[SRU] (13)Permission denied: [client 1.2.3.4:60750] AH00035: access to /static/dashboard/img/favicon.ico denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path

Bug #1765191 reported by Felipe Reyes on 2018-04-18
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
High
Unassigned
Ocata
High
Unassigned
Pike
High
Unassigned
Queens
High
Unassigned
horizon (Ubuntu)
Status tracked in Cosmic
Artful
High
Felipe Reyes
Bionic
High
Felipe Reyes
Cosmic
High
Felipe Reyes

Bug Description

[Impact]

When upgrading from mitaka to pike horizon stops working because Apache can't read the static assets anymore

[Wed Apr 04 11:22:37.470451 2018] [core:error] [pid 17924:tid 140071592240896] (13)Permission denied: [client 1.2.3.4:60750] AH00035: access to /static/dashboard/img/favicon.ico denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path

In xenial the home for the horizon user is /usr/share/openstack-dashboard, and /var/lib/openstack-dashboard permissions are changed to 700 to secure the secret_key, while in artful/pike only the secret_key file is set to 700

# ls -ld /var/lib/openstack-dashboard/
drwxr-xr-x 4 horizon horizon 4096 Apr 18 18:49 /var/lib/openstack-dashboard/
# ls -ld /var/lib/openstack-dashboard/secret_key
-rw------- 1 horizon horizon 64 Apr 18 18:47 /var/lib/openstack-dashboard/secret_key
# apt-cache policy openstack-dashboard
openstack-dashboard:
  Installed: 3:12.0.2-0ubuntu1
  Candidate: 3:12.0.2-0ubuntu1
  Version table:
 *** 3:12.0.2-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     3:12.0.0-0ubuntu2.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful/main amd64 Packages

So during the upgrade of the package /var/lib/openstack-dashboard is left to 700

xenial -> debian/openstack-dashboard.postinst
...
if [ -d /var/lib/openstack-dashboard ] ; then
# Generated secret storage for single node use - see local_settings.py
# for more details of SECRET_KEY
chmod 0700 /var/lib/openstack-dashboard
if [ -f /etc/openstack-dashboard/secret_key ]; then
mv /etc/openstack-dashboard/secret_key /var/lib/openstack-dashboard
fi
chown -R horizon:horizon /var/lib/openstack-dashboard
fi
....

artful -> debian/openstack-dashboard.postinst
...
if ! getent passwd horizon > /dev/null 2>&1 ; then
adduser --system --home /var/lib/openstack-dashboard --ingroup horizon \
--no-create-home --shell /bin/false horizon
fi
...

[Test Case]

* deploy openstack
  juju deploy ./xenial-mitaka.yaml # http://paste.ubuntu.com/p/7XtXRvf4cT/

* upgrade openstack-dashboard to ocata, pike or queens
  juju deploy openstack-dashboard openstack-origin="cloud:xenial-ocata" # for -proposed use "cloud:xenial-ocata/proposed"

Expected result:

http://`juju-deployer -f openstack-dashboard`/horizon/auth/login is displayed with all the correct css/js/etc assets

Actual result:

http://`juju-deployer -f openstack-dashboard`/horizon/auth/login cannot load the static assets (javascript/css/etc)

[Regression Potential]

* Users who may have customized /var/lib/openstack-dashboard permissions to comply with some specific security policy will see changes in the permissions when they upgrade, but this is a common situation when packages are upgraded.

[Other Info]
N/A

Felipe Reyes (freyes) wrote :

I think the fix should be that in debian/openstack-dashboard.postinst script for newton, ocata, pike and queens, we should enforce 755 for /var/lib/openstack-dashboard and 700 for /var/lib/openstack-dashboard/secret_key

thoughts?

tags: added: sts
Felipe Reyes (freyes) on 2018-04-18
Changed in horizon (Ubuntu):
assignee: nobody → Felipe Reyes (freyes)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in horizon (Ubuntu):
status: New → Confirmed
Corey Bryant (corey.bryant) wrote :

Hi Felipe,

Thanks for reporting this.

