Horizon default config assumes www-data has R/w on /usr/share... directory

Bug #1216019 reported by Ante Karamatić on 2013-08-23
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
horizon (Ubuntu)
High
Unassigned
Saucy
High
Unassigned

Bug Description

/etc/openstack-dashboard/local_settings.py defines Horizon's SECRET_KEY as:

SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))

since LOCAL_PATH is '/usr/share/openstack-dashboard/openstack_dashboard/local', it tries to write a file in that directory. This results in an error when running Horizon:

...
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/local/local_settings.py", line 92,
 in <module>
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/horizon/utils/secret_key.py", line 55, in generate_or_read_from_file
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] with lock:
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/lockfile.py", line 223, in __enter__
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] self.acquire()
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] File "/usr/lib/python2.7/dist-packages/lockfile.py", line 239, in acquire
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] raise LockFailed("failed to create %s" % self.unique_name)
[Fri Aug 23 12:24:34 2013] [error] [client 192.168.122.1] LockFailed: failed to create /usr/share/openstack-dashboard/openstack_dashboard/local/xyz.MainThread-13731

Workaround is to set fixed SECRET_KEY as:

SECRET_KEY = 'randomchars'

or to define it in a different directory (for example, *unsecure* /tmp):

SECRET_KEY = secret_key.generate_or_read_from_file('/tmp/.secret_key_store')

This problem exists only in Saucy.

Related branches

Ante Karamatić (ivoks) on 2013-08-23
description: updated
Changed in horizon (Ubuntu Saucy):
status: New → Confirmed
James Page (james-page) on 2013-09-03
Changed in horizon (Ubuntu Saucy):
importance: Undecided → High
status: Confirmed → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 1:2013.2~b2-0ubuntu6

---------------
horizon (1:2013.2~b2-0ubuntu6) saucy; urgency=low

  * debian/patches/ubuntu_local_settings.py: Set flexible
    default for ALLOWED_HOSTS that should be changed for production
    deployments (LP: #1214982).
  * Fix (LP: #1216019):
    - debian/openstack-dashboard.{postinst, postrm}: Add/remove horizon
      user. Ensure /etc/openstack-dashbard ownership.
    - debian/openstack-dashboard.conf: Run WSGIDaemonProcess as user
      horizon, set WSGIProcessGroup to horizon.
    - debian/patches/ubuntu_local_settings.py: Generate and load secret
      key from /etc/openstack-dashboard/secret_key.
 -- Adam Gandelman <email address hidden> Fri, 06 Sep 2013 10:33:18 -0700

Changed in horizon (Ubuntu Saucy):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers