Ceph OSD Charm

OSD crashes with aa-profile-mode=enforce

Bug #1677470 reported by Nobuto Murata
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ceph OSD Charm
Fix Released
High
Ante Karamatić
Ceph OSD Charm 17.08

Bug Description

[/var/log/ceph/ceph-osd.34.log]
2017-03-30 05:49:17.740002 7f782a3c6700 0 filestore(/var/lib/ceph/osd/ceph-34) error (13) Permission denied not handled on operation 0x55bb5a8d18c0 (6703.0.24, or op 24, counting from 0)
2017-03-30 05:49:17.740029 7f782a3c6700 0 filestore(/var/lib/ceph/osd/ceph-34) unexpected error code

...

2017-03-30 05:49:17.744913 7f782a3c6700 -1 os/filestore/FileStore.cc: In function 'void FileStore::_do_transaction(ObjectStore::Transaction&, uint64_t, int, ThreadPool::TPHandle*)' thread 7f7
82a3c6700 time 2017-03-30 05:49:17.740425
os/filestore/FileStore.cc: 2920: FAILED assert(0 == "unexpected error")

[/var/log/kern.log]
Mar 30 05:49:17 HOSTNAME kernel: [ 420.589421] audit: type=1400 audit(1490852957.736:345): apparmor="DENIED" operation="link" profile="/usr/bin/ceph-osd" name="/var/lib/ceph/osd/ceph-34/current/meta/osdmap.91__0_6416CA2C__none" pid=28628 comm="tp_fstore_op" requested_mask="l" denied_mask="l" fsuid=64045 ouid=64045 target="/var/lib/ceph/osd/ceph-34/current/meta/DIR_C/osdmap.91__0_6416CA2C__none"

Revision history for this message
Nobuto Murata (nobuto) wrote :

I put "/var/lib/ceph/osd/** l," temporarily in /etc/apparmor.d/usr.bin.ceph-osd and rebooted the server. The crash didn't happen so far.

Ante Karamatić (ivoks)
Changed in charm-ceph-osd:
assignee: nobody → Ante Karamatić (ivoks)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-ceph-osd (master)

Fix proposed to branch: master
Review: https://review.openstack.org/451670

Changed in charm-ceph-osd:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ceph-osd (master)

Reviewed: https://review.openstack.org/451670
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-osd/commit/?id=8fdffe7baccc301bc2db2e00584afb08d9c46b87
Submitter: Jenkins
Branch: master

commit 8fdffe7baccc301bc2db2e00584afb08d9c46b87
Author: Ante Karamatic <email address hidden>
Date: Thu Mar 30 14:40:26 2017 +0800

    Allow ceph-osd to create temporary links within OSD's filesystem

    AppArmor profile prevents link operation within /var/lib/ceph/osd/*.
    This leads to daemon coredump. This patch ensures ceph-osd
    is able to create links.

    Change-Id: Ia03baac0fec7f134f53254b18e5498a87656817f
    Closes-Bug: #1677470

Changed in charm-ceph-osd:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-ceph-osd (stable/17.02)

Fix proposed to branch: stable/17.02
Review: https://review.openstack.org/451880

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ceph-osd (stable/17.02)

Reviewed: https://review.openstack.org/451880
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-osd/commit/?id=9c869543ec63288b5b9d09768e1cb9040f066556
Submitter: Jenkins
Branch: stable/17.02

commit 9c869543ec63288b5b9d09768e1cb9040f066556
Author: Ante Karamatic <email address hidden>
Date: Thu Mar 30 14:40:26 2017 +0800

    Allow ceph-osd to create temporary links within OSD's filesystem

    AppArmor profile prevents link operation within /var/lib/ceph/osd/*.
    This leads to daemon coredump. This patch ensures ceph-osd
    is able to create links.

    Change-Id: Ia03baac0fec7f134f53254b18e5498a87656817f
    Closes-Bug: #1677470

Ante Karamatić (ivoks)
tags: added: stable-backport
James Page (james-page)
Changed in charm-ceph-osd:
importance: Undecided → High
status: Fix Committed → Fix Released
milestone: none → 17.08
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.