I was able to recreate your scenario and I also attempted a step upgrade from mitaka->newton->ocata, and the upgrade from newton->ocata runs into permissions errors for /var/lib/openstack-dashboard/static as well. https://paste.ubuntu.com/p/4ntKjw3pxN/

I'm not sure why an upgrade would cause these errors vs a fresh install to ocata or pike. I'll dig in some more. The fix may be along the lines of what you suggested, in updating the postinst script with:

sudo chmod -R 755 /var/lib/openstack-dashboard/
sudo chmod 600 /var/lib/openstack-dashboard/secret_key

Corey

Corey Bryant (corey.bryant) wrote :

Note: The switch to storing static assets in /var/lib vs /usr/share occurred in zesty (ocata).

On Tue, Apr 24, 2018 at 08:13:55PM -0000, Corey Bryant wrote:
> Hi Felipe,
>
> Thanks for reporting this.
>
> I was able to recreate your scenario and I also attempted a step upgrade
> from mitaka->newton->ocata, and the upgrade from newton->ocata runs into
> permissions errors for /var/lib/openstack-dashboard/static as well.
> https://paste.ubuntu.com/p/4ntKjw3pxN/
>
> I'm not sure why an upgrade would cause these errors vs a fresh install
> to ocata or pike. I'll dig in some more. The fix may be along the lines
> of what you suggested, in updating the postinst script with:
>
> sudo chmod -R 755 /var/lib/openstack-dashboard/
> sudo chmod 600 /var/lib/openstack-dashboard/secret_key

great, I will prepare the patch/SRU with this.

Great, thanks Felipe. I think we may want to limit this to:

sudo chmod -R 755 /var/lib/openstack-dashboard/static
sudo chmod 600 /var/lib/openstack-dashboard/secret_key

On Wed, Apr 25, 2018 at 05:52:06PM -0000, Corey Bryant wrote:
> Great, thanks Felipe. I think we may want to limit this to:
>
> sudo chmod -R 755 /var/lib/openstack-dashboard/static

I have doubts about making it recursive, I don't have an installation around, but I think 755 only to /var/lib/openstack-dashboard/static should be enough.

Felipe Reyes (freyes) on 2018-04-25
Changed in horizon (Ubuntu Artful):
assignee: nobody → Felipe Reyes (freyes)

I'd prefer non-recursive as well if that fixes it.

Changed in horizon (Ubuntu Artful):
status: New → Triaged
Changed in horizon (Ubuntu Bionic):
status: Confirmed → Triaged
Changed in horizon (Ubuntu Artful):
importance: Undecided → High
Changed in horizon (Ubuntu Bionic):
importance: Undecided → High
Felipe Reyes (freyes) wrote :
Felipe Reyes (freyes) wrote :
Felipe Reyes (freyes) wrote :
Felipe Reyes (freyes) wrote :

Here are the patches, it's pending to add the SRU template.

It wasn't required to change the permissions recursively, the files inside .../openstack-dashboard/static already have the expected permissions to let apache read them.

tags: added: patch
Felipe Reyes (freyes) on 2018-04-26
description: updated
description: updated
summary: - (13)Permission denied: [client 1.2.3.4:60750] AH00035: access to
+ [SRU] (13)Permission denied: [client 1.2.3.4:60750] AH00035: access to
/static/dashboard/img/favicon.ico denied (filesystem path '/var/lib
/openstack-dashboard/static') because search permissions are missing on
a component of the path
Felipe Reyes (freyes) wrote :
Changed in horizon (Ubuntu Cosmic):
assignee: nobody → Felipe Reyes (freyes)
Corey Bryant (corey.bryant) wrote :

Thanks Felipe. I've uploaded new package versions with your patches to all affected releases (note minor change to correct the bug # in d/changelog) where most (except ocata) are awaiting review by the SRU team.

