How to mount glusterfs inside a OpenVZ container?

glusterfs uses fuse to mount a glusterfsd volume, wich works fine on any hardwarenode without virtualization.

But, I now try to mount the device inside a container

glusterfs --debug -f /etc/glusterfs/glusterfs.vol /storage

and get the following error(s):

fuse: failed to open /dev/fuse: Permission denied
[2009-06-20 18:36:29] D [fuse-bridge.c:2747:init] glusterfs-fuse: fuse_mount() failed with error Permission denied on mount point /storage

ls -al /dev/fuse is

crw-rw-rw- 1 root fuse 10, 229 20. Jun 16:35 /dev/fuse

and ls -al /storage is

drwxr-xr-x   2 root root 4096 20. Jun 17:14 storage

the kernel of that HN has fuse loaded... a uname is

2.6.18-14-fza-amd64 #1 SMP Mon Jan 5 17:36:46 UTC 2009 x86_64 GNU/Linux

Any suggestions? Has anyone tried to mount a glusterfs inside a openvz container and got that up and running?

Thanks in advance. Marcus


well, just found the solution on my own (http://wiki.openvz.org/FUSE)

I just needed to tune my container, by berforming the following in my HN:

# vzctl set $VEID --devices c:10:229:rw --save
# vzctl exec $VEID mknod /dev/fuse c 10 229

...and to complete, you need to set these

# vzctl set $VEID --capability sys_admin:on

to export a glusterfs volume from inside a OpenVZ container.


In the Azouk infrastructure we also use OpenVZ and Glusterfs, but don't give VPSes sys_admin privileges.

If you feel uncomfortable giving sys_admin privileges to every VPS mounting Gluster — and most Admins probably do — you can slightly alter GlusterFS source code so that it stores its xattrs in unprivileged namespace:

find . -regex '.*/[^/]*\.[ch]' -exec sed -i 's/"trusted\./"user./g' {} + \
    && ./configure && make

I've tested this with version 1.4.0qa92, which we use in production for over half a year now.


Another way to securely mount it is by mounting the GlusterFS volume on the HN and then bind mounting the directory into the VZ container. This can be controlled by container mount scripts (vps.mount or $ctid.mount) in the config directory.