OpenStack Compute (nova)

Merge lp:~james-page/nova/fix-lxc-and-primary-group into lp:~ubuntu-server-dev/nova/diablo

  1. fix-lxc-and-primary-group
  2. Merge into diablo
Proposed by James Page
Status: Merged
Merged at revision: 216
Proposed branch: lp:~james-page/nova/fix-lxc-and-primary-group
Merge into: lp:~ubuntu-server-dev/nova/diablo
Diff against target: 48 lines (+20/-3)
2 files modified
debian/changelog (+9/-2)
debian/nova-common.postinst (+11/-1)
To merge this branch: bzr merge lp:~james-page/nova/fix-lxc-and-primary-group
Reviewer Review Type Date Requested Status
Ubuntu Server Developers Pending
Review via email: mp+77308@code.launchpad.net

Description of the change

Fixup issues with primary group ownership of new files for upgraded nova installations
Ensure that ownership of files in LXC mounted volumes under /var/lib/nova do not get updated to nova:nova

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

A couple thoughts on this
 - I was initially confused about $(groups | awk '{print 3}) , as '3' seemed strange. groups does seem to output the primary group of a user as the first field, but I think that 'id -gn <user>' more explicitly requests that. I will admit to wishing the documentation for 'id' said "primary group" rather than just "effective group", but I looked at source and it does: 'rgid = egid = pwd->pw_gid;'.
    I know this is nitpick.

 - I'm concerned about the '-mount' argument to 'find'.
   If the user has done something like:
   mount --bind /some/large/filesystem /var/lib/nova/instances
   or even:
   mount /dev/sdb1 /var/lib/nova/instances

   I think that we'd avoid changing ownership of those files. I don't know how serious this is.
   One quick fix I had would be to do this:
   # change ownership of files under /var/lib/nova/ except rootfs (LP: #861260)
   find /var/lib/nova/ -name 'rootfs' -prune -o -exec chown nova:nova {} \;

lp:~james-page/nova/fix-lxc-and-primary-group updated
210. By James Page

Exclude mounted LXC rootfs filesystems within /var/lib/nova from
user/group ownership changes (LP: #861260).

211. By James Page

tabs to spaces

Revision history for this message
Scott Moser (smoser) wrote :

For reference, James and I had a long-ish conversation in ubuntu-server over this. It begins around 13:08.
http://irclogs.ubuntu.com/2011/09/28/%23ubuntu-server.html#t13:08

Revision history for this message
Dave Walker (davewalker) wrote :

smoser / james: Did this progress?

Thanks

Revision history for this message
Chuck Short (zulcss) wrote :

Any update on this?

lp:~james-page/nova/fix-lxc-and-primary-group updated
212. By James Page

Updated to only run /var/lib/nova chown pre 0ubuntu4

213. By James Page

[James Page]
[Ante Karamatic]
* Add /usr/sbin/ietadm to sudoers (LP: #861547)
* debian/control: Fix typo in Vcs-Bzr
[Chuck Short]
* debian/patches/backport-libvirt-console-pipe.patch:
  Move console.log to a ringbuffer so that the console.log
  keeps filling up. (LP: #832507)
* debian/patches/backport-lxc-container-console-fix.patch:
  Make euca-get-console-output usable for LXC containers.
  (LP: #832159)
* debian/patches/backport-snapshot-cleanup.patch:

214. By James Page

Added quote to ensure works OK on first install

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2011-09-29 18:57:57 +0000
+++ debian/changelog 2011-09-29 20:55:27 +0000
@@ -1,4 +1,11 @@
1nova (2011.3-0ubuntu4) UNRELEASED; urgency=low1nova (2011.3-0ubuntu4) oneiric; urgency=low
2
3 [James Page]
4 * debian/nova-common.postinst:
5 - Exclude mounted LXC rootfs filesystems within /var/lib/nova from
6 user/group ownership changes (LP: #861260).
7 - Ensure that primary group for 'nova' user is 'nova' so that files
8 created by this user have the correct group ownership.
29
3 [Ante Karamatic]10 [Ante Karamatic]
4 * Add /usr/sbin/ietadm to sudoers (LP: #861547)11 * Add /usr/sbin/ietadm to sudoers (LP: #861547)
@@ -13,7 +20,7 @@
13 (LP: #832159)20 (LP: #832159)
14 * debian/patches/backport-snapshot-cleanup.patch:21 * debian/patches/backport-snapshot-cleanup.patch:
1522
16 -- Chuck Short <zulcss@ubuntu.com> Thu, 29 Sep 2011 13:00:07 -040023 -- James Page <james.page@ubuntu.com> Thu, 29 Sep 2011 21:48:44 +0100
1724
18nova (2011.3-0ubuntu3) oneiric; urgency=low25nova (2011.3-0ubuntu3) oneiric; urgency=low
1926
2027
=== modified file 'debian/nova-common.postinst'
--- debian/nova-common.postinst 2011-09-27 01:38:20 +0000
+++ debian/nova-common.postinst 2011-09-29 20:55:27 +0000
@@ -7,7 +7,17 @@
7 if ! getent passwd nova > /dev/null 2>&1; then7 if ! getent passwd nova > /dev/null 2>&1; then
8 adduser --system --home /var/lib/nova --ingroup nova --no-create-home --shell /bin/bash nova8 adduser --system --home /var/lib/nova --ingroup nova --no-create-home --shell /bin/bash nova
9 fi9 fi
10 chown -R nova:nova /var/lib/nova/ /var/log/nova/ /etc/nova/nova.conf10 if [ "$(id -gn nova)" = "nogroup" ]; then
11 usermod -g nova nova
12 fi
13 chown -R nova:nova /var/log/nova/ /etc/nova/nova.conf
14 if dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then
15 # Make sure the LXC rootfs mount points are excluded
16 find /var/lib/nova/ -name 'rootfs' -prune -o \
17 -group root -a -user nova -exec chown nova:nova {} \;
18 find /var/lib/nova/ -name 'rootfs' -prune -o \
19 -group nogroup -a -user nova -exec chown nova:nova {} \;
20 fi
11 chmod 600 /etc/nova/nova.conf21 chmod 600 /etc/nova/nova.conf
12 chmod 0440 /etc/sudoers.d/nova_sudoers22 chmod 0440 /etc/sudoers.d/nova_sudoers
13 if ! grep -q sql_connection /etc/nova/nova.conf23 if ! grep -q sql_connection /etc/nova/nova.conf

Subscribers

People subscribed via source and target branches