OpenStack Nova Compute Charm

nova-compute charm does not update apparmor profile to allow attachment of iscsi volumes

Bug #1815519 reported by Tiago Pasqualini da Silva on 2019-02-11

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Nova Compute Charm	Fix Released	High	Tiago Pasqualini da Silva	OpenStack Nova Compute Charm 19.04

Bug Description

When nova-compute is deployed with apparmor in enforce mode, it fails to attach iscsi volumes. By checking apparmor logs, we can find that it is blocking paths, capabilities and commands used to attach this kind of volume.

Tags:

Tiago Pasqualini da Silva (tiago.pasqualini) on 2019-02-11

tags:	added: sts
Changed in charm-nova-compute:
assignee:	nobody → Tiago Pasqualini da Silva (tiago.pasqualini)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-11: Fix proposed to charm-nova-compute (master)

Fix proposed to branch: master
Review: https://review.openstack.org/636226

Changed in charm-nova-compute:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-06: Fix merged to charm-nova-compute (master)

Reviewed: https://review.openstack.org/636226
Committed: https://git.openstack.org/cgit/openstack/charm-nova-compute/commit/?id=ad8b38884e63ec31852031980dca94977a42b315
Submitter: Zuul
Branch: master

commit ad8b38884e63ec31852031980dca94977a42b315
Author: tpsilva <email address hidden>
Date: Mon Feb 11 19:50:50 2019 -0200

Add iSCSI to nova-compute AppArmor profile

When nova-compute is deployed with AppArmor in enforce mode, it
fails to attach iSCSI volumes because it is being blocked.

    This patch fixes that by updating the nova-compute AppArmor profile
    to include the commands, paths and capabilities used to attach
    iSCSI volumes.

Change-Id: I46b8a8453cdc045f10850958652af920c8a19660
Closes-bug: #1815519

Changed in charm-nova-compute:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-06: Fix proposed to charm-nova-compute (stable/18.11)

Fix proposed to branch: stable/18.11
Review: https://review.openstack.org/641476

Ryan Beisner (1chb1n) on 2019-03-06

Changed in charm-nova-compute:
milestone:	none → 19.04
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-12: Fix merged to charm-nova-compute (stable/18.11)

Reviewed: https://review.openstack.org/641476
Committed: https://git.openstack.org/cgit/openstack/charm-nova-compute/commit/?id=7e6a7b62061c04703b12e68f89374375ef7af6ea
Submitter: Zuul
Branch: stable/18.11

commit 7e6a7b62061c04703b12e68f89374375ef7af6ea
Author: tpsilva <email address hidden>
Date: Mon Feb 11 19:50:50 2019 -0200

Add iSCSI to nova-compute AppArmor profile

When nova-compute is deployed with AppArmor in enforce mode, it
fails to attach iSCSI volumes because it is being blocked.

    This patch fixes that by updating the nova-compute AppArmor profile
    to include the commands, paths and capabilities used to attach
    iSCSI volumes.

    Change-Id: I46b8a8453cdc045f10850958652af920c8a19660
    Closes-bug: #1815519
    (cherry picked from commit ad8b38884e63ec31852031980dca94977a42b315)

David Ames (thedac) on 2019-04-17

Changed in charm-nova-compute:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.