rndc: 'addzone' failed: permission denied
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Designate |
New
|
Undecided
|
Unassigned |
Bug Description
openstack Q
centos7.5
I don't know why I still have permission to create ?u"rndc: 'addzone' failed: permission denied\n".
chown root:named /etc/designate/
chmod +r /etc/designate/
chown -R named:root /var/named/
chown -R named:root /var/run/named/
[root@controller01 ~]# openstack zone create --email <email address hidden> example.com.
+------
| Field | Value |
+------
| action | CREATE |
| attributes | |
| created_at | 2018-08-
| description | None |
| email | <email address hidden> |
| id | 720daa4a-
| masters | |
| name | example.com. |
| pool_id | 794ccc2c-
| project_id | 8f472ac6453e421
| serial | 1535171198 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+------
[root@controller01 ~]# tail -f /var/log/
2018-08-25 12:27:08.919 2894618 INFO designate.
Command: sudo designate-rootwrap /etc/designate/
Exit code: 1
Stdout: u''
Stderr: u"rndc: 'addzone' failed: permission denied\n"
2018-08-25 12:27:08.920 2894618 INFO designate.
Command: sudo designate-rootwrap /etc/designate/
Exit code: 1
Stdout: u''
Stderr: u"rndc: 'addzone' failed: permission denied\n".
[root@controller01 ~]# egrep -v "^#|^$" /etc/designate/
[DEFAULT]
[backend:
[backend:
[backend:
[backend:
[backend:
[coordination]
[cors]
[database]
[handler:
[handler:
[healthcheck]
[heartbeat_emitter]
[keystone_
auth_type = password
username = designate
password = 123456
project_name = service
project_domain_name = Default
user_domain_name = Default
www_authenticat
auth_url = http://
memcached_servers = controller01:
[matchmaker_redis]
[monasca:statsd]
[network_
[oslo_concurrency]
[oslo_messaging
[oslo_messaging
[oslo_messaging
[oslo_messaging
[oslo_messaging
[oslo_middleware]
[oslo_policy]
[pool_manager_
[pool_manager_
[producer_
[producer_
[producer_
[producer_
[producer_
[proxy]
[service:agent]
[service:api]
listen = 51.0.1.201:9001
auth_strategy = keystone
api_base_uri = http://
enable_api_v2 = True
enabled_
[service:central]
[service:mdns]
[service:
[service:producer]
[service:sink]
[service:worker]
enabled = True
notify = True
[service:
[ssl]
[storage:
connection = mysql+pymysql:
May be the reason below:
1.ensure the "allow-new-zones yes;" is included in the "options" section ["/etc/ bind/named. conf.options" in ubuntu; "/etc/named.conf" in centos]
options {
......
allow-new-zones yes;
......
};
2.ensure the "controls" section and the "key include" statement are included in the config file ["/etc/ bind/named. conf.options" in ubuntu; "/etc/named.conf" in centos]
controls section:
controls {
inet * port 953
allow { any; } keys { "designate"; };
};
key include statement:
include "/etc/designate /designate_ rndc.key" ;
3.ensure the BIND9 server can write "master file" or "slave file" into the directory defined in the "options" section ["/etc/ bind/named. conf.options" in ubuntu; "/etc/named.conf" in centos]
options {
......
directory "/var/named";
......
};
I notice that you have done the operation: "chown -R named:root /var/named/"
And even can try this: "chmod 777 -R /var/named/"
4.restart the BIND9 server