/usr/sbin/ietadm is missing in /etc/sudoers.d/nova_sudoers

Bug #861547 reported by Ante Karamatić on 2011-09-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nova (Ubuntu)
High
Ante Karamatić
Oneiric
High
Ante Karamatić

Bug Description

nova user should be able to use /usr/sbin/ietadm with root privileges. This tool is required for management of iSCSI targets, required by nova-volume.

Problem exposes as being unable to create volume. nova-volume logs show:

2011-09-28 14:13:08,615 DEBUG nova.utils [-] Running cmd (subprocess): sudo ietadm --op new --tid=1 --params Name=iqn.2010-10.org.openstack:volume-00000001 from (pid=14671) execute /usr/lib/python2.7/dist-packages/nova/utils.py:165
2011-09-28 14:13:08,635 DEBUG nova.utils [-] Result was 1 from (pid=14671) execute /usr/lib/python2.7/dist-packages/nova/utils.py:180

auth.log:

Sep 28 14:13:08 cloud1 sudo: nova : no tty present and no askpass program specified ; TTY=unknown ; PWD=/run ; USER=root ; COMMAND=/usr/sbin/ietadm --op new --tid=1 --params Name=iqn.2010-10.org.openstack:volume-00000001

Related branches

Changed in nova (Ubuntu):
importance: Undecided → Low
Dave Walker (davewalker) on 2011-09-29
tags: added: server-o-rs
Dave Walker (davewalker) wrote :

Following discussion with Ante, this seems to be a release blocker as volumes cannot be created. Upping to High.

Thanks.

Changed in nova (Ubuntu):
status: New → Confirmed
importance: Low → High
Dave Walker (davewalker) on 2011-09-29
Changed in nova (Ubuntu Oneiric):
milestone: none → ubuntu-11.10
tags: added: rls-mgr-o-tracking
Dave Walker (davewalker) on 2011-09-29
Changed in nova (Ubuntu Oneiric):
status: Confirmed → In Progress
assignee: nobody → Ante Karamatić (ivoks)
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2011.3-0ubuntu4

---------------
nova (2011.3-0ubuntu4) oneiric; urgency=low

  [James Page]
  * debian/nova-common.postinst:
    - Exclude mounted LXC rootfs filesystems within /var/lib/nova from
      user/group ownership changes (LP: #861260).
    - Ensure that primary group for 'nova' user is 'nova' so that files
      created by this user have the correct group ownership.

  [Adam Gandelman]
  * debian/nova-common.postinst: Restrict permissions of /var/log/nova
    (LP: #862816)

  [Ante Karamatic]
  * Add /usr/sbin/ietadm to sudoers (LP: #861547)
  * debian/control: Fix typo in Vcs-Bzr

  [Chuck Short]
  * debian/patches/backport-libvirt-console-pipe.patch:
    Move console.log to a ringbuffer so that the console.log
    keeps filling up. (LP: #832507)
  * debian/patches/backport-lxc-container-console-fix.patch:
    Make euca-get-console-output usable for LXC containers.
    (LP: #832159)
  * debian/patches/backport-snapshot-cleanup.patch:
    Enforce snapshot cleanup. (LP: #861582).
  * debian/patches/fix-lp863305-images-permission.patch:
    Fix image access control. (LP: #863305)
 -- Chuck Short <email address hidden> Fri, 30 Sep 2011 15:21:56 -0400

Changed in nova (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers