::proxy::ceilometer is broken due to permission issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-swift |
Fix Released
|
Critical
|
Unassigned |
Bug Description
When using the ceilometer middleware, swift needs access to:
/var/log/
- /var/log/ceilometer is 750, ceilometer:adm
- /var/log/
/etc/ceilometer
- /etc/ceilometer is 750, ceilometer:
- /etc/ceilometer
Adding swift to the ceilometer group does not work for ceilometer.conf because of the related bugs:
https:/
https:/
We need to find a good compromise to grant swift access to ceilometer.conf.
For the logs, there are several options - I think the cleanest would be to change the default logging for swift from /dev/log (syslog) to /var/log/swift and move the ceilometer logs to /var/log/swift.
Changed in puppet-swift: | |
status: | New → Fix Committed |
importance: | Undecided → Critical |
Changed in puppet-swift: | |
milestone: | none → 6.0.0 |
Changed in puppet-swift: | |
status: | Fix Committed → Fix Released |
FYI This is more complex than I initially thought since puppet-ceilometer enforces folder permissions on /etc/ceilometer and /etc/ceilometer /ceilometer. conf - patching swift:: proxy:: ceilometer to enforce permission on these would only result in modules fighting each other.
I'm looking at pushing a patch in swift at this time.