deploy unable to access passwords.yml
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-mesos |
New
|
Undecided
|
Unassigned |
Bug Description
When running deploy, the deploy script tries to copy the passwords.yml file to zookeeper and fails with a not-so-clear message:
$ kolla-mesos-deploy
...
IOError: [Errno 2] No such file or directory: '/home/
Since it couldn't access /etc/kolla/
This is happening because in the oracle kolla configuration, the passwords.yml file is only read/writable by the 'kolla' user.
-rw------- 1 kolla kolla 1327 Oct 28 11:28 passwords.yml
This kolla user is not the user running the deploy command, as a deployer user might not have rights to access those passwords.
In the oracle kollacli, when you run deploy, it sudo's to the kolla user when it runs the ansible-playbook command to deploy. And we add an entry in the sudoers to allow that specific command. We do something similar to allow the cli user to write a key-value into the passwords.yml file (though they cannot see the passwords).
We could do something similar here where the deploy code calls a script as 'kolla' to do the actual copy to zookeeper.
In the meantime, the workaround is to open up the passwords.yml file for wider access.
description: | updated |