Magnum

Magnum Docker Stack error with new Fedora-Atomic version

Bug #1720757 reported by David Girón on 2017-10-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Magnum	New	Undecided	Unassigned

Bug Description

Using Magnum 4.1.3, when I create a new cluster template for Docker, with the latest version of Fedora-Atomic (currently 26), etcd service gives an error:

Oct 02 09:34:38 do-swarm-master.novalocal etcd[2009]: open /etc/docker/server.key: permission denied

The file is generated and exists, but has chmod 600.

When using fedora-atomic-ocata image, this problem does not appear.

The problem is that OpenSSL v1.0.2 uses chmod 644 in server.key, but v1.1.0 uses chmod 600.

Tags:

David Girón (duhow) on 2017-10-02

tags:	added: magnum
tags:	added: etcd fedora-atomic openssl permission
tags:	added: docker

Revision history for this message

yatin (yatinkarel) wrote on 2017-10-02:

I have seen this is in swarm experimental jobs as well: http://logs.openstack.org/76/508676/13/experimental/magnum-functional-swarm/39469ee/logs/cluster-nodes/master-test-172.24.5.12/etcd.txt.gz#_Oct_02_06_46_07

Revision history for this message

David Girón (duhow) wrote on 2017-10-10:

Fixed by editing fragments/make-cert.py , function write_server_key() , adding the next line:

os.chmod(SERVER_KEY_PATH, 0644) # patch for OpenSSL v1.1

Revision history for this message

ByungYeol Woo (wby1089) wrote on 2018-04-21:

I was facing same issue in Magnum 5.0.1 with Fedora-Atomic 26 1030.

After changing make-cert.py according to David's advice, etcd works well.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.