Bug 1044155

Summary: openstack-db command is too aggressive about redirecting stderr
Product: [Community] RDO Reporter: Lars Kellogg-Stedman <lars>
Component: openstack-utilsAssignee: Pádraig Brady <pbrady>
Status: CLOSED CURRENTRELEASE QA Contact: Ami Jeain <ajeain>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: dron, hateya, pbrady, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-10 17:01:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lars Kellogg-Stedman 2013-12-17 21:31:38 UTC 
Description of problem:

A few people have encountered this problem:

  # openstack-db --service nova --update
  Can't determine the existing sync level.
  Please ensure the database is running and already initialised.

In both cases, it turned out that the root cause was /var/log/nova/nova-manage.log had been created with root ownership, so "nova-manage", when run as the "nova" user, was failing with:

  IOError: [Errno 13] Permission denied: '/var/log/nova/nova-manage.log'

But because openstack-db is hiding this error...

  version=$(db_manage version 2>/dev/null) || return 1

...it leaves the user confused.


Version-Release number of selected component (if applicable):

  openstack-utils-2013.2-2.fc20.noarch

Note that on my system and on rdekel's system, something has created /var/log/nova/nova-manage.log as an empty root-owned file:

  # ls -l /var/log/nova/nova-manage.log 
  -rw-r--r--. 1 root root 0 Dec 11 14:49 /var/log/nova/nova-manage.log

Not sure what is causing this file to get created.
Comment 1 Pádraig Brady 2013-12-18 16:29:32 UTC 
Yes nova-manage should not be run as root.
I'll need to check why I added that redirect, and will adjust.
Comment 2 Lars Kellogg-Stedman 2013-12-19 14:33:08 UTC 
It seems pretty likely that people are going to be regularly running nova-manage as root.  For example, after a packstack install, the keystone credentials are provisioned in /root/keystonerc-admin, so people will typically be operating as root when they first get started.

One of the first things someone might do when diagnosing a problem is to run "nova-manage service list".

In this case, it's not clear what actually happened: everyone who has encountered this particular problem has denied running nova-manage explicitly, and since the log file is zero-length it's not clear how it's getting created.

But yeah, at least presenting the "permission denied" error message to the user would help tremendously.
Comment 3 Pádraig Brady 2014-01-04 03:28:47 UTC 
openstack-db should also attempt to:

test -e /var/log/$APP/$APP-manage.log && chown $APP: /var/log/$APP/$APP-manage.log || :
Comment 4 Pádraig Brady 2014-01-04 03:29:08 UTC 
*** Bug 1048141 has been marked as a duplicate of this bug. ***
Comment 5 