openstack-guest-agents

nova-agent versions 0.0.28 to 0.0.31 write /etc/resolv.conf with wrong permissions

Bug #889305 reported by James Glenn on 2011-11-11

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	openstack-guest-agents	Invalid	Undecided	Unassigned

Bug Description

-rw------- 1 root root 293 Nov 11 09:17 /etc/resolv.conf

Is how the file gets written.

Needs to be:

-rw-r--r-- 1 root root 293 Nov 11 09:17 /etc/resolv.conf

Revision history for this message

James Glenn (james-glenn) wrote on 2011-11-11:

If the file already exists with the correct permissions, the permissions are not changed.

Revision history for this message

Chris Behrens (cbehrens) wrote on 2011-11-11:

The agent does not re-write /etc/resolv.conf for redhat/centos. For other distros, it creates files always with 0644 permissions.
Base images will need to have a /etc/resolv.conf in them with the permissions you desire...

Changed in openstack-guest-agents:
status:	New → Invalid

Revision history for this message

BK Box (bkbox) wrote on 2011-11-11:

If the file happens to not exist and the agent writes it, it should create it with the correct permissions.

Revision history for this message

Chris Behrens (cbehrens) wrote on 2011-11-11:

It does.

Revision history for this message

BK Box (bkbox) wrote on 2011-11-18:

From looking at the code, it appears that the redhat portion of network.py will update the per device information with the DNS data in the form of "DNS=x.x.x.x". Although, I am not seeing that in our eth0 files:

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=255.255.255.0
ONBOOT=yes

When the instance is created, there is no /etc/resolv.conf, but the file is still created even though there is no DNS= information. This file is created with 600 perms:

# ls -l /etc/resolv.conf
-rw------- 1 root root 46 Nov 18 15:10 /etc/resolv.conf

If the code is falling back to the update_files, I see where it chmod's to 644, but the resolv.conf file does not reflect that.

Please help me understand if I am looking at the code incorrectly.

Revision history for this message

Johannes Erdfelt (johannes.erdfelt) wrote on 2011-11-18:

I think you're making an assumption that nova-agent is creating that /etc/resolv.conf. Are you sure it didn't exist already before nova-agent is run?

nova-agent should add entries in the form of DNS%d=%s to the ifcfg-interface script, but only if there is DNS information supplied to the resetnetwork command.

I just confirmed and the code added a DNS1= line for me on RHEL.

Revision history for this message

BK Box (bkbox) wrote on 2011-11-18:

Yes, I am sure the files do not exist, (We have since added the file to the image so it will build correctly) but there is no sign of DNS variables in any configuration file and the resolv.conf file appears with the correct information, but incorrect permissions.

Revision history for this message

Johannes Erdfelt (johannes.erdfelt) wrote on 2011-11-18:

Are you using file injection?

Revision history for this message

BK Box (bkbox) wrote on 2011-11-18:

BAM! Looks like our backend is doing that injection. Thanks for the suggestion, and sorry for the invalid bug report.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.