OpenStack-Ansible

galera role certificate permissions wrong

Bug #1819384 reported by Magnus Bergman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Magnus Bergman

Bug Description

The galera role sets too restrictive permissions on /etc/mysql/ssl and galera-ca.pem preventing /usr/local/bin/clustercheck (running as user nobody) from operating correctly.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-galera_server (master)

Fix proposed to branch: master
Review: https://review.openstack.org/642301

Changed in openstack-ansible:
assignee: nobody → Magnus Bergman (magnusbe)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-galera_server (master)

Reviewed: https://review.openstack.org/642301
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-galera_server/commit/?id=9f147645bbb1e981a0be66af3b81d4b9645052f3
Submitter: Zuul
Branch: master

commit 9f147645bbb1e981a0be66af3b81d4b9645052f3
Author: mb <email address hidden>
Date: Mon Mar 11 00:27:16 2019 +0100

    Fix permissions for galera role ca cert

    Previous permissions prevented clustercheck from accessing the galera ca
    certificate as it's run as user nobody.

    Change-Id: I87e15a0c7b7344014f42cced22ffc1e8d3cee487
    Closes-Bug: #1819384

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server stein-eol

This issue was fixed in the openstack/openstack-ansible-galera_server stein-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server train-eol

This issue was fixed in the openstack/openstack-ansible-galera_server train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server ussuri-eol

This issue was fixed in the openstack/openstack-ansible-galera_server ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server yoga-eom

This issue was fixed in the openstack/openstack-ansible-galera_server yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server victoria-eom

This issue was fixed in the openstack/openstack-ansible-galera_server victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server wallaby-eom

This issue was fixed in the openstack/openstack-ansible-galera_server wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server xena-eom

This issue was fixed in the openstack/openstack-ansible-galera_server xena-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-galera_server zed-eom

This issue was fixed in the openstack/openstack-ansible-galera_server zed-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.