[Bug 1947351] [NEW] chown not in rootwrap when only installing cinder-backup
Arif Ali
1947351 at bugs.launchpad.net
Fri Oct 15 10:36:25 UTC 2021
Public bug reported:
series: bionic
openstack: queens
We have an issue with a user, where the cinder-backup and services are
installed, and separated from cinder-volume nodes.
As part of the cinder-backup, it is required to grab iscsi devices, and
hence the likes of /dev/sd* would be there to be consumed.
As part of this process we can see that cinder-rootwrap is being run,
similar to the command below
sudo cinder-rootwrap /etc/cinder/rootwrap.conf chown 64061 /dev/sda
By default, this then gives permission denied, and does not move forward
We then added the excerpt below following into a new file in
/etc/cinder/rootwrap.d/backup.filters, borrowed from
/etc/cinder/rootwrap.d/volume.filters (which is typically from cinder-
volume package in bionic)
[Filters]
chown: CommandFilter, chown, root
This then moved things along for the user.
After further analysis, we found that post bionic, i.e. cosmic and
beyond, the volume.filters file is now located in cinder-common package
rather than the cinder-volume
My request is, can we do the same for queens, such that this file is in
cinder-common?
** Affects: cinder (Ubuntu)
Importance: Undecided
Status: New
** Affects: cinder (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: cinder (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1947351
Title:
chown not in rootwrap when only installing cinder-backup
Status in cinder package in Ubuntu:
New
Status in cinder source package in Bionic:
New
Bug description:
series: bionic
openstack: queens
We have an issue with a user, where the cinder-backup and services are
installed, and separated from cinder-volume nodes.
As part of the cinder-backup, it is required to grab iscsi devices,
and hence the likes of /dev/sd* would be there to be consumed.
As part of this process we can see that cinder-rootwrap is being run,
similar to the command below
sudo cinder-rootwrap /etc/cinder/rootwrap.conf chown 64061 /dev/sda
By default, this then gives permission denied, and does not move
forward
We then added the excerpt below following into a new file in
/etc/cinder/rootwrap.d/backup.filters, borrowed from
/etc/cinder/rootwrap.d/volume.filters (which is typically from cinder-
volume package in bionic)
[Filters]
chown: CommandFilter, chown, root
This then moved things along for the user.
After further analysis, we found that post bionic, i.e. cosmic and
beyond, the volume.filters file is now located in cinder-common
package rather than the cinder-volume
My request is, can we do the same for queens, such that this file is
in cinder-common?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/1947351/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list