Ironic

function _ensure_config_dirs_exist in pxe_utils.py create tftpboot/<uuid> dir with wrong permission

Bug #1655568 reported by Hao Li on 2017-01-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Fix Released	Medium	Madhuri Kumari

Bug Description

Same to problem(http://stackoverflow.com/questions/5231901/permission-problems-when-creating-a-dir-with-os-makedirs-python)

ironic master branch code:
def _ensure_config_dirs_exist(node_uuid):
"""Ensure that the node's and PXE configuration directories exist.

:param node_uuid: the UUID of the node.

    """
    root_dir = get_root_dir()
    fileutils.ensure_tree(os.path.join(root_dir, node_uuid))
    fileutils.ensure_tree(os.path.join(root_dir, PXE_CFG_DIR_NAME))

fileutils.ensure_tree(os.path.join(root_dir, node_uuid)), this sentance will make root_dir with 0777 permission, but limit to system umask setting, the permission of root_dir is 0755 or 0750. when the permission is 0750, BM CAN'T get deploy_kernal and ramdisk from tftpserver. so I think, we should change the code, explicitly set permissions.

Tags:

Revision history for this message

Lucas Alvares Gomes (lucasagomes) wrote on 2017-01-17:

Yeah, indeed by default it will be 0777 [0].

I think it's fine to make it 0755 explicit in Ironic, we even do it in DevStack when setting things up [1].

[0] https://github.com/openstack/oslo.utils/blob/master/oslo_utils/fileutils.py#L30
[1] https://github.com/openstack/ironic/blob/b71f9a9cdf350b392117ca645e68ae65f4e60ce9/devstack/lib/ironic#L1447

Lucas Alvares Gomes (lucasagomes) on 2017-01-17

Changed in ironic:
importance:	Undecided → Medium

Madhuri Kumari (madhuri-rai07) on 2017-01-20

Changed in ironic:
assignee:	nobody → Madhuri Kumari (madhuri-rai07)

Dmitry Tantsur (divius) on 2017-01-23

Changed in ironic:
status:	New → Triaged
tags:	added: pxe

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-31: Fix proposed to ironic (master)

Fix proposed to branch: master
Review: https://review.openstack.org/427077

Changed in ironic:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-05-20: Fix merged to ironic (master)

Reviewed: https://review.openstack.org/427077
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=0f7a85e1ecd7b3e7bdbc297f47a498139ed40107
Submitter: Jenkins
Branch: master

commit 0f7a85e1ecd7b3e7bdbc297f47a498139ed40107
Author: Madhuri Kumari <email address hidden>
Date: Tue Jan 31 09:16:25 2017 +0000

Fix directories permission for tftpboot

    Currently method "_ensure_config_dirs_exist" creates tftpboot/<uuid>
    dir with wrong permission. This is due to the system umask setting
    which overrides the default permission of 0777 to 0755 or 0750. When
    the permission is 0750, BM can't get deploy_kernel and ramdisk from
    tftpserver. This may happen only when tftp process is launched from
    other user than root and as result can't read files created by Ironic.

So this patch tries to fix the issue by explicitly changing the
permissions defined in the config option ``[pxe]/dir_permission``.

Change-Id: I3119ec7ae31bf82f716bf082fa4c3296d6aa3587
Closes-bug: #1655568