View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000550 | bareos-core | storage daemon | public | 2015-11-04 15:24 | 2015-11-06 09:21 |
| Reporter | avantsysadm@avant.ca | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Platform | Linux | OS | CentOS | OS Version | 6 |
| Summary | 0000550: SG_IO ioctl fails w/ EPERM in -master | ||||
| Description | running bareos-storage-15.4.0.git.1446221083.2c08394-1171.1.el6.x86_64 as u/g bareos/bareos, I get this on every tape run: backup1-sd: ERROR in scsi_lli.c:93 Unable to perform SG_IO ioctl on fd 5: ERR=Operation not permitted | ||||
| Additional Information | Bareos-sd.conf ============== Storage { # definition of myself Name = backup1-sd Maximum Concurrent Jobs = 20 Plugin Directory = /usr/lib64/bareos/plugins # Plugin Names = "" NDMP Enable = yes } Director { Name = backup1-dir Password = "password" } Director { Name = backup1-mon Password = "password" Monitor = yes } Device { Name = FileStorage Media Type = File Archive Device = /backups/bareos LabelMedia = yes; # lets Bareos label unlabeled media Random Access = yes; AutomaticMount = yes; # when device opened, read it RemovableMedia = no; AlwaysOpen = no; Auto Deflate = both Auto Deflate Algorithm = LZO Auto Inflate = both Spool Directory = /backups/spool } Device { Name = "tapedrive-tl1000" DeviceType = tape ArchiveDevice = /dev/tape/by-id/scsi-350016977299e1010-nst MediaType = LTO6 Check Labels = yes LabelMedia = yes AutoChanger = yes AutomaticMount = yes MaximumBlockSize = 1M MaximumFileSize = 50GB AutoInflate = both Drive Tape Alert Enabled = yes Spool Directory = /backups/spool } Autochanger { Name = "autochanger-tl1000" Changer Device = /dev/tape/by-id/scsi-1IBM_3572-TL_0000068403931001 Device = tapedrive-tl1000 Changer Command = "/usr/lib/bareos/scripts/mtx-changer %c %o %S %a %d" } Device { Name = "tapedrive-pv124t" DeviceType = tape ArchiveDevice = /dev/tape/by-id/scsi-1IBM_ULTRIUM-TD3_1210358856-nst MediaType = LTO3 Check Labels = yes LabelMedia = yes AutoChanger = yes AutomaticMount = yes MaximumBlockSize = 1M MaximumFileSize = 50GB AutoInflate = both Drive Tape Alert Enabled = yes Spool Directory = /backups/spool } Autochanger { Name = "autochanger-pv124t" Changer Device = /dev/tape/by-id/scsi-3500e09efff0e0a07 Device = tapedrive-pv124t Changer Command = "/usr/lib/bareos/scripts/mtx-changer %c %o %S %a %d" } Messages { Name = Standard director = backup1-dir = all } ============== [root@backup1 bareos]# ls -l /dev/tape/by-id/ total 0 lrwxrwxrwx 1 root root 9 Nov 3 11:51 scsi-1IBM_3572-TL_0000068403931001 -> ../../sg2 lrwxrwxrwx 1 root root 9 Nov 3 11:51 scsi-1IBM_ULTRIUM-TD3_1210358856 -> ../../st1 lrwxrwxrwx 1 root root 10 Nov 3 11:51 scsi-1IBM_ULTRIUM-TD3_1210358856-nst -> ../../nst1 lrwxrwxrwx 1 root root 9 Nov 3 11:51 scsi-350016977299e1010 -> ../../st0 lrwxrwxrwx 1 root root 10 Nov 3 11:51 scsi-350016977299e1010-nst -> ../../nst0 lrwxrwxrwx 1 root root 9 Nov 3 11:51 scsi-3500e09efff0e0a07 -> ../../sg4 [root@backup1 bareos]# ls -l /dev/{sg2,st1,nst1,st0,nst0,sg4} crw-rw---- 1 root tape 9, 128 Nov 3 11:51 /dev/nst0 crw-rw---- 1 root tape 9, 129 Nov 3 11:51 /dev/nst1 crw-rw---- 1 root tape 21, 2 Nov 3 11:51 /dev/sg2 crw-rw---- 1 root tape 21, 4 Nov 3 11:51 /dev/sg4 crw-rw---- 1 root tape 9, 0 Nov 3 11:51 /dev/st0 crw-rw---- 1 root tape 9, 1 Nov 3 11:51 /dev/st1 [root@backup1 ~]# ls -l /proc/$(pgrep bareos-sd)/fd/5 lrwx------ 1 bareos bareos 64 Nov 4 08:23 /proc/7501/fd/5 -> /dev/nst0 ============== From http://www.tldp.org/HOWTO/SCSI-Generic-HOWTO/sg_io.html: "All commands to SCSI device type SCANNER are accepted. Other cases yield an EPERM error." (I have no idea how up-to-date or accurate that piece of information is.) | ||||
| Tags | No tags attached. | ||||
 |
Try reading the documentation: https://raw.githubusercontent.com/bareos/bareos/master/README.scsicrypto See security section. You enabled the scsicrypto-sd plugin which does loading and clearing of security keys on LTO4 and later drives which needs the low level SG_IO ioctl to be able to send raw SCSI messages. That will only work if you give the bareos SD process the right rights. So either setup things right or don't load plugins which you either don't need (if you don't need hardware encryption of tapes) or don't use. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-11-04 15:24 | avantsysadm@avant.ca | New Issue | |
| 2015-11-06 09:21 | mvwieringen | Note Added: 0001921 | |
| 2015-11-06 09:21 | mvwieringen | Status | new => closed |
| 2015-11-06 09:21 | mvwieringen | Resolution | open => no change required |
