permissions on /var/lib/glance/image* are wrong

Bug #1302044 reported by Chris Ricker
46
This bug affects 8 people
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
High
Unassigned
glance (Ubuntu)
Fix Released
Critical
Chuck Short
Trusty
Fix Released
Critical
Chuck Short

Bug Description

/var/lib/glance/images and /var/lib/glance/image-cache need to be owned glance:glance

The current packaging leaves them as this after the postinst:

ls -l /var/lib/glance/
total 52
-rw-r--r-- 1 glance glance 37888 Apr 3 14:30 glance.sqlite
drwxr-xr-x 5 root root 4096 Apr 3 14:30 image-cache
drwxr-xr-x 2 root root 4096 Apr 3 14:06 images

which causes the glance service to fail when using local filestores:

image-cache error:

2014-04-03 15:30:02.108 27128 ERROR glance.image_cache.drivers.sqlite [-] Failed to initialize the image cache database. Got error: unable to open database file
2014-04-03 15:30:02.109 27128 WARNING glance.image_cache [-] Image cache driver 'glance.image_cache.drivers.sqlite' failed to configure. Got error: 'Driver sqlite could not be configured correctly. Reason: Failed to initialize the image cache database. Got error: unable to open database file
2014-04-03 15:30:02.110 27128 ERROR glance.image_cache.drivers.sqlite [-] Failed to initialize the image cache database. Got error: unable to open database file
2014-04-03 15:30:02.110 27128 CRITICAL glance [-] BadDriverConfiguration: Driver sqlite could not be configured correctly. Reason: Failed to initialize the image cache database. Got error: unable to open database file

api error:

2014-04-03 15:52:07.522 32673 TRACE glance.store.filesystem None
2014-04-03 15:52:07.522 32673 TRACE glance.store.filesystem
2014-04-03 15:52:07.522 32673 WARNING glance.store.base [576d9069-7724-49cf-bb64-c48840a2a6f9 - - - - -] Failed to configure store correctly: Store filesystem could not be configured correctly. Reason: Permission to write in /var/lib/glance/images/ denied Disabling add method.

See also Bug #1214947 -- which introduced this bug by removing recursive chown instead of just restricting the chown to applicable directories

Related branches

Revision history for this message
Chuck Short (zulcss) wrote :

Which version is this with?

Changed in glance (Ubuntu):
status: New → Incomplete
Revision history for this message
Sebastian Herzberg (hrzbrg) wrote :

reproduced with Ubuntu 14.04 and glance-api 2014.1-git201404021010-trusty

2014-04-07 09:26:43.751 10526 ERROR glance.store.filesystem [5c9c2aea-4c58-4131-b7ee-a6621e6dc00e 30f434ac5ed24a109677597062a433a7 ac890be176fa43daa5cfb012327a5cda - - -] Permission to write in /var/lib/glance/images/ denied

Revision history for this message
Chris Ricker (chris-ricker) wrote :

current - as in the daily builds

1:2014.1+git201404021010~trusty-0ubuntu1

Changed in glance (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Thomas Bechtold (toabctl) wrote :
James Page (james-page)
Changed in glance (Ubuntu Trusty):
importance: Undecided → Critical
status: Confirmed → Triaged
assignee: nobody → Chuck Short (zulcss)
James Page (james-page)
Changed in glance (Ubuntu Trusty):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glance - 1:2014.1~rc2-0ubuntu1

---------------
glance (1:2014.1~rc2-0ubuntu1) trusty; urgency=medium

   [ Chuck Short ]
   * New upstream release candidate (LP: #1299055).
   * debian/patches/sql_conn.patch: Refreshed.
   * debian/glance-api.install: Install missing schema.json file.
     (LP: #1307518)

  [ Thomas Bechtold ]
  * debian/glance-common.postinst: Set correct owner/group for /var/lib/glance
    and subdirs only on local filesystems (LP: #1302044).
 -- Chuck Short <email address hidden> Sat, 12 Apr 2014 08:45:20 -0400

Changed in glance (Ubuntu Trusty):
status: In Progress → Fix Released
Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: New → Fix Released
importance: Undecided → Medium
importance: Medium → High
milestone: none → icehouse
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.