Chrony container permission denied in Debian/Ubuntu if chrony installed on host
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Medium
|
Michal Arbet | ||
Stein |
Fix Committed
|
Medium
|
Radosław Piliszek | ||
Train |
Fix Committed
|
Medium
|
Radosław Piliszek | ||
Ussuri |
Fix Committed
|
Medium
|
Radosław Piliszek | ||
Victoria |
Fix Released
|
Medium
|
Michal Arbet |
Bug Description
Hi,
Deploy of chrony container (binary debian ussuri) is broken via kolla-ansible.
Container is still restarting, check below docker logs chrony :
+ sudo -E kolla_set_configs
INFO:__
INFO:__
INFO:__main__:Kolla config strategy set to: COPY_ALWAYS
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
++ cat /run_command
+ CMD='/usr/
+ ARGS=
+ sudo kolla_copy_cacerts
+ [[ ! -n '' ]]
+ . kolla_extend_start
++ rm -f /var/run/
++ CHRONY_
++ [[ ! -d /var/log/
+++ stat -c %a /var/log/
++ [[ 755 != \7\5\5 ]]
+++ stat -c %U:%G /var/log/
++ [[ chrony:kolla != \c\h\r\
++ chown chrony:chrony /var/log/
+ echo 'Running command: '\''/usr/
+ exec /usr/sbin/chronyd -d -f /etc/chrony/
Running command: '/usr/sbin/chronyd -d -f /etc/chrony/
2020-06-
2020-06-
+ sudo -E kolla_set_configs
This could be fixed by permission change from 0600 to 0644 in kolla-ansible, ansible/
Changed in kolla-ansible: | |
assignee: | nobody → Michal Arbet (michalarbet) |
status: | New → In Progress |
Changed in kolla-ansible: | |
assignee: | Michal Arbet (michalarbet) → Radosław Piliszek (yoctozepto) |
summary: |
- Broken chrony container + Chrony container permission denied in Debian/Ubuntu |
Changed in kolla-ansible: | |
importance: | Undecided → Medium |
Changed in kolla-ansible: | |
assignee: | Radosław Piliszek (yoctozepto) → Michal Arbet (michalarbet) |
summary: |
- Chrony container permission denied in Debian/Ubuntu + Chrony container permission denied in Debian/Ubuntu if chrony installed + on host |
Reviewed: https:/ /review. opendev. org/734042 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=3d747b72005 1ed053f2e36b567 9862b92265443b
Committed: https:/
Submitter: Zuul
Branch: master
commit 3d747b720051ed0 53f2e36b5679862 b92265443b
Author: Michal Arbet <email address hidden>
Date: Mon Jun 8 11:12:19 2020 +0200
Remove chrony package if containerized chrony is enabled
This patch is removing chrony package
from docker host when containerized chrony is enabled.
It is also fixing issue with chrony container running
under Ubuntu docker host as noted below.
+ exec /usr/sbin/chronyd -d -f /etc/chrony/ chrony. conf 06-08T08: 19:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG) 06-08T08: 19:09Z Fatal error : Could not open configuration file /etc/chrony/ chrony. conf : Permission denied
2020-
2020-
Added also removal apparmor profile for ubuntu when
containerized chrony is enabled, as chrony's package
is not removing apparmor profile, and therefore
containerized chrony is not working.
Change-Id: Icf3bbae38b9f56 30b69d5c8cf6a8b ee11786a836
Closes-Bug: #1882513