Ironic

nova/baremetal-compute-ipmi.filters issues

Bug #1248422 reported by Mark McLoughlin on 2013-11-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Fix Released	Low	Dongdong Zhou	Ironic 2014.2 "juno"
	OpenStack Compute (nova)	Opinion	High	Unassigned

Bug Description

From ttx, issues in nova/baremetal-compute-ipmi.filters

* allows ipmitool, but ipmitool isn't called as root
* allows kill, but kill is used against a process which is not run as root

These are the only two filters in the file, so we should be able to just remove the file.

We also need to remove run_as_root from:

            utils.execute('kill', '-TERM', str(console_pid),
                          run_as_root=True,
                          check_exit_code=[0, 99])

Tags:

Revision history for this message

Joe Gordon (jogo) wrote on 2014-07-10:

Since we are in the process of deprecating nova maremetal, we should focus work on ironic instead.

Changed in nova:
status:	Triaged → Opinion

Dmitry Tantsur (divius) on 2014-07-14

Changed in ironic:
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

aeva black (tenbrae) wrote on 2014-07-22:

Confirmed that this also affects Ironic.

etc/ironic/rootwrap.d/ironic-manage-ipmi.filters has duplicated the problems described in this bug report. Neither command appears to need (or even use) root privileges today. This file should be deleted.

Changed in ironic:
milestone:	none → juno-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-23: Fix proposed to ironic (master)

Fix proposed to branch: master
Review: https://review.openstack.org/108913

OpenStack Infra (hudson-openstack) on 2014-07-23

Changed in ironic:
assignee:	nobody → Dongdong Zhou (dzhou121)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-23: Fix merged to ironic (master)

Reviewed: https://review.openstack.org/108913
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=12023ad1a116be4b1b15272b2d43dce3833403a7
Submitter: Jenkins
Branch: master

commit 12023ad1a116be4b1b15272b2d43dce3833403a7
Author: Dongdong Zhou <email address hidden>
Date: Wed Jul 23 08:36:33 2014 +0100

remove ironic-manage-ipmi.filters

the two commands in this file doesn't need to
be executed as root, so this file can be removed

Closes-Bug: #1248422

Change-Id: I8a3b8b221a260a3a04ba8bbea59c60ed2fc1c8f8

Changed in ironic:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-09-04

Changed in ironic:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in ironic:
milestone:	juno-3 → 2014.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.