Puppet doesn't enforce permissions for $keystone_wsgi_script_path directory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-keystone |
Fix Released
|
Undecided
|
Rafal Szmigiel |
Bug Description
Puppet's manifest puppet-
This has been confirmed when I was working with Red Hat OpenStack Platform 9 including this code:
$ umask
0077
drwx------. 2 keystone 51 Nov 28 05:44 /var/www/
during the deployment with RH OSP director:
Notice: /Stage[
Notice: /Stage[
Notice: /Stage[
Error: Could not prefetch keystone_service provider 'openstack': Could not authenticate
Error: Not managing Keystone_
Error: /Stage[
tone_service[Image Service] due to earlier Keystone API failures.
in /var/log/
[Mon Nov 28 05:46:05.899651 2016] [core:error] [pid 23270] (13)Permission denied: [client 192.168.
one/keystone-
[Mon Nov 28 05:46:20.907486 2016] [core:error] [pid 23264] (13)Permission denied: [client 192.168.
stone-public') because search permissions are missing on a component of the path
[Mon Nov 28 05:46:20.911575 2016] [core:error] [pid 23269] (13)Permission denied: [client 192.168.
one/keystone-
[Mon Nov 28 05:46:35.907123 2016] [core:error] [pid 23270] (13)Permission denied: [client 192.168.
stone-public') because search permissions are missing on a component of the path
Changed in puppet-keystone: | |
assignee: | nobody → Rafal Szmigiel (a-rafal) |
Fix proposed to branch: master /review. openstack. org/403658
Review: https:/