Bug 1002187

Summary: quantum user has no write perms on lock dir
Product: Red Hat OpenStack Reporter: Dan Yocum <dyocum>
Component: openstack-neutronAssignee: Jakub Libosvar <jlibosva>
Status: CLOSED ERRATA QA Contact: Ofer Blaut <oblaut>
Severity: high Docs Contact:
Priority: medium    
Version: 3.0CC: breeler, chrisw, hateya, jlibosva, lpeer, mlopes, yeylon
Target Milestone: beta   
Target Release: 4.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously a default path to a directory contained locks that caused packages to fail, if the user did not have write access for that directory. As a result, actions requiring locking failed because of permission issues, and the values had to be manually replaced in config files. Now, the default value for locking utilities was removed and set for iptables manager depending on path for state. As a result locks are stored to the correct location without any permission issues.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-20 00:22:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dan Yocum 2013-08-28 15:11:31 UTC 
Description of problem:
2013-08-28 10:05:20    DEBUG [quantum.agent.linux.utils] Running command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ip', 'netns', 'list']
2013-08-28 10:05:20 CRITICAL [quantum] [Errno 13] Permission denied


This is a known bug - https://bugs.launchpad.net/neutron/+bug/1107950 - the problem is that only half the patches have been applied to RHOS-3 and RDO.  See comments #6 and #7 in launchpad.  

This patch has been applied:

https://github.com/openstack/oslo-incubator/commit/febbd005151e2ade521eed027a7d5372e6e3c0bc

This patch has *NOT* been applied:

https://github.com/openstack/neutron/commit/d5bfd9106148eec91f1109ea7f88b6fb41cd69d5

Since this blocks anyone from using quantum w/o applying the patches, I'd say this is pretty severe.

Version-Release number of selected component (if applicable):

Both in RDO and openstack-quantum-2013.1.2-4.el6ost.noarch


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Ofer Blaut 2013-11-17 13:33:40 UTC 
issue is not seen on RHOS 4.0 openstack-neutron-2013.2-5.el6ost.noarch
Comment 6 errata-xmlrpc 2013-12-20 00:22:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html