[Bug 1885269] [NEW] ussuri: unable to stop and start an instance post upgrade
James Page
1885269 at bugs.launchpad.net
Fri Jun 26 11:12:43 UTC 2020
Public bug reported:
bionic or focal with OpenStack Ussuri.
The latest version of the nova package sets permissions on package
update for /var/lib/nova:
find /var/lib/nova -exec chown nova:nova "{}" +
find /var/lib/nova -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
However, when managing vm's via libvirt, various ownership changes
happen to the underlying disks that mean that nova can no longer access
the disk files with 0640 permissions.
The disks (and base image) for a vm are created as nova:nova; libvirt
then shifts the ownership to libvirt-qemu:kvm as the vm starts. When
the vm is stopped the ownership reverts to root:root.
0640 permissions are maintained - however nova is not part of the root
or kvm groups so cannot access the file - which means the instance
cannot be restarted.
The following permissions are required for correct operation:
find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec
chmod 0755 "{}" +
** Affects: cloud-archive
Importance: Critical
Status: Triaged
** Affects: cloud-archive/ussuri
Importance: Critical
Status: Triaged
** Affects: cloud-archive/victoria
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Focal)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Groovy)
Importance: Critical
Status: Triaged
** Also affects: nova (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: cloud-archive
Importance: Undecided
Status: New
** Also affects: cloud-archive/ussuri
Importance: Undecided
Status: New
** Also affects: cloud-archive/victoria
Importance: Undecided
Status: New
** Changed in: cloud-archive/victoria
Status: New => Triaged
** Changed in: cloud-archive/ussuri
Status: New => Triaged
** Changed in: nova (Ubuntu Focal)
Status: New => Triaged
** Changed in: nova (Ubuntu Groovy)
Status: New => Triaged
** Changed in: cloud-archive/ussuri
Importance: Undecided => Critical
** Changed in: cloud-archive/victoria
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Groovy)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1885269
Title:
ussuri: unable to stop and start an instance post upgrade
Status in Ubuntu Cloud Archive:
Triaged
Status in Ubuntu Cloud Archive ussuri series:
Triaged
Status in Ubuntu Cloud Archive victoria series:
Triaged
Status in nova package in Ubuntu:
Triaged
Status in nova source package in Focal:
Triaged
Status in nova source package in Groovy:
Triaged
Bug description:
bionic or focal with OpenStack Ussuri.
The latest version of the nova package sets permissions on package
update for /var/lib/nova:
find /var/lib/nova -exec chown nova:nova "{}" +
find /var/lib/nova -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
However, when managing vm's via libvirt, various ownership changes
happen to the underlying disks that mean that nova can no longer
access the disk files with 0640 permissions.
The disks (and base image) for a vm are created as nova:nova; libvirt
then shifts the ownership to libvirt-qemu:kvm as the vm starts. When
the vm is stopped the ownership reverts to root:root.
0640 permissions are maintained - however nova is not part of the root
or kvm groups so cannot access the file - which means the instance
cannot be restarted.
The following permissions are required for correct operation:
find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec
chmod 0755 "{}" +
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1885269/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list