Permission denied: '/var/log/nova/nova-manage.log'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-nova |
Fix Released
|
Undecided
|
Oliver Walsh |
Bug Description
The following traceback has been reported multiple times downstream of puppet-nova (here are a few examples).
https:/
https:/
https:/
https:/
Traceback (most recent call last):
File "/bin/nova-manage", line 10, in <module>
sys.
File "/usr/lib/
logging.
File "/usr/lib/
_setup_
File "/usr/lib/
filelog = file_handler(
File "/usr/lib64/
logging.
File "/usr/lib64/
StreamHandl
File "/usr/lib64/
stream = open(self.
IOError: [Errno 13] Permission denied: '/var/log/
When you execute nova-manage commands, oslo logs to the following location (the log file name is dynamically created based on the command name).
/var/
Because puppet-nova is executing these commands as root, nova-manage.log is owned by root:root, preventing the 'nova-manage db archive_
$ sudo crontab -u nova -l
PATH=
1 0 * * * nova-manage db archive_
This log file is also an outlier, as all other log files in /var/log/nova/ are owned by nova:nova. For example:
$ sudo ls -la /var/log/nova/
total 102700
drwxr-x---. 2 nova root 252 Mar 3 03:25 .
drwxr-xr-x. 40 root root 4096 Mar 2 02:58 ..
-rw-r--r--. 1 nova nova 49046149 Mar 3 20:21 nova-api.log
-rw-r--r--. 1 nova nova 3419964 Mar 3 03:25 nova-api.
-rw-r--r--. 1 nova nova 178353 Mar 2 03:07 nova-cert.log
-rw-r--r--. 1 nova nova 25453688 Mar 3 20:21 nova-compute.log
-rw-r--r--. 1 nova nova 2528760 Mar 3 03:25 nova-compute.
-rw-r--r--. 1 nova nova 14367109 Mar 3 20:21 nova-conductor.log
-rw-r--r--. 1 nova nova 1806036 Mar 3 03:25 nova-conductor.
-rw-r--r--. 1 root root 215298 Mar 2 03:07 nova-manage.log
-rw-r--r--. 1 nova nova 2666163 Mar 3 20:21 nova-scheduler.log
** Heads Up! **
Note that a fix for this bug should consider the upgrades case where that log file is already owned by root:root.
PS. Here's an example of a past workaround:
https:/
Changed in puppet-nova: | |
assignee: | nobody → Diana Clarke (diana-clarke) |
Changed in puppet-nova: | |
assignee: | Maciej Kucia (maciejkucia) → Oliver Walsh (owalsh) |
Here's a work in progress attempt at this bug:
- Run nova-manage commands as the nova user /review. openstack. org/#/c/ 442713/
- https:/
It does not yet address the upgrades case.