On Thu, May 10, 2018 at 08:26:12PM -0000, Corey Bryant wrote:
> Thanks Felipe. I've uploaded new package versions with your patches to
> all affected releases (note minor change to correct the bug # in
> d/changelog) where most (except ocata) are awaiting review by the SRU
> team.

awesome,thanks for the update.

Hello Felipe, or anyone else affected,

Accepted horizon into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-ocata-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 3:13.0.0-0ubuntu2

---------------
horizon (3:13.0.0-0ubuntu2) cosmic; urgency=medium

  * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
    and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
    (LP: #1765191).

 -- Felipe Reyes <email address hidden> Thu, 10 May 2018 15:43:41 -0300

Changed in horizon (Ubuntu Cosmic):
status: Triaged → Fix Released
Timo Aaltonen (tjaalton) wrote :

Hello Felipe, or anyone else affected,

Accepted horizon into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/3:12.0.2-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in horizon (Ubuntu Artful):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in horizon (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed-bionic
Timo Aaltonen (tjaalton) wrote :

Hello Felipe, or anyone else affected,

Accepted horizon into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/3:13.0.0-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Corey Bryant (corey.bryant) wrote :

Hello Felipe, or anyone else affected,

Accepted horizon into pike-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:pike-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-pike-needed to verification-pike-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-pike-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-pike-needed
Corey Bryant (corey.bryant) wrote :

Hello Felipe, or anyone else affected,

Accepted horizon into queens-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:queens-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-queens-needed to verification-queens-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-queens-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-queens-needed
Changed in cloud-archive:
status: Triaged → Fix Committed
Felipe Reyes (freyes) wrote :

openstack-dashboard-ubuntu-theme needs to be updated to depend on 3:13.0.0-0ubuntu1, I wonder if we could relax this dependency a bit, something like:

Depends: openstack-dashboard (>= 3:13.0.0, <= 3:14.0.0)

The problem would be that this kind of change may not be SRUable, and this is a dummy package, so maybe we should just bite the bullet and everytime bump up the version in the openstack-dashboard we need to remember to do update openstack-dashboard-ubuntu-theme as well.

# apt-get install openstack-dashboard openstack-dashboard-ubuntu-theme
Reading package lists... Done
Building dependency tree
Reading state information... Done
openstack-dashboard-ubuntu-theme is already the newest version (3:13.0.0-0ubuntu1).
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 openstack-dashboard-ubuntu-theme : Depends: openstack-dashboard (= 3:13.0.0-0ubuntu1) but 3:13.0.0-0ubuntu1.1 is to be installed
E: Unable to correct problems, you have held broken packages.

Felipe Reyes (freyes) wrote :

I just noticed that openstack-dashboard-ubuntu-theme is a binary package built out from the horizon source package, just like openstack-dashboard, but it comes from universe and universe-proposed was not enabled in this node. so disregard my previous comment.

# apt policy openstack-dashboard-ubuntu-theme
openstack-dashboard-ubuntu-theme:
  Installed: 3:13.0.0-0ubuntu1
  Candidate: 3:13.0.0-0ubuntu1
  Version table:
 *** 3:13.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        100 /var/lib/dpkg/status

Felipe Reyes (freyes) wrote :

Upgrade from xenial-mitaka to bionic-queens, no regressions detected (login works, css/js is loaded, create a router):

