kolla-ansible

Configuration files in /etc/kolla have inconsistent permissions

Bug #1821579 reported by Mark Goddard on 2019-03-25

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	High	Mark Goddard	kolla-ansible 8.0.0 "Stein"
Rocky	Fix Released	High	Unassigned
Stein	Fix Released	High	Mark Goddard	kolla-ansible 8.0.0 "Stein"

Bug Description

The configuration files generated by kolla-ansible have inconsistent permissions. Typically, non-executable files should have 660, and executable files and directories should have 770. All should be owned by the 'config_owner_user' and 'config_owner_group' variables.

Tags:

Mark Goddard (mgoddard) on 2019-03-25

Changed in kolla-ansible:
assignee:	nobody → Mark Goddard (mgoddard)

Mark Goddard (mgoddard) on 2019-03-25

Changed in kolla-ansible:
importance:	Undecided → High

OpenStack Infra (hudson-openstack) on 2019-03-25

Changed in kolla-ansible:
status:	New → In Progress

Revision history for this message

Mark Goddard (mgoddard) wrote on 2019-03-25:

Fix up perms: https://review.openstack.org/645861
Script to check owner & permissions in CI: https://review.openstack.org/647410

Mark Goddard (mgoddard) on 2019-03-26

Changed in kolla-ansible:
status:	In Progress → Fix Committed
status:	Fix Committed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-03: Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/645861
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=a4bb8567da3e0e1468d66048c5b46cdeefcb1332
Submitter: Zuul
Branch: master

commit a4bb8567da3e0e1468d66048c5b46cdeefcb1332
Author: Mark Goddard <email address hidden>
Date: Fri Mar 22 19:18:45 2019 +0000

Fix up config file permissions on the host

Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.

Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
Closes-Bug: #1821579

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-03: Related fix proposed to kolla-ansible (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.openstack.org/649612

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-03: Related fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/647410
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=8c4ab41ffa502a58714819e0407f3c17e6fde7d0
Submitter: Zuul
Branch: master

commit 8c4ab41ffa502a58714819e0407f3c17e6fde7d0
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 11:39:41 2019 +0000

Check configuration file permissions in CI

    Typically, non-executable files should have 660 or 600 and executable
    files and directories should have 770. All should be owned by the
    'config_owner_user' and 'config_owner_group' variables.

This change adds a script to check the owner and permissions of config
files under /etc/kolla, and runs it at the end of CI jobs.

Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab
Related-Bug: #1821579

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-05: Fix included in openstack/kolla-ansible 8.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 8.0.0.0rc1 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-15: Fix merged to kolla-ansible (stable/rocky)

Reviewed: https://review.openstack.org/649611
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=fc9384117daaa697daf396dd5e35029a672754fc
Submitter: Zuul
Branch: stable/rocky

commit fc9384117daaa697daf396dd5e35029a672754fc
Author: Mark Goddard <email address hidden>
Date: Fri Mar 22 19:18:45 2019 +0000

Fix up config file permissions on the host

Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.

    Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
    Closes-Bug: #1821579
    (cherry picked from commit a4bb8567da3e0e1468d66048c5b46cdeefcb1332)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-15: Related fix merged to kolla-ansible (stable/rocky)

Reviewed: https://review.openstack.org/649612
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=dc13194200e794ca381eb2422bb543cde6b9d939
Submitter: Zuul
Branch: stable/rocky

commit dc13194200e794ca381eb2422bb543cde6b9d939
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 11:39:41 2019 +0000

Check configuration file permissions in CI

    Typically, non-executable files should have 660 or 600 and executable
    files and directories should have 770. All should be owned by the
    'config_owner_user' and 'config_owner_group' variables.

This change adds a script to check the owner and permissions of config
files under /etc/kolla, and runs it at the end of CI jobs.

    Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab
    Related-Bug: #1821579
    (cherry picked from commit 8c4ab41ffa502a58714819e0407f3c17e6fde7d0)

tags:

added: in-stable-rocky

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-14: Fix included in openstack/kolla-ansible 7.1.1

This issue was fixed in the openstack/kolla-ansible 7.1.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.