Fedora

Devstack create null environment variables when a user no privilege.

Bug #1316326 reported by Sam Su
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
devstack
Invalid
Undecided
Sam Su
Fedora
New
Undecided
Unassigned

Bug Description

Hi,

I am devstack return user and I am trying to run devstack to install a openstack cluster, but failed because null environment variables.

Here is my reproduce steps:

1. download devstack
[root@server175 ~]# git clone https://github.com/openstack-dev/devstack.git
Initialized empty Git repository in /root/devstack/.git/
remote: Reusing existing pack: 17740, done.
remote: Counting objects: 14, done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 17754 (delta 4), reused 1 (delta 0)
Receiving objects: 100% (17754/17754), 4.68 MiB | 1.65 MiB/s, done.
Resolving deltas: 100% (12150/12150), done.

2. Execute devstack in root
[root@server175 ~]# cd devstack && ./stack.sh
You are running this script as root.
Cut it out.
Really.
If you need an account to run DevStack, do this (as root, heh) to create stack:
/root/devstack/tools/create-stack-user.sh

3. Create the 'stack' user
[root@server175 devstack]# /root/devstack/tools/create-stack-user.sh
Giving stack user passwordless sudo privileges

4. check the result after run create-stack-user.sh
[root@server175 devstack]# cat /etc/sudoers.d/50_stack_sh
stack ALL=(ALL) NOPASSWD:ALL

5. Switch to the stack user
[root@server175 devstack]# su stack

6. Execute the ./stack.sh and get the return "no permission", add a small debug code to echo $STACK_USER (here should be "stack" instead of NULL.)
[stack@server175 devstack]$ ./stack.sh
./stack.sh: line 41: /root/devstack/functions: Permission denied
./stack.sh: line 44: /root/devstack/lib/config: Permission denied
./stack.sh: line 49: GetDistro: command not found
rm: cannot remove `/root/devstack/.localrc.auto': Permission denied
./stack.sh: line 98: log_error: command not found
/root/devstack/stackrc
./stack.sh: line 101: /root/devstack/stackrc: Permission denied
./stack.sh: line 108: export_proxy_variables: command not found
./stack.sh: line 126: log_error: command not found
./stack.sh: line 132: log_error: command not found
./stack.sh: line 136: /root/devstack/lib/database: Permission denied
./stack.sh: line 137: /root/devstack/lib/rpc_backend: Permission denied
./stack.sh: line 142: disable_negated_services: command not found
WARNING: this script has not been tested on
./stack.sh: line 149: die: command not found
./stack.sh: line 163: check_rpc_backend: command not found
./stack.sh: line 175: trueorfalse: command not found
./stack.sh: line 195: is_package_installed: command not found
./stack.sh: line 195: install_package: command not found
*********************
STACK_USER =
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 1 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 2 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 3 <<<
sudo: parse error in /etc/sudoers.d/50_stack_sh near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
./stack.sh: line 262: safe_chown: command not found
./stack.sh: line 263: safe_chmod: command not found
./stack.sh: line 266: check_path_perm_sanity: command not found
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 1 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 2 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 3 <<<
sudo: parse error in /etc/sudoers.d/50_stack_sh near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 1 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 2 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 3 <<<
sudo: parse error in /etc/sudoers.d/50_stack_sh near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
./stack.sh: line 278: safe_chown: command not found
./stack.sh: line 287: trueorfalse: command not found
./stack.sh: line 292: trueorfalse: command not found
./stack.sh: line 295: trueorfalse: command not found
./stack.sh: line 305: get_default_host_ip: command not found
./stack.sh: line 307: die: command not found
./stack.sh: line 317: trueorfalse: command not found
./stack.sh: line 325: trueorfalse: command not found
./stack.sh: line 339: /root/devstack/lib/apache: Permission denied
./stack.sh: line 342: /root/devstack/lib/tls: Permission denied
./stack.sh: line 345: /root/devstack/lib/infra: Permission denied
./stack.sh: line 346: /root/devstack/lib/oslo: Permission denied
./stack.sh: line 347: /root/devstack/lib/stackforge: Permission denied
./stack.sh: line 348: /root/devstack/lib/horizon: Permission denied
./stack.sh: line 349: /root/devstack/lib/keystone: Permission denied
./stack.sh: line 350: /root/devstack/lib/glance: Permission denied
./stack.sh: line 351: /root/devstack/lib/nova: Permission denied
./stack.sh: line 352: /root/devstack/lib/cinder: Permission denied
./stack.sh: line 353: /root/devstack/lib/swift: Permission denied
./stack.sh: line 354: /root/devstack/lib/ceilometer: Permission denied
./stack.sh: line 355: /root/devstack/lib/heat: Permission denied
./stack.sh: line 356: /root/devstack/lib/neutron: Permission denied
./stack.sh: line 357: /root/devstack/lib/baremetal: Permission denied
./stack.sh: line 358: /root/devstack/lib/ldap: Permission denied
./stack.sh: line 435: initialize_database_backends: command not found
No database enabled
./stack.sh: line 441: is_service_enabled: command not found
./stack.sh: line 449: is_service_enabled: command not found
./stack.sh: line 475: is_service_enabled: command not found
Installing package prerequisites...done

7. the reason is the stack user cannot list the folder root, however stack.sh should not create any NULL environment variables when failed.
[stack@server175 devstack]$ source /root/devstack/stackrc
bash: /root/devstack/stackrc: Permission denied
[stack@server175 devstack]$

My suggestion is Devstack stack.sh should check the return code to import environments, when failed, stack.sh should exit.

Sam Su (sam-su)
Changed in devstack:
assignee: nobody → Sam Su (sam-su)
Openstack Gerrit (openstack-gerrit)
Changed in devstack:
status: New → In Progress
Revision history for this message
Dean Troyer (dtroyer) wrote :

This looks like the first major issue is that your devstack checkout is in /root.

Getting create-stack-user.sh is a bit of a chicken-and-egg problem, I'd suggest re-cloning the devstack repo after logging in as the 'stack' user in that home directory.

Changed in devstack:
status: In Progress → Invalid
Revision history for this message
Sam Su (sam-su) wrote :

Hi Dean,

Thank you for the comment.
Maybe my description is not clear, let me explain a little bit.
First of all, this is an exception case, as my understanding, if someone runs into the exception, he or she should be able to run again in a correct way without any side effect.
In this bug report, when a user runs devstack without proper permission, the devstack failed. Then we grant proper permissions and run devstack again, it still fails because of the side effect of the first running, which should not happen.

Basically, the bug is about eliminating the side effect of running while lacking proper permissions.

Sam Su (sam-su)
Changed in devstack:
status: Invalid → New
Revision history for this message
Dean Troyer (dtroyer) wrote :

The bug is in your process of attempting to do anything, other than create a stack user, as root. Your initial checkout was as root. Don't do that.

Changed in devstack:
status: New → Invalid
Revision history for this message
Koteswara Rao Kelam (koti-kelam) wrote :

but as Sam Su said, by mistake if we ran into this situation, how do we recover?
i also ran into this situation. I removed devstack and cloned it again as user stack but still i am not able to run stack.sh

console o/p:
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 0 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 1 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 3 <<<
sudo: parse error in /etc/sudoers.d/50_stack_sh near line 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Revision history for this message
Sam Su (sam-su) wrote : RE: [Bug 1316326] Re: Devstack create null environment variables when a user no privilege.
Download full text (7.6 KiB)

Totally agree.

If a user ran into the wrong way, the user should have a chance to go back. If nobody care about the situation, I had a bug fixed for the situation for your reference.

https://review.openstack.org/#/c/92227/

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Koteswara Rao Kelam
Sent: Thursday, September 04, 2014 3:16 PM
To: Sam Su
Subject: [Bug 1316326] Re: Devstack create null environment variables when a user no privilege.

but as Sam Su said, by mistake if we ran into this situation, how do we recover?
i also ran into this situation. I removed devstack and cloned it again as user stack but still i am not able to run stack.sh

console o/p:
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 0 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 1 <<<
sudo: >>> /etc/sudoers.d/50_stack_sh: syntax error near line 3 <<<
sudo: parse error in /etc/sudoers.d/50_stack_sh near line 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

--
You received this bug notification because you are subscribed to the bug report.
https://bugs.launchpad.net/bugs/1316326

Title:
  Devstack create null environment variables when a user no privilege.

Status in devstack - openstack dev environments:
  Invalid

Bug description:
  Hi,

  I am devstack return user and I am trying to run devstack to install a
  openstack cluster, but failed because null environment variables.

  Here is my reproduce steps:

  1. download devstack
  [root@server175 ~]# git clone https://github.com/openstack-dev/devstack.git
  Initialized empty Git repository in /root/devstack/.git/
  remote: Reusing existing pack: 17740, done.
  remote: Counting objects: 14, done.
  remote: Compressing objects: 100% (14/14), done.
  remote: Total 17754 (delta 4), reused 1 (delta 0)
  Receiving objects: 100% (17754/17754), 4.68 MiB | 1.65 MiB/s, done.
  Resolving deltas: 100% (12150/12150), done.

  2. Execute devstack in root
  [root@server175 ~]# cd devstack && ./stack.sh
  You are running this script as root.
  Cut it out.
  Really.
  If you need an account to run DevStack, do this (as root, heh) to create stack:
  /root/devstack/tools/create-stack-user.sh

  3. Create the 'stack' user
  [root@server175 devstack]# /root/devstack/tools/create-stack-user.sh
  Giving stack user passwordless sudo privileges

  4. check the result after run create-stack-user.sh
  [root@server175 devstack]# cat /etc/sudoers.d/50_stack_sh
  stack ALL=(ALL) NOPASSWD:ALL

  5. Switch to the stack user
  [root@server175 devstack]# su stack

  6. Execute the ./stack.sh and get the return "no permission", add a small debug code to echo $STACK_USER (here should be "stack" instead of NULL.)
  [stack@server175 devstack]$ ./stack.sh
  ./stack.sh: line 41: /root/devstack/functions: Permission denied
  ./stack.sh: line 44: /root/devstack/lib/config: Permission denied
  ./stack.sh: line 49: GetDistro: command not found
  rm: cannot remove `/root/devstack/.localrc.auto': Permission denied
  ./stack.sh: line 98: log_error: command not ...

Read more...

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on devstack (master)

Change abandoned by Dean Troyer (<email address hidden>) on branch: master
Review: https://review.openstack.org/92227

Revision history for this message
Ali Jabbar (jabbar-ali) wrote :

Yes this is a bug and it should be rectified by enhancing the steps
  a) First create stack user by copying running the too/create-stack-user.sh or this script should be bring out from the devstack.
  b) Clone from stack user
  c) Then start running the stack.sh script

Trinath Somanchi (trinath-somanchi)
Changed in devstack:
status: Invalid → Confirmed
Revision history for this message
Sean Dague (sdague) wrote :

This devstack bug was last updated over 180 days ago, as devstack
is a fast moving project and we'd like to get the tracker down to
currently actionable bugs, this is getting marked as Invalid. If the
issue still exists, please feel free to reopen it.

Changed in devstack:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.