# pastebinit /var/log/apt/term.log
http://paste.ubuntu.com/p/SYVDFSD6Gh/
# pastebinit /var/log/apt/history.log
http://paste.ubuntu.com/p/KZPjMzZqf5/
# apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:13.0.0-0ubuntu1.1
  Candidate: 3:13.0.0-0ubuntu1.1
  Version table:
 *** 3:13.0.0-0ubuntu1.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     3:13.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
root@juju-ca618c-xenial-lp1765191-8:~# ls -ld /var/lib/openstack-dashboard/
drwxr-xr-x 4 horizon horizon 4096 May 22 22:26 /var/lib/openstack-dashboard/
root@juju-ca618c-xenial-lp1765191-8:~# ls -l /var/lib/openstack-dashboard/
total 12
-rw------- 1 horizon horizon 64 May 22 20:47 secret_key
drwxr-xr-x 2 horizon horizon 4096 Feb 28 19:23 secret-key
drwxr-xr-x 11 horizon horizon 4096 May 22 22:26 static
-rw-r--r-- 1 horizon horizon 0 May 22 20:47 _var_lib_openstack-dashboard_secret_key.lock
root@juju-ca618c-xenial-lp1765191-8:~# ls -l /var/lib/openstack-dashboard/secret-key/
total 0

tags: added: verification-done-bionic
removed: verification-needed-bionic
Felipe Reyes (freyes) wrote :
Download full text (4.1 KiB)

Upgraded successfully from xenial-mitaka to xenial-queens, no regressions detected (login, assets are loaded properly, create a router using the UI works OK).

ubuntu@juju-dbdb77-lp1765191-8:~$ apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:13.0.0-0ubuntu1~cloud0
  Candidate: 3:13.0.0-0ubuntu1~cloud0
  Version table:
 *** 3:13.0.0-0ubuntu1~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens/main amd64 Packages
        100 /var/lib/dpkg/status
     2:9.1.2-0ubuntu5 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     2:9.0.0-0ubuntu2 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo vim /etc/apache2/conf-enabled/openstack-dashboard.conf
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo systemctl restart apache2
ubuntu@juju-dbdb77-lp1765191-8:~$ ls /var/lib/openstack-dashboard/ -ld
drwx------ 4 horizon horizon 4096 May 23 23:30 /var/lib/openstack-dashboard/
ubuntu@juju-dbdb77-lp1765191-8:~$ ls /var/lib/openstack-dashboard/ -l
ls: cannot open directory '/var/lib/openstack-dashboard/': Permission denied
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo ls /var/lib/openstack-dashboard/ -l
total 12
-rw-r--r-- 1 horizon horizon 0 May 23 22:57 _var_lib_openstack-dashboard_secret_key.lock
drwxr-xr-x 2 horizon horizon 4096 Mar 1 02:25 secret-key
-rw------- 1 horizon horizon 64 May 23 22:57 secret_key
drwxr-xr-x 11 horizon horizon 4096 May 23 23:30 static
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo add-apt-repository cloud-archive:queens-proposed
 Ubuntu Cloud Archive for OpenStack Queens [proposed]
 More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
Press [ENTER] to continue or ctrl-c to cancel adding it

Reading package lists...
Building dependency tree...
Reading state information...
ubuntu-cloud-keyring is already the newest version (2012.08.14).
The following packages were automatically installed and are no longer required:
  libboost-iostreams1.58.0 libboost-random1.58.0 libboost-system1.58.0 libboost-thread1.58.0 python-httplib2 python-ndg-httpsclient python-openstackclient python-pyasn1
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo apt update
...
ubuntu@juju-dbdb77-lp1765191-8:~$ sudo apt-get dist-upgrade
...
Setting up python-django-horizon (3:13.0.0-0ubuntu1.1~cloud1) ...
Setting up openstack-dashboard (3:13.0.0-0ubuntu1.1~cloud1) ...
Collecting and compressing static assets...
apache2_invoke openstack-dashboard.conf: already enabled
Setting up openstack-dashboard-ubuntu-theme (3:13.0.0-0ubuntu1.1~cloud1) ...
ubuntu@juju-dbdb77-lp1765191-8:~$ apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:13.0.0-0ubuntu1.1~cloud1
  Candidate: 3:13.0.0-0ubuntu1.1~cloud1
  Version table:
 *** 3:13.0.0-0ubuntu1.1~cloud1 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens/main amd64 Packages
        100 /var/lib/dpkg/status
     3:13.0.0-0ubuntu1~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens...

