Horizon secret_key_store permissions cause FilePermissionError
Bug #1403917 reported by
Jesse Pretorius
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Critical
|
Matt Thompson | ||
Juno |
Fix Released
|
Critical
|
Darren Birkett |
Bug Description
When the secret key is created in the first Horizon container, the file permissions are not set correctly, resulting in Horizon throwing an exception when you try to access it: FilePermissionE
horizon_
total 12
drwx------ 2 www-data www-data 4096 Dec 18 15:05 .
drwxr-xr-x 31 root root 4096 Dec 17 18:15 ..
-rwx------ 1 www-data www-data 64 Dec 17 18:11 .secret_key_store
The permissions should be 0600.
The error is thrown by /usr/local/
Removing /var/lib/horizon (or the key) and re-running the horizon-all play puts everything there properly.
description: | updated |
description: | updated |
description: | updated |
summary: |
- Apache in Horizon container throws FilePermissionError: + Apache in Horizon container throws FilePermissionError |
summary: |
- Apache in Horizon container throws FilePermissionError + Horizon secret_key_store permissions cause FilePermissionError |
Changed in openstack-ansible: | |
assignee: | Jesse Pretorius (jesse-pretorius) → Matt Thompson (mattt416) |
status: | New → In Progress |
tags: | removed: juno-backport-potential |
Changed in openstack-ansible: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Unable to replicate this on a freshly deployed multi-node cluster:
root@2014121816 51-node1: ~/ansible- lxc-rpc/ rpc_deployment# ansible horizon_all -m shell -a 'ls -al /var/lib/ horizon/ .secret_ key_store' node1_horizon_ container- e4931497 | success | rc=0 >> horizon/ .secret_ key_store
201412181651-
-rw------- 1 www-data www-data 64 Dec 18 17:42 /var/lib/
201412181651- node3_horizon_ container- b45c1eed | FAILED | rc=2 >> horizon/ .secret_ key_store: No such file or directory
ls: cannot access /var/lib/
201412181651- node2_horizon_ container- ee071593 | FAILED | rc=2 >> horizon/ .secret_ key_store: No such file or directory
ls: cannot access /var/lib/
root@2014121816 51-node1: ~/ansible- lxc-rpc/ rpc_deployment#
After using Horizon:
root@2014121816 51-node1: ~/ansible- lxc-rpc/ rpc_deployment# ansible horizon_all -m shell -a 'ls -al /var/lib/ horizon/ .secret_ key_store' node1_horizon_ container- e4931497 | success | rc=0 >> horizon/ .secret_ key_store
201412181651-
-rw------- 1 www-data www-data 64 Dec 18 17:42 /var/lib/
201412181651- node3_horizon_ container- b45c1eed | success | rc=0 >> horizon/ .secret_ key_store
-rw------- 1 www-data www-data 64 Dec 19 03:16 /var/lib/
201412181651- node2_horizon_ container- ee071593 | success | rc=0 >> horizon/ .secret_ key_store
-rw------- 1 www-data www-data 64 Dec 19 09:09 /var/lib/
root@2014121816 51-node1: ~/ansible- lxc-rpc/ rpc_deployment#
I'm wondering if this is specific to the AIO deploy?
--Matt