHO
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: Unable to open source file.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libcfile_file_open_with_error_code: no such file: /run/xo-server/mounts/remote-17/vm_delta_qlik-exchange_0d05dd84-91eb-473b-d11d-7864049430b5/vdi_c143c2e0-5149-455b-9730-73e08585e09a/20161214T030158Z_delta.vhd.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libcfile_file_open: unable to open file.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libbfio_file_open: unable to open file: /run/xo-server/mounts/remote-17/vm_delta_qlik-exchange_0d05dd84-91eb-473b-d11d-7864049430b5/vdi_c143c2e0-5149-455b-9730-73e08585e09a/20161214T030158Z_delta.vhd.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libcfile_file_get_size: invalid file - missing descriptor.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libbfio_file_get_size: unable to retrieve size of file: /run/xo-server/mounts/remote-17/vm_delta_qlik-exchange_0d05dd84-91eb-473b-d11d-7864049430b5/vdi_c143c2e0-5149-455b-9730-73e08585e09a/20161214T030158Z_delta.vhd.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libbfio_handle_get_size: unable to retrieve size.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libvhdi_file_open_read: unable to retrieve file size.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libvhdi_file_open_file_io_handle: unable to read from file handle.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: libvhdi_file_open: unable to open file: /run/xo-server/mounts/remote-17/vm_delta_qlik-exchange_0d05dd84-91eb-473b-d11d-7864049430b5/vdi_c143c2e0-5149-455b-9730-73e08585e09a/20161214T030158Z_delta.vhd.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: mount_handle_open_input: unable to open input file.
Dec 20 16:35:57 xo-test-debian-3 xo-server[414]: vhdimount 20150110

DustinB3403

I'm also seeing this.... fusermount issue but for a different backup.

Dec 20 16:40:09 xo-test-debian-3 xo-server[414]: Tue, 20 Dec 2016 21:40:09 GMT xo:api [email protected] | backup.scanDisk(...) [214ms] =!> Error: spawn fusermount ENOENT

Danp

I wonder if any of the items described here apply to your situation?

Danp

Check to see if the path and file actually exist.

DustinB3403

@Danp I'll take a look for the file first thing tomorrow when I'm back at the office, I have some errands I have to run this afternoon.

DustinB3403

I don't have the VHD (20161214T030158Z_delta.vhd) listed from the 14th (it's at my rotation schedule) so that doesn't mean much...

Once the dates are fixed testing this will be a bit easier.