| 2020-06-26 11:12:43 |
James Page |
bug |
|
|
added bug |
| 2020-06-26 11:12:56 |
James Page |
bug |
|
|
added subscriber Canonical Field Critical |
| 2020-06-26 11:13:03 |
James Page |
nominated for series |
|
Ubuntu Groovy |
|
| 2020-06-26 11:13:03 |
James Page |
bug task added |
|
nova (Ubuntu Groovy) |
|
| 2020-06-26 11:13:03 |
James Page |
nominated for series |
|
Ubuntu Focal |
|
| 2020-06-26 11:13:03 |
James Page |
bug task added |
|
nova (Ubuntu Focal) |
|
| 2020-06-26 11:13:18 |
James Page |
bug task added |
|
cloud-archive |
|
| 2020-06-26 11:13:28 |
James Page |
nominated for series |
|
cloud-archive/ussuri |
|
| 2020-06-26 11:13:28 |
James Page |
bug task added |
|
cloud-archive/ussuri |
|
| 2020-06-26 11:13:28 |
James Page |
nominated for series |
|
cloud-archive/victoria |
|
| 2020-06-26 11:13:28 |
James Page |
bug task added |
|
cloud-archive/victoria |
|
| 2020-06-26 11:13:42 |
James Page |
cloud-archive/victoria: status |
New |
Triaged |
|
| 2020-06-26 11:13:43 |
James Page |
cloud-archive/ussuri: status |
New |
Triaged |
|
| 2020-06-26 11:13:44 |
James Page |
nova (Ubuntu Focal): status |
New |
Triaged |
|
| 2020-06-26 11:13:46 |
James Page |
nova (Ubuntu Groovy): status |
New |
Triaged |
|
| 2020-06-26 11:13:48 |
James Page |
cloud-archive/ussuri: importance |
Undecided |
Critical |
|
| 2020-06-26 11:13:49 |
James Page |
cloud-archive/victoria: importance |
Undecided |
Critical |
|
| 2020-06-26 11:13:52 |
James Page |
nova (Ubuntu Focal): importance |
Undecided |
Critical |
|
| 2020-06-26 11:13:53 |
James Page |
nova (Ubuntu Groovy): importance |
Undecided |
Critical |
|
| 2020-06-26 12:57:29 |
Ryan Beisner |
bug |
|
|
added subscriber Ryan Beisner |
| 2020-06-26 13:07:07 |
James Page |
cloud-archive/ussuri: assignee |
|
James Page (james-page) |
|
| 2020-06-26 13:07:09 |
James Page |
cloud-archive/victoria: assignee |
|
James Page (james-page) |
|
| 2020-06-26 13:07:10 |
James Page |
nova (Ubuntu Focal): assignee |
|
James Page (james-page) |
|
| 2020-06-26 13:07:13 |
James Page |
nova (Ubuntu Groovy): assignee |
|
James Page (james-page) |
|
| 2020-06-29 11:09:35 |
James Page |
description |
bionic or focal with OpenStack Ussuri.
The latest version of the nova package sets permissions on package update for /var/lib/nova:
find /var/lib/nova -exec chown nova:nova "{}" +
find /var/lib/nova -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
However, when managing vm's via libvirt, various ownership changes happen to the underlying disks that mean that nova can no longer access the disk files with 0640 permissions.
The disks (and base image) for a vm are created as nova:nova; libvirt then shifts the ownership to libvirt-qemu:kvm as the vm starts. When the vm is stopped the ownership reverts to root:root.
0640 permissions are maintained - however nova is not part of the root or kvm groups so cannot access the file - which means the instance cannot be restarted.
The following permissions are required for correct operation:
find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" + |
== Impact ==
instances cannot be stopped and then started
== Test Case ==
Deploy OpenStack (using Juju Charms)
Create networking and boot an instance
stop the instance
start the instance
(fails with permissions errors)
== Regression Potential ==
Low - the proposed change opens the permission under /var/lib/nova to allow for the odd ownership changes that happen during instance lifecycle.
== Original Bug Report ==
bionic or focal with OpenStack Ussuri.
The latest version of the nova package sets permissions on package update for /var/lib/nova:
find /var/lib/nova -exec chown nova:nova "{}" +
find /var/lib/nova -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
However, when managing vm's via libvirt, various ownership changes happen to the underlying disks that mean that nova can no longer access the disk files with 0640 permissions.
The disks (and base image) for a vm are created as nova:nova; libvirt then shifts the ownership to libvirt-qemu:kvm as the vm starts. When the vm is stopped the ownership reverts to root:root.
0640 permissions are maintained - however nova is not part of the root or kvm groups so cannot access the file - which means the instance cannot be restarted.
The following permissions are required for correct operation:
find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" + |
|
| 2020-06-29 11:09:43 |
James Page |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-06-29 11:11:43 |
James Page |
nova (Ubuntu Groovy): status |
Triaged |
In Progress |
|
| 2020-06-29 11:11:46 |
James Page |
nova (Ubuntu Focal): status |
Triaged |
In Progress |
|
| 2020-06-29 11:11:48 |
James Page |
cloud-archive/ussuri: status |
Triaged |
In Progress |
|
| 2020-06-29 11:11:51 |
James Page |
cloud-archive/victoria: status |
Triaged |
In Progress |
|
| 2020-06-30 11:57:17 |
Launchpad Janitor |
nova (Ubuntu Groovy): status |
In Progress |
Fix Released |
|
| 2020-07-07 12:26:09 |
Łukasz Zemczak |
nova (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-07-07 12:26:11 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2020-07-07 12:26:15 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-focal |
|
| 2020-07-07 18:41:27 |
James Page |
cloud-archive: status |
In Progress |
Fix Committed |
|
| 2020-07-07 18:41:29 |
James Page |
cloud-archive/ussuri: status |
In Progress |
Fix Committed |
|
| 2020-07-08 19:17:35 |
James Page |
tags |
verification-needed verification-needed-focal |
verification-done verification-done-focal |
|
| 2020-07-13 12:48:59 |
Corey Bryant |
cloud-archive: status |
Fix Committed |
Fix Released |
|
| 2020-07-16 09:03:02 |
Launchpad Janitor |
nova (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-07-16 09:03:10 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-09-16 19:37:46 |
Michael Skalka |
removed subscriber Canonical Field Critical |
|
|
|
| 2020-09-23 23:42:38 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
