[Bug 1947351] Re: chown not in rootwrap when only installing cinder-backup
Arif Ali
1947351 at bugs.launchpad.net
Fri Oct 15 10:57:56 UTC 2021
** Tags added: sts
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1947351
Title:
chown not in rootwrap when only installing cinder-backup
Status in cinder package in Ubuntu:
New
Status in cinder source package in Bionic:
New
Bug description:
series: bionic
openstack: queens
We have an issue with a user, where the cinder-backup and services are
installed, and separated from cinder-volume nodes.
As part of the cinder-backup, it is required to grab iscsi devices,
and hence the likes of /dev/sd* would be there to be consumed.
As part of this process we can see that cinder-rootwrap is being run,
similar to the command below
sudo cinder-rootwrap /etc/cinder/rootwrap.conf chown 64061 /dev/sda
By default, this then gives permission denied, and does not move
forward
We then added the excerpt below following into a new file in
/etc/cinder/rootwrap.d/backup.filters, borrowed from
/etc/cinder/rootwrap.d/volume.filters (which is typically from cinder-
volume package in bionic)
[Filters]
chown: CommandFilter, chown, root
This then moved things along for the user.
After further analysis, we found that post bionic, i.e. cosmic and
beyond, the volume.filters file is now located in cinder-common
package rather than the cinder-volume
My request is, can we do the same for queens, such that this file is
in cinder-common?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/1947351/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list