[Bug 1885269] Re: ussuri: unable to stop and start an instance post upgrade
Corey Bryant
1885269 at bugs.launchpad.net
Mon Jul 13 12:48:58 UTC 2020
This bug was fixed in the package nova - 2:22.0.0~b1~git2020070713.bc784a1c1f-0ubuntu1~cloud0
---------------
nova (2:22.0.0~b1~git2020070713.bc784a1c1f-0ubuntu1~cloud0) focal-victoria; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
nova (2:22.0.0~b1~git2020070713.bc784a1c1f-0ubuntu1) groovy; urgency=medium
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
* d/p/add-mysql8-compatibility.patch: Removed. Change landed upstream.
* d/p/arm-console-patch.patch: Refreshed.
* d/p/drop-sphinxcontrib-rsvgconverter.patch: Refreshed
.
nova (2:21.0.0-0ubuntu3) groovy; urgency=medium
.
* d/rules: Blacklist test_tcp_rst_no_compute_rpcapi.
.
nova (2:21.0.0-0ubuntu2) groovy; urgency=medium
.
* Correct file and directory permissions to ensure that instances
can be stopped and started correctly (LP: #1885269):
- d/nova-common.postinst: Reset file permissions under /var/lib/nova
to 0644 and directory permissions to 0755 to ensure that instances
can be stopped and started correctly with the workflow of ownership
changes that occur between nova and libvirt/qemu.
- d/nova-common.postinst: Don't force ownership to nova:nova.
- d/nova-common.postinst: Reset ownership and permissions on
console.log files to root:root and 0600.
.
nova (2:21.0.0-0ubuntu1) groovy; urgency=medium
.
* d/watch: Scope to 21.x series and get tarballs from opendev.org.
* d/control: Align (Build-)Depends with upstream.
* New upstream release for OpenStack Ussuri (LP: #1877642).
** Changed in: cloud-archive
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1885269
Title:
ussuri: unable to stop and start an instance post upgrade
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive ussuri series:
Fix Committed
Status in Ubuntu Cloud Archive victoria series:
Fix Released
Status in nova package in Ubuntu:
Fix Released
Status in nova source package in Focal:
Fix Committed
Status in nova source package in Groovy:
Fix Released
Bug description:
== Impact ==
instances cannot be stopped and then started
== Test Case ==
Deploy OpenStack (using Juju Charms)
Create networking and boot an instance
stop the instance
start the instance
(fails with permissions errors)
== Regression Potential ==
Low - the proposed change opens the permission under /var/lib/nova to
allow for the odd ownership changes that happen during instance
lifecycle.
== Original Bug Report ==
bionic or focal with OpenStack Ussuri.
The latest version of the nova package sets permissions on package
update for /var/lib/nova:
find /var/lib/nova -exec chown nova:nova "{}" +
find /var/lib/nova -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
However, when managing vm's via libvirt, various ownership changes
happen to the underlying disks that mean that nova can no longer
access the disk files with 0640 permissions.
The disks (and base image) for a vm are created as nova:nova; libvirt
then shifts the ownership to libvirt-qemu:kvm as the vm starts. When
the vm is stopped the ownership reverts to root:root.
0640 permissions are maintained - however nova is not part of the root
or kvm groups so cannot access the file - which means the instance
cannot be restarted.
The following permissions are required for correct operation:
find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec
chmod 0755 "{}" +
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1885269/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list