tripleo

UIDs of data-owning users might change between deployed images

Bug #1374626 reported by Clint Byrum on 2014-09-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Expired	High	Unassigned

Bug Description

We had a rather confusing situation recently while doing image based updates in Helion:

* Create cloud using image without ceilometer
- time passes
* Create new image _with_ ceilometer

On the controllers, data was stored in /mnt as the UID for _cinder_, let's say 1001.

In the new image, because ceilometer ended up getting created before cinder, it took UID 1001 in the new /etc/passwd. On rebuild/reboot, /mnt/state/var/lib/cinder was owned by 1001, which was ceilometer, but cinder was running as 'cinder' which was now 1002.

So, we must have a static registry of user names to UID's, and a guard against this sort of problem turning up undetected. We will need to backup /etc/passwd to /mnt/state and verify that the new image has the same mappings for all existing users. If not, we should go into a failure state so that an admin can rollback or deploy a new compatible image.

Clint Byrum (clint-fewbar) on 2014-10-07

Changed in tripleo:
assignee:	nobody → Clint Byrum (clint-fewbar)

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2015-02-24:

Image based updates seem less important to us now. It still will be a problem that needs solving, but for now we can side-step it by updating servers in-place.

Also unassigning myself as I won't have time to work on it.

Changed in tripleo:
importance:	Critical → High
assignee:	Clint Byrum (clint-fewbar) → nobody

Revision history for this message

Steven Hardy (shardy) wrote on 2016-04-21: potentially eol bug

This bug was reported against an old version of TripleO, and may no longer be valid.

Since it was reported before the start of the liberty cycle (and our oldest stable
branch is stable/liberty), I'm marking this incomplete.

Please reopen this (change the status from incomplete) if the bug is still valid
on a current supported (stable/liberty, stable/mitaka or trunk) version of TripleO,
thanks!

Changed in tripleo:
status:	Triaged → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-06-21:

[Expired for tripleo because there has been no activity for 60 days.]

Changed in tripleo:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.