Read more...

tags: added: verification-queens-done
removed: verification-queens-needed
Felipe Reyes (freyes) wrote :

Upgraded successfully from xenial-mitaka to artful-pike, no regressions were detected (login, assets are loading, router creation works among other operations).

root@juju-dfc611-artful-8:~# apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:12.0.2-0ubuntu1
  Candidate: 3:12.0.2-0ubuntu1
  Version table:
 *** 3:12.0.2-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     3:12.0.0-0ubuntu2.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful/main amd64 Packages
root@juju-dfc611-artful-8:~# ls -ld /var/lib/openstack-dashboard/
drwx------ 4 horizon horizon 4096 May 24 00:55 /var/lib/openstack-dashboard/
root@juju-dfc611-artful-8:~# ls -l /var/lib/openstack-dashboard/
total 12
-rw------- 1 horizon horizon 64 May 23 23:57 secret_key
drwxr-xr-x 2 horizon horizon 4096 Feb 2 20:24 secret-key
drwxr-xr-x 11 horizon horizon 4096 May 24 00:55 static
-rw-r--r-- 1 horizon horizon 0 May 23 23:57 _var_lib_openstack-dashboard_secret_key.lock
root@juju-dfc611-artful-8:~# vim /etc/apt/sources.list
root@juju-dfc611-artful-8:~# apt-get -qq update
root@juju-dfc611-artful-8:~# apt-get upgrade
...
Setting up openstack-dashboard-ubuntu-theme (3:12.0.2-0ubuntu1.1) ...
Processing triggers for initramfs-tools (0.125ubuntu12.1) ...
update-initramfs: Generating /boot/initrd.img-4.13.0-43-generic
WARNING: Setting CRYPTSETUP in /etc/initramfs-tools/initramfs.conf is deprecated and will stop working in the future. Use /etc/cryptsetup-initramfs/conf-hook instead.
Processing triggers for libc-bin (2.26-0ubuntu2.1) ...
root@juju-dfc611-artful-8:~# apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:12.0.2-0ubuntu1.1
  Candidate: 3:12.0.2-0ubuntu1.1
  Version table:
 *** 3:12.0.2-0ubuntu1.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     3:12.0.2-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages
     3:12.0.0-0ubuntu2.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu artful/main amd64 Packages
root@juju-dfc611-artful-8:~# ls -ld /var/lib/openstack-dashboard/
drwxr-xr-x 4 horizon horizon 4096 May 24 01:27 /var/lib/openstack-dashboard/
root@juju-dfc611-artful-8:~# ls -ld /var/lib/openstack-dashboard/
drwxr-xr-x 4 horizon horizon 4096 May 24 01:27 /var/lib/openstack-dashboard/
root@juju-dfc611-artful-8:~# pastebinit /var/log/apt/history.log
http://paste.ubuntu.com/p/42fdRNjbx5/
root@juju-dfc611-artful-8:~# pastebinit /var/log/apt/term.log
http://paste.ubuntu.com/p/RFvg6G6rzv/

tags: added: verification-done-artful
removed: verification-needed-artful
Felipe Reyes (freyes) wrote :
Download full text (8.8 KiB)

Upgraded successfully from xenial-mitaka to xenial-pike

root@juju-612ca4-pike-8:~# apt policy openstack-dashboard
openstack-dashboard:
  Installed: 2:9.1.2-0ubuntu5
  Candidate: 2:9.1.2-0ubuntu5
  Version table:
 *** 2:9.1.2-0ubuntu5 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:9.0.0-0ubuntu2 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
root@juju-612ca4-pike-8:~# ls -ld /var/lib/openstack-dashboard/
drwx------ 2 horizon horizon 4096 May 24 01:43 /var/lib/openstack-dashboard/
root@juju-612ca4-pike-8:~# ls -l /var/lib/openstack-dashboard/
total 4
-rw------- 1 horizon horizon 64 May 24 01:43 secret_key
-rw-r--r-- 1 horizon horizon 0 May 24 01:43 _var_lib_openstack-dashboard_secret_key.lock
root@juju-612ca4-pike-8:~# add-apt-repository cloud-archive:pike
 Ubuntu Cloud Archive for OpenStack Pike
 More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
Press [ENTER] to continue or ctrl-c to cancel adding it

Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  ubuntu-cloud-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,086 B of archives.
After this operation, 34.8 kB of additional disk space will be used.
Get:1 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/universe amd64 ubuntu-cloud-keyring all 2012.08.14 [5,086 B]
Fetched 5,086 B in 0s (24.7 kB/s)
Selecting previously unselected package ubuntu-cloud-keyring.
(Reading database ... 80958 files and directories currently installed.)
Preparing to unpack .../ubuntu-cloud-keyring_2012.08.14_all.deb ...
Unpacking ubuntu-cloud-keyring (2012.08.14) ...
Setting up ubuntu-cloud-keyring (2012.08.14) ...
Importing ubuntu-cloud.archive.canonical.com keyring
OK
Processing ubuntu-cloud.archive.canonical.com removal keyring
gpg: /etc/apt/trustdb.gpg: trustdb created
OK
root@juju-612ca4-pike-8:~# apt-get -qq update
root@juju-612ca4-pike-8:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
...
Setting up qemu-block-extra:amd64 (1:2.10+dfsg-0ubuntu3.5~cloud0) ...
Setting up qemu-utils (1:2.10+dfsg-0ubuntu3.5~cloud0) ...
Setting up python-mock (2.0.0-3~cloud0) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
root@juju-612ca4-pike-8:~# apt policy openstack-dashboard
openstack-dashboard:
  Installed: 3:12.0.2-0ubuntu1~cloud0
  Candidate: 3:12.0.2-0ubuntu1~cloud0
  Version table:
 *** 3:12.0.2-0ubuntu1~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/pike/main amd64 Packages
        100 /var/lib/dpkg/status
     2:9.1.2-0ubuntu5 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     2:9.0.0-0ubuntu2 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
root@juju-612ca4-pike-8:~# ls -ld /var/lib/openstack-dashboard/
drwx------ 4 horizon horizon 4096 May 24 02:04 /var/lib/openstack-dashboard/
root@juju-612ca4-pike-8:~# ls -l /var/lib/openstack-dashboard/
total 12
-rw------- 1 horizon horizon 64 May 24 01:...

Read more...

tags: added: verification-pike-done
removed: verification-pike-needed
Felipe Reyes (freyes) wrote :
Download full text (3.6 KiB)

Upgraded successfully from xenial-mitaka to xenial-ocata, operations work as expected (login, assets loading, networks list, router create, etc)

root@juju-639726-ocata-10:~# add-apt-repository cloud-archive:ocata-proposed
 Ubuntu Cloud Archive for OpenStack Ocata [proposed]
 More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
Press [ENTER] to continue or ctrl-c to cancel adding it

