Ubuntu
cinder package

chown not in rootwrap when only installing cinder-backup

Bug #1947351 reported by Arif Ali
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cinder (Ubuntu)
New
Undecided
Unassigned
Bionic
New
Undecided
Unassigned

Bug Description

series: bionic
openstack: queens

We have an issue with a user, where the cinder-backup and services are installed, and separated from cinder-volume nodes.

As part of the cinder-backup, it is required to grab iscsi devices, and hence the likes of /dev/sd* would be there to be consumed.

As part of this process we can see that cinder-rootwrap is being run, similar to the command below

sudo cinder-rootwrap /etc/cinder/rootwrap.conf chown 64061 /dev/sda

By default, this then gives permission denied, and does not move forward

We then added the excerpt below following into a new file in /etc/cinder/rootwrap.d/backup.filters, borrowed from /etc/cinder/rootwrap.d/volume.filters (which is typically from cinder-volume package in bionic)

[Filters]
chown: CommandFilter, chown, root

This then moved things along for the user.

After further analysis, we found that post bionic, i.e. cosmic and beyond, the volume.filters file is now located in cinder-common package rather than the cinder-volume

My request is, can we do the same for queens, such that this file is in cinder-common?

Tags: sts
Arif Ali (arif-ali)
tags: added: sts
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.