devstack

devstack-plugin-container fails to set docker group when username and effective group names differ

Bug #1970129 reported by Martin André
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zun
New
Undecided
Unassigned
devstack
Invalid
Undecided
Unassigned

Bug Description

This bug is for devstack-plugin-container [1], apologies if this is the wrong tracker.

devstack-plugin-container wrongfully assumes that the stack user name is also the name of the group under which install the docker daemon. This can cause devstack to install docker in such a way that the stack user does not have permissions to access the docker socket, as seen in [3].

[1] https://opendev.org/openstack/devstack-plugin-container
[2] https://github.com/openstack/devstack-plugin-container/blob/f09c5c9/devstack/lib/docker#L27
[3] https://github.com/gophercloud/gophercloud/pull/2380#issuecomment-1094295137

Revision history for this message
Dr. Jens Harbott (j-harbott) wrote :

The default is fine for most deployments, if you have a different setup, just set DOCKER_GROUP to the correct value in your local.conf.

Also afaict the plugin is part of the zun project.

Changed in devstack:
status: New → Invalid
Revision history for this message
Martin André (mandre) wrote :

> The default is fine for most deployments, if you have a different setup, just set DOCKER_GROUP to the correct value in your local.conf.

Thanks, this is what I did https://github.com/gophercloud/gophercloud/pull/2380/commits/f549d6fa0abc79a73babfff39afa6facd1d7db31 and I confirm this allows to deploy devstack in that environment.

I have also submitted https://review.opendev.org/c/openstack/devstack-plugin-container/+/839135 that should take care of the problem in devstack-plugin-container.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.