Reading package lists...
Building dependency tree...
Reading state information...
ubuntu-cloud-keyring is already the newest version (2012.08.14).
The following packages were automatically installed and are no longer required:
  python-httplib2 python-ndg-httpsclient python-openstackclient python-openstacksdk
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@juju-639726-ocata-10:~# apt-get -qq update
root@juju-639726-ocata-10:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  python-httplib2 python-ndg-httpsclient python-openstackclient python-openstacksdk
Use 'apt autoremove' to remove them.
The following packages will be upgraded:
  openstack-dashboard openstack-dashboard-ubuntu-theme python-django-horizon
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 9,948 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/ocata/main amd64 openstack-dashboard all 3:11.0.4-0ubuntu1~cloud2.4 [2,471 kB]
Get:2 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/ocata/main amd64 openstack-dashboard-ubuntu-theme all 3:11.0.4-0ubuntu1~cloud2.4 [1,844 B]
Get:3 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/ocata/main amd64 python-django-horizon all 3:11.0.4-0ubuntu1~cloud2.4 [7,476 kB]
Fetched 9,948 kB in 4s (2,186 kB/s)
(Reading database ... 84525 files and directories currently installed.)
Preparing to unpack .../openstack-dashboard_3%3a11.0.4-0ubuntu1~cloud2.4_all.deb ...
Unpacking openstack-dashboard (3:11.0.4-0ubuntu1~cloud2.4) over (3:11.0.4-0ubuntu1~cloud2.3) ...
Preparing to unpack .../openstack-dashboard-ubuntu-theme_3%3a11.0.4-0ubuntu1~cloud2.4_all.deb ...
Unpacking openstack-dashboard-ubuntu-theme (3:11.0.4-0ubuntu1~cloud2.4) over (3:11.0.4-0ubuntu1~cloud2.3) ...
Preparing to unpack .../python-django-horizon_3%3a11.0.4-0ubuntu1~cloud2.4_all.deb ...
Unpacking python-django-horizon (3:11.0.4-0ubuntu1~cloud2.4) over (3:11.0.4-0ubuntu1~cloud2.3) ...
Setting up python-django-horizon (3:11.0.4-0ubuntu1~cloud2.4) ...
Setting up openstack-dashboard (3:11.0.4-0ubuntu1~cloud2.4) ...
Collecting and compressing static assets...
apache2_invoke openstack-dashboard.conf: already enabled
Setting up openstack-dashboard-ubuntu-theme (3:11.0.4-0ubuntu1~cloud2.4) ...
root@juju-639726-ocata-10:~# ls -ld /var/lib/openstack-dashboard/
drwxr-xr-x 4 horizon horizon 4096 May 24 04:01 /var/lib/openstack-dashboard/
root@juju-639726-ocata-10:~# ls -l /var/lib/opensta...

Read more...

tags: added: verification-done verification-ocata-done
removed: verification-needed verification-ocata-needed
Felipe Reyes (freyes) wrote :

All the packages were verified successfully.

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 3:13.0.0-0ubuntu1.1

---------------
horizon (3:13.0.0-0ubuntu1.1) bionic; urgency=medium

  [ Corey Bryant ]
  * d/gbp.conf: Create stable/queens branch.

  [ Felipe Reyes ]
  * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
    and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
    (LP: #1765191).

 -- Corey Bryant <email address hidden> Thu, 26 Apr 2018 13:20:34 -0400

Changed in horizon (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 3:12.0.2-0ubuntu1.1

---------------
horizon (3:12.0.2-0ubuntu1.1) artful; urgency=medium

  * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
    and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
    (LP: #1765191).

 -- Felipe Reyes <email address hidden> Thu, 26 Apr 2018 12:47:36 -0300

Changed in horizon (Ubuntu Artful):
status: Fix Committed → Fix Released
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 3:13.0.0-0ubuntu1.1~cloud1
---------------

 horizon (3:13.0.0-0ubuntu1.1~cloud1) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (3:13.0.0-0ubuntu1.1) bionic; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf: Create stable/queens branch.
 .
   [ Felipe Reyes ]
   * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
     and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
     (LP: #1765191).

Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 3:12.0.2-0ubuntu1.1~cloud0
---------------

 horizon (3:12.0.2-0ubuntu1.1~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (3:12.0.2-0ubuntu1.1) artful; urgency=medium
 .
   * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
     and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
     (LP: #1765191).

Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 3:11.0.4-0ubuntu1~cloud2.4
---------------

 horizon (3:11.0.4-0ubuntu1~cloud2.4) xenial-ocata; urgency=medium
 .
   * d/openstack-dashboard.postinst: Make sure that /var/lib/openstack-dashboard/
     and /var/lib/openstack-dashboard/secret_key have the appropriate permissions
     (LP: #1765191).

Changed in cloud-archive:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers