OpenStack Compute (nova)

Merge lp:~james-page/nova/fix-lxc-and-primary-group into lp:~ubuntu-server-dev/nova/diablo

  1. fix-lxc-and-primary-group
  2. Merge into diablo
Proposed by James Page on 2011-09-28
Status: Merged
Merged at revision: 216
Proposed branch: lp:~james-page/nova/fix-lxc-and-primary-group
Merge into: lp:~ubuntu-server-dev/nova/diablo
Diff against target: 48 lines (+20/-3)
2 files modified
debian/changelog (+9/-2)
debian/nova-common.postinst (+11/-1)
To merge this branch: bzr merge lp:~james-page/nova/fix-lxc-and-primary-group
Reviewer Review Type Date Requested Status
Ubuntu Server Developers 2011-09-28 Pending
Review via email: mp+77308@code.launchpad.net

Description of the change

Fixup issues with primary group ownership of new files for upgraded nova installations
Ensure that ownership of files in LXC mounted volumes under /var/lib/nova do not get updated to nova:nova

To post a comment you must log in.
Scott Moser (smoser) wrote :

A couple thoughts on this
 - I was initially confused about $(groups | awk '{print 3}) , as '3' seemed strange. groups does seem to output the primary group of a user as the first field, but I think that 'id -gn <user>' more explicitly requests that. I will admit to wishing the documentation for 'id' said "primary group" rather than just "effective group", but I looked at source and it does: 'rgid = egid = pwd->pw_gid;'.
    I know this is nitpick.

 - I'm concerned about the '-mount' argument to 'find'.
   If the user has done something like:
   mount --bind /some/large/filesystem /var/lib/nova/instances
   or even:
   mount /dev/sdb1 /var/lib/nova/instances

   I think that we'd avoid changing ownership of those files. I don't know how serious this is.
   One quick fix I had would be to do this:
   # change ownership of files under /var/lib/nova/ except rootfs (LP: #861260)
   find /var/lib/nova/ -name 'rootfs' -prune -o -exec chown nova:nova {} \;

lp:~james-page/nova/fix-lxc-and-primary-group updated on 2011-09-28
210. By James Page on 2011-09-28

Exclude mounted LXC rootfs filesystems within /var/lib/nova from
user/group ownership changes (LP: #861260).

211. By James Page on 2011-09-28

tabs to spaces

Scott Moser (smoser) wrote :

For reference, James and I had a long-ish conversation in ubuntu-server over this. It begins around 13:08.
http://irclogs.ubuntu.com/2011/09/28/%23ubuntu-server.html#t13:08

Dave Walker (davewalker) wrote :

smoser / james: Did this progress?

Thanks

Chuck Short (zulcss) wrote :

Any update on this?

lp:~james-page/nova/fix-lxc-and-primary-group updated on 2011-09-29
212. By James Page on 2011-09-29

Updated to only run /var/lib/nova chown pre 0ubuntu4

213. By James Page on 2011-09-29

[James Page]
[Ante Karamatic]
* Add /usr/sbin/ietadm to sudoers (LP: #861547)
* debian/control: Fix typo in Vcs-Bzr
[Chuck Short]
* debian/patches/backport-libvirt-console-pipe.patch:
  Move console.log to a ringbuffer so that the console.log
  keeps filling up. (LP: #832507)
* debian/patches/backport-lxc-container-console-fix.patch:
  Make euca-get-console-output usable for LXC containers.
  (LP: #832159)
* debian/patches/backport-snapshot-cleanup.patch:

214. By James Page on 2011-09-29

Added quote to ensure works OK on first install

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2011-09-29 18:57:57 +0000
3+++ debian/changelog 2011-09-29 20:55:27 +0000
4@@ -1,4 +1,11 @@
5-nova (2011.3-0ubuntu4) UNRELEASED; urgency=low
6+nova (2011.3-0ubuntu4) oneiric; urgency=low
7+
8+ [James Page]
9+ * debian/nova-common.postinst:
10+ - Exclude mounted LXC rootfs filesystems within /var/lib/nova from
11+ user/group ownership changes (LP: #861260).
12+ - Ensure that primary group for 'nova' user is 'nova' so that files
13+ created by this user have the correct group ownership.
14
15 [Ante Karamatic]
16 * Add /usr/sbin/ietadm to sudoers (LP: #861547)
17@@ -13,7 +20,7 @@
18 (LP: #832159)
19 * debian/patches/backport-snapshot-cleanup.patch:
20
21- -- Chuck Short <zulcss@ubuntu.com> Thu, 29 Sep 2011 13:00:07 -0400
22+ -- James Page <james.page@ubuntu.com> Thu, 29 Sep 2011 21:48:44 +0100
23
24 nova (2011.3-0ubuntu3) oneiric; urgency=low
25
26
27=== modified file 'debian/nova-common.postinst'
28--- debian/nova-common.postinst 2011-09-27 01:38:20 +0000
29+++ debian/nova-common.postinst 2011-09-29 20:55:27 +0000
30@@ -7,7 +7,17 @@
31 if ! getent passwd nova > /dev/null 2>&1; then
32 adduser --system --home /var/lib/nova --ingroup nova --no-create-home --shell /bin/bash nova
33 fi
34- chown -R nova:nova /var/lib/nova/ /var/log/nova/ /etc/nova/nova.conf
35+ if [ "$(id -gn nova)" = "nogroup" ]; then
36+ usermod -g nova nova
37+ fi
38+ chown -R nova:nova /var/log/nova/ /etc/nova/nova.conf
39+ if dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then
40+ # Make sure the LXC rootfs mount points are excluded
41+ find /var/lib/nova/ -name 'rootfs' -prune -o \
42+ -group root -a -user nova -exec chown nova:nova {} \;
43+ find /var/lib/nova/ -name 'rootfs' -prune -o \
44+ -group nogroup -a -user nova -exec chown nova:nova {} \;
45+ fi
46 chmod 600 /etc/nova/nova.conf
47 chmod 0440 /etc/sudoers.d/nova_sudoers
48 if ! grep -q sql_connection /etc/nova/nova.conf

Subscribers

People subscribed via source and target branches