Ubuntu
horizon package

Horizon default config assumes www-data has R/w on /usr/share... directory

Bug #1216019 reported by Ante Karamatić
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
horizon (Ubuntu)
Fix Released
High
Unassigned
Saucy
Fix Released
High
Unassigned

Bug Description

/etc/openstack-dashboard/local_settings.py defines Horizon's SECRET_KEY as:

SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))

since LOCAL_PATH is '/usr/share/openstack-dashboard/openstack_dashboard/local', it tries to write a file in that directory. This results in an error when running Horizon:

...
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/local/local_settings.py", line 92,
 in <module>
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/horizon/utils/secret_key.py", line 55, in generate_or_read_from_file
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] with lock:
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/lockfile.py", line 223, in __enter__
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] self.acquire()
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/lockfile.py", line 239, in acquire
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] raise LockFailed("failed to create %s" % self.unique_name)
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] LockFailed: failed to create /usr/share/openstack-dashboard/openstack_dashboard/local/xyz.MainThread-13731

Workaround is to set fixed SECRET_KEY as:

SECRET_KEY = 'randomchars'

or to define it in a different directory (for example, *unsecure* /tmp):

SECRET_KEY = secret_key.generate_or_read_from_file('/tmp/.secret_key_store')

This problem exists only in Saucy.

See original description

Related branches

lp:~gandelman-a/ubuntu/saucy/horizon/fixes
Ubuntu Server Developers: Pending requested
Diff: 139 lines (+63/-10)
5 files modified
debian/changelog (+15/-0)
debian/openstack-dashboard.conf (+2/-1)
debian/openstack-dashboard.postinst (+15/-1)
debian/openstack-dashboard.postrm (+9/-0)
debian/patches/ubuntu_local_settings.patch (+22/-8)
lp:ubuntu/saucy-proposed/horizon
Ante Karamatić (ivoks)
description: updated
Adam Gandelman (gandelman-a)
Changed in horizon (Ubuntu Saucy):
status: New → Confirmed
James Page (james-page)
Changed in horizon (Ubuntu Saucy):
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 1:2013.2~b2-0ubuntu6

---------------
horizon (1:2013.2~b2-0ubuntu6) saucy; urgency=low

  * debian/patches/ubuntu_local_settings.py: Set flexible
    default for ALLOWED_HOSTS that should be changed for production
    deployments (LP: #1214982).
  * Fix (LP: #1216019):
    - debian/openstack-dashboard.{postinst, postrm}: Add/remove horizon
      user. Ensure /etc/openstack-dashbard ownership.
    - debian/openstack-dashboard.conf: Run WSGIDaemonProcess as user
      horizon, set WSGIProcessGroup to horizon.
    - debian/patches/ubuntu_local_settings.py: Generate and load secret
      key from /etc/openstack-dashboard/secret_key.
 -- Adam Gandelman <email address hidden> Fri, 06 Sep 2013 10:33:18 -0700

Changed in horizon (Ubuntu Saucy):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.