OpenStack-Ansible

Multiple runs of repo-build break git repo replication

Bug #1620765 reported by Paulo Matias on 2016-09-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Undecided	Paulo Matias

Bug Description

In repo-build.yml, groups['repo_servers_{{ ansible_architecture }}'][0] is not deterministic. One of the repo servers is chosen at random as the "first one", on which the repo_build role will run.

The /opt/op-clone-script.sh script will thus be run as root on the "first" (chosen at random) repo server. The owner of all files cloned by git will be root.

However, lsyncd connects to remote server (via rsync) by logging as the "{{ repo_build_service_user_name }}" (by default, "nginx") user.

Therefore, if a different server was chosen as the "first" in a previous run of repo_build, rsync will not be able to overwrite its git repository files. The lsyncd log will display errors like:

rsync: mkstemp "/var/www/repo/openstackgit/tempest/tools/.check_logs.py.bXIu9u" failed: Permission denied (13)
rsync: mkstemp "/var/www/repo/openstackgit/tempest/tools/.find_stack_traces.py.CNMVtP" failed: Permission denied (13)
rsync: mkstemp "/var/www/repo/openstackgit/tempest/tools/.generate-tempest-plugins-list.py.nVWmO9" failed: Permission denied (13)
rsync: mkstemp "/var/www/repo/openstackgit/tempest/tools/.generate-tempest-plugins-list.sh.Y7uO8t" failed: Permission denied (13)
rsync: mkstemp "/var/www/repo/openstackgit/tempest/tools/.pretty_tox.sh.LgcgtO" failed: Permission denied (13)

Paulo Matias (paulo-matias) on 2016-09-06

Changed in openstack-ansible:
status:	New → In Progress
assignee:	nobody → Paulo Matias (paulo-matias)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-06: Fix proposed to openstack-ansible-repo_build (master)

Fix proposed to branch: master
Review: https://review.openstack.org/366280

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-14: Fix merged to openstack-ansible-repo_build (master)

Reviewed: https://review.openstack.org/366280
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-repo_build/commit/?id=dec3ab443be95fb3ea7a848b6f3365454fd0427c
Submitter: Jenkins
Branch: master

commit dec3ab443be95fb3ea7a848b6f3365454fd0427c
Author: Paulo Matias <email address hidden>
Date: Tue Sep 6 15:12:19 2016 -0300

Drop privileges before running the git clone script

This causes the git repository files to be owned by the same user
as the one used by lsyncd to connect to the other repo servers.

    Change-Id: I004e3bbef182b4dc6f18df5b9424190288f5e47d
    Closes-Bug: #1620765
    Depends-On: I3d974d578f3e2323415e36c40efa48036b517468

Changed in openstack-ansible:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.