OpenVZ Forum


Home » General » Support » Difference between --devnodes and --devices?
Difference between --devnodes and --devices? [message #10638] Sun, 25 February 2007 13:21 Go to next message
mcarreira is currently offline  mcarreira
Messages: 30
Registered: February 2007
Member
I'm new to openvz and I'm stil testing and learning.
The goal is to change my office system from three servers to only one machine with several virtual servers in it, including the router (with a adsl connection) and a samba server.
Maybe I would do some more questions while I'm learning to do it.
This is the first question:

When using:
[hn]# vzctl set 120 --devices b:8:18:rw --devices b:8:19:rw --save

then I ssh to the VPS and when I do:
[vps]# ls -l /dev/sdb*

I don't see any devices created.

But if I try a:

[hn] vzctl set 120 --devnodes sdb:rw --devnodes sdb1:rw --save

everything works well.

Is devnodes the right way to grant a VPS read/write access to a hard disk? Is --devices not working?

Another question:

If I want to revert the above situation, I don't find a command to do it.
The only way I found to do it was deleting the line:
DEVNODES="sdb:rw sdb1:rw "
in the file /etc/vz/conf/120.conf

and inside VPS delete /dev/sdb and /dev/sdb1.
Is there a cleanest way to do it?

Thanks.

M.C.

Report message to a moderator

Re: Difference between --devnodes and --devices? [message #10657 is a reply to message #10638] Mon, 26 February 2007 07:04 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member
Hi "M.C.",

imho both option are used to grant access to some /dev -files in VE0, but with option "--device" device-node in /dev/ can be exist and option "--devnode" the dev-node in /dev *must* be exist !

in your example:

// grant access to existing dev-node in VE0
// and create automatically a devnode in VE
# vzctl set <VEID> --devnodes sdb:rw [--save]

// disable with none
# vzctl set <VEID> --devnodes sdb:none [--save]


the same command with --device :

// first create devnode in VE
# vzctl exec <VEID> mknod /dev/sdb b 8 18
# vzctl exec <VEID> chmod 600 /dev/sdb

// grant access to VE0, without creating a devnode in VE
# vzctl set <VEID> --devices b:8:18:rw [--save]

// disable grant access with q
# vzctl set <VEID> --devices b:8:18:q [--save]

vzctl option "--device" can be used, but missing infos in documentation and man pages.

Report message to a moderator

Re: Difference between --devnodes and --devices? [message #10673 is a reply to message #10638] Mon, 26 February 2007 12:00 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

I just want to add some interesting information. While playing with these options /proc/vz/devperms file is useful:

# cat /proc/vz/devperms
Version: 2.7
         0 b 016 *:*
         0 c 006 *:*
# vzctl set 201 --devnode hdb1:w --save
Setting devices
Saved parameters for VE 201
# cat /proc/vz/devperms
Version: 2.7
         0 b 016 *:*
         0 c 006 *:*
       201 b 002 3:65


The format is the following:
<veid> <block(b)/character(c) device> <permissions> <device major>:<device minor>

HTH,
Vasily

Report message to a moderator

Re: Difference between --devnodes and --devices? [message #10709 is a reply to message #10657] Mon, 26 February 2007 20:41 Go to previous messageGo to next message
mcarreira is currently offline  mcarreira
Messages: 30
Registered: February 2007
Member
Thank's for the answer. Now I understand the difference!
But after using "--devices", when I try:

# vzctl set <VEID> --devices b:8:18:q --save
# vzctl enter <VEID>

it gives this message:

# vzctl enter 120
Invalid value for DEVICES=b:8:18:, skipped
entered into VE 120

Like you said, I have no access with "fdisk /dev/sdb", but i can "ls /dev/sdb".
If I do:
# vzctl exec 120 rm -f /dev/sdb

it answers the same message:
invalid value for DEVICES=b:8:18:, skipped

but it deletes the devnode. So it reverts to the initial situation.
Is this message (...invalid value...) ok? Is this the right way to do it?

The other example (--devnodes) has also some problems:

# vzctl set <VEID> --devnodes sdb:none --save

the argument "none" doesn't delete the devnode in /dev/sdb (or is it supposed to only disable grant access?)

The only way I can revert to the original situation (without a devnode) is changing the file:
/etc/vz/conf/VEID.conf
and deleting the devnode manually.

My vzctl version is 3.0.14-1.

The question boils down to this:

After creating and granting access to a devnode, what is the most correct way to revert to the prior situation?
It seems the examples you gave, don't work the way I expected.


Thanks

M.C.

Report message to a moderator

Re: Difference between --devnodes and --devices? [message #10940 is a reply to message #10709] Thu, 08 March 2007 08:16 Go to previous message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member
You are right, thats buggy, there's no way, without error using the vzctl util to "remove" device settings from config file.

The "q" Option is not documented, it add a group execute grant to dev-node only, the /dev/vz/devperms shows:

# vzctl set <VEID> --devices b:8:18:q --save
# cat /proc/vz/devperms
[...]
101 b 010 8:18


# vzctl set <VEID> --devices b:8:18:none
# cat /proc/vz/devperms
[...]
101 b 000 8:18

without restarting :
first revoke the access with option "none", and remove manually related device settings in VEID config file.
(also entry in /dev/vz/devperms exist, with perm 000 )

or remove manually device settings and restart VE

Report message to a moderator

Previous Topic: *SOLVED* veth problem - unable to create
Next Topic: *SOLVED* /dev destroyed upon gnome install
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Aug 14 02:31:59 GMT 2024

Total time taken to generate the page: 0.02809 seconds
Powered by FUDforum Powered by Virtuozzo Containers