[Bug 1904745] Re: File permissions in /var/lib/nova/.ssh broken in upgrade

Felipe Reyes 1904745 at bugs.launchpad.net
Fri Mar 25 19:37:33 UTC 2022 

*** This bug is a duplicate of bug 1904580 ***
    https://bugs.launchpad.net/bugs/1904580

hello everyone, thanks for reporting this bug, I'm going to mark this
bug as duplicate of https://bugs.launchpad.net/charm-nova-
compute/+bug/1904580 since it tracked the analysis and workarounds.

** This bug has been marked a duplicate of bug 1904580
   Permissions 0644 for '/var/lib/nova/.ssh/id_rsa' are too open

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1904745

Title:
  File permissions in /var/lib/nova/.ssh broken in upgrade

Status in nova package in Ubuntu:
  Confirmed

Bug description:
  I am doing series upgrade on charmed openstack following the normal
  procedure. The upgrade is cloud:bionic-ussuri to focal distro.

  On compute units I notice that running apt full-upgrade prior to doing
  do-release-upgrade results in incorrect file permissions on
  /var/lib/nova/.ssh/. This in turn breaks migrations at least.

  I did not catch if it was nova-common or nova-compute that did this
  during the upgrade, but something wrote 644 on everything.

  (osc) routergod at juju:~$ juju ssh 40 -- sudo ls -l /var/lib/nova/.ssh
  total 44
  -rw-r----- 1 nova nova 10615 Nov 10 17:34 authorized_keys
  -rw------- 1 nova nova  1675 Apr  9  2020 id_rsa
  -rw-r----- 1 nova nova   393 Apr  9  2020 id_rsa.pub
  -rw-r----- 1 nova nova 21216 Nov 10 17:34 known_hosts
  (osc) routergod at juju:~$ juju upgrade-series 40 prepare focal
  WARNING: This command will mark machine "40" as being upgraded to series "focal".
  This operation cannot be reverted or canceled once started.
  Units running on the machine will also be upgraded. These units include:
    nova-compute/11
    ntp/151
    neutron-openvswitch/67
    nova-compute-syslog/0
  [...]
  (osc) routergod at juju:~$ juju ssh 40 -- sudo apt update
  [...]
  (osc) routergod at juju:~$ juju ssh 40 -- sudo apt full-upgrade
  [...]
  (osc) routergod at juju:~$ juju ssh 40 -- sudo ls -l /var/lib/nova/.ssh
  total 44
  -rw-r--r-- 1 nova nova 10615 Nov 10 17:34 authorized_keys
  -rw-r--r-- 1 nova nova  1675 Apr  9  2020 id_rsa
  -rw-r--r-- 1 nova nova   393 Apr  9  2020 id_rsa.pub
  -rw-r--r-- 1 nova nova 21216 Nov 10 17:34 known_hosts

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1904745/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list