[Bug 2045845] [NEW] Missing sudoers record to allow privset-helper

Takashi Kajinami 2045845 at bugs.launchpad.net
Thu Dec 7 03:28:17 UTC 2023 

Public bug reported:

It seems the sudoers file installed by manila packages do not include
the required records to allow  usage of privsep-helper. Because of this
lvm backend can't be used.


snippet in manila.conf
```
[DEFAULT]
enabled_share_backends=lvm

[lvm]
share_backend_name=lvm
share_driver=manila.share.drivers.lvm.LVMShareDriver
driver_handles_share_servers=False
lvm_share_export_ips=127.0.0.1
```

The error seen in manila-share.log .
```
2023-12-07 02:59:16.941 42613 DEBUG manila.share.manager [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Start initialization of driver: 'LVMShareDriver at np0035967877@lvm' _driver_setup /usr/lib/python3/dist-packages/manila/share/manager.py:364
2023-12-07 02:59:16.944 42613 INFO oslo.privsep.daemon [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/etc/manila/manila.conf', '--privsep_context', 'manila.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmp4uzpays_/privsep.sock']
2023-12-07 02:59:16.955 42613 WARNING oslo.privsep.daemon [-] privsep log: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
2023-12-07 02:59:16.956 42613 WARNING oslo.privsep.daemon [-] privsep log: sudo: a password is required
2023-12-07 02:59:16.957 42613 CRITICAL oslo.privsep.daemon [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] privsep helper command exited non-zero (1)
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Error encountered during initialization of driver LVMShareDriver at np0035967877@lvm: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager Traceback (most recent call last):
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/manila/share/manager.py", line 367, in _driver_setup
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     self.driver.check_for_setup_error()
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/manila/share/drivers/lvm.py", line 76, in check_for_setup_error
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     out, err = privsep_lvm.list_vgs_get_name()
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 269, in _wrap
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     self.start()
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 283, in start
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     channel = daemon.RootwrapClientChannel(context=self)
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/daemon.py", line 358, in __init__
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     raise FailedToDropPrivileges(msg)
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2023-12-07 02:59:16.958 42613 ERROR manila.share.manager 
```

** Affects: manila (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to manila in Ubuntu.
https://bugs.launchpad.net/bugs/2045845

Title:
  Missing sudoers record to allow privset-helper

Status in manila package in Ubuntu:
  New

Bug description:
  It seems the sudoers file installed by manila packages do not include
  the required records to allow  usage of privsep-helper. Because of
  this lvm backend can't be used.

  
  snippet in manila.conf
  ```
  [DEFAULT]
  enabled_share_backends=lvm

  [lvm]
  share_backend_name=lvm
  share_driver=manila.share.drivers.lvm.LVMShareDriver
  driver_handles_share_servers=False
  lvm_share_export_ips=127.0.0.1
  ```

  The error seen in manila-share.log .
  ```
  2023-12-07 02:59:16.941 42613 DEBUG manila.share.manager [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Start initialization of driver: 'LVMShareDriver at np0035967877@lvm' _driver_setup /usr/lib/python3/dist-packages/manila/share/manager.py:364
  2023-12-07 02:59:16.944 42613 INFO oslo.privsep.daemon [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/etc/manila/manila.conf', '--privsep_context', 'manila.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmp4uzpays_/privsep.sock']
  2023-12-07 02:59:16.955 42613 WARNING oslo.privsep.daemon [-] privsep log: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
  2023-12-07 02:59:16.956 42613 WARNING oslo.privsep.daemon [-] privsep log: sudo: a password is required
  2023-12-07 02:59:16.957 42613 CRITICAL oslo.privsep.daemon [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] privsep helper command exited non-zero (1)
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager [None req-7eb117c5-8a4a-4f41-adb0-e9dae5b070a3 - - - - - -] Error encountered during initialization of driver LVMShareDriver at np0035967877@lvm: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager Traceback (most recent call last):
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/manila/share/manager.py", line 367, in _driver_setup
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     self.driver.check_for_setup_error()
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/manila/share/drivers/lvm.py", line 76, in check_for_setup_error
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     out, err = privsep_lvm.list_vgs_get_name()
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 269, in _wrap
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     self.start()
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 283, in start
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     channel = daemon.RootwrapClientChannel(context=self)
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager   File "/usr/lib/python3/dist-packages/oslo_privsep/daemon.py", line 358, in __init__
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager     raise FailedToDropPrivileges(msg)
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
  2023-12-07 02:59:16.958 42613 ERROR manila.share.manager 
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/manila/+bug/2045845/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list