kolla

[ubuntu-binary] swift user not in kolla group

  1. Series train
  2. Bug #1859567
Bug #1859567 reported by Rowan Potgieter
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Invalid
High
Unassigned
Rocky
Invalid
High
Unassigned
Stein
Invalid
High
Unassigned
Train
Invalid
High
Unassigned
Ussuri
Invalid
High
Unassigned

Bug Description

We are currently attempting to deploy stein using kolla-ansible branch stable/stein (sha 741156d2) and kolla docker containers with the following label:

            "Labels": {
                "build-date": "20191119",
                "kolla_version": "8.0.2",
                "maintainer": "Kolla Project (https://launchpad.net/kolla)",
                "name": "swift-object"
            }

As per my comments on https://bugs.launchpad.net/kolla-ansible/+bug/1853708 our swift continers are getting stuck during startup at the point they should be setting the configs

   # docker logs swift_proxy_server
   + sudo -E kolla_set_configs

All the swift containers are stuck at the exact same point and there are no logs in /var/logs/kolla/swift*. Using docker exec I managed to get into the container and ran the entrypoint command `dumb-init --single-child -- kolla-start` which also gets stuck at the same point because sudo is asking for the `swift` user password.

I then had a look at the docker build for the containers and I see the base/sudoers file says

   # The idea here is a container service adds their UID to the kolla group
   # via usermod -a -G kolla <uid>. Then the kolla_start may run
   # kolla_set_configs via sudo as the root user which is necessary to protect
   # the immutability of the container

In all our swift containers the swift user is not in the kolla group, e.g.

   cat /etc/groups | grep kolla
   kolla:x:42400:

A nova based container shows

   cat /etc/group | grep kolla
   kolla:x:42400:nova

I then added the swift user to the kolla group in _all_ the swift containers and after a restart swift applied the configs and started up as expected.

Revision history for this message
Rowan Potgieter (rowan-potgieter) wrote :

I should add that I have now also manually built the swift containers from the master branch of openstack/kolla using this command

   python tools/build.py -b ubuntu swift

I then ran the resultant container:

   docker run --rm -it --entrypoint=/bin/bash kolla/ubuntu-binary-swift-object-expirer:9.1.0

The swift user is still missing from the kolla group:

   $ cat /etc/group | grep kolla
   kolla:x:42400:

Revision history for this message
Radosław Piliszek (yoctozepto) wrote :

Ah, binary. That's the reason. It looks like UCA debs have logic to reset the groups for user to adm.

summary: - swift user not in kolla group
+ [ubuntu-binary] swift user not in kolla group
tags: added: binary sudo swift ubuntu
no longer affects: kolla-ansible
Changed in kolla:
importance: Undecided → High
status: New → Triaged
Revision history for this message
Michal Nasiadka (mnasiadka) wrote :

All of the affected releases are EOL, marking bug as Invalid.

Changed in kolla:
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.