tripleo

cinder, ovn and manila bundles should not run with --user=root

Bug #1781534 reported by Michele Baldessari on 2018-07-13

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	tripleo	In Progress	High	Kamil Sambor	tripleo victoria-3 "tripleo victoria"

Bug Description

This is unnecessary and not best practice. The reason this is the case is that other services (rabbit/galera/etc) drop to a non-root user by themselves, so this was overlooked.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-13: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/582456

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

Michele Baldessari (michele) wrote on 2018-07-13: Re: cinder and manila bundles should not run with --user=root

And https://review.openstack.org/#/c/580127

Michele Baldessari (michele) on 2018-07-13

summary:

- cinder and manila bundles should not run with --user=root
+ cinder, ovn and manila bundles should not run with --user=root

Revision history for this message

Michele Baldessari (michele) wrote on 2018-07-13:

And https://review.openstack.org/#/c/582500

Emilien Macchi (emilienm) on 2018-07-26

Changed in tripleo:
milestone:	rocky-3 → rocky-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-30: Related fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/582500
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=bebc5848da710ce6cfbbd495da47f4d70c3c86b1
Submitter: Zuul
Branch: master

commit bebc5848da710ce6cfbbd495da47f4d70c3c86b1
Author: Numan Siddique <email address hidden>
Date: Fri Jul 13 15:57:34 2018 +0530

Remove setting root user for ovn dbs pacemaker bundle

    This patch removes the option "--user=root" from the docker options.
    Right now the kolla image - ovn-northd which is used for ovn dbs pacemaker
    bundle doesn't set the user 'openvswitch'. So even after this patch
    is merged, the ovn bundle will be started as root user.

This patch is 1st step towards running ovn dbs pacemaker as a non root user.

    It requires changes in
     - in ovn-northd kolla image and
     - in the ovn-dbs.yaml pacemaker service file in T-H-T to give the proper
       permissions to the log and data folders
    to run the ovn pacemaker bundle as a non root user which will be handled
    in follow up patches.

Related-bug: #1781534
Change-Id: I32f37522b012967f12c459cdf4cf14c43c079231

Alex Schultz (alex-schultz) on 2018-08-14

Changed in tripleo:
milestone:	rocky-rc1 → stein-1

Juan Antonio Osorio Robles (juan-osorio-robles) on 2018-10-30

Changed in tripleo:
milestone:	stein-1 → stein-2

Emilien Macchi (emilienm) on 2019-01-13

Changed in tripleo:
milestone:	stein-2 → stein-3

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2019-02-26:

Seems that some services are still missing. Is this still planned work?

Alex Schultz (alex-schultz) on 2019-03-14

Changed in tripleo:
milestone:	stein-3 → stein-rc1

Alex Schultz (alex-schultz) on 2019-04-15

Changed in tripleo:
milestone:	stein-rc1 → train-1

Alex Schultz (alex-schultz) on 2019-06-07

Changed in tripleo:
milestone:	train-1 → train-2

Kamil Sambor (ksambor) on 2019-06-13

Changed in tripleo:
assignee:	Michele Baldessari (michele) → Kamil Sambor (ksambor)

Alex Schultz (alex-schultz) on 2019-07-29

Changed in tripleo:
milestone:	train-2 → train-3

Alex Schultz (alex-schultz) on 2019-09-11

Changed in tripleo:
milestone:	train-3 → ussuri-1

Emilien Macchi (emilienm) on 2019-12-19

Changed in tripleo:
milestone:	ussuri-1 → ussuri-2

wes hayutin (weshayutin) on 2020-02-10

Changed in tripleo:
milestone:	ussuri-2 → ussuri-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-28: Related fix proposed to puppet-tripleo (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.opendev.org/710438

wes hayutin (weshayutin) on 2020-04-13

Changed in tripleo:
milestone:	ussuri-3 → ussuri-rc3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-01: Change abandoned on tripleo-heat-templates (master)

Change abandoned by Michele Baldessari (<email address hidden>) on branch: master
Review: https://review.opendev.org/582456

wes hayutin (weshayutin) on 2020-05-26

Changed in tripleo:
milestone:	ussuri-rc3 → victoria-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-05-27: Change abandoned on puppet-tripleo (stable/queens)

Change abandoned by Flavio Fernandes (<email address hidden>) on branch: stable/queens
Review: https://review.opendev.org/710438
Reason: .

Emilien Macchi (emilienm) on 2020-07-28

Changed in tripleo:
milestone:	victoria-1 → victoria-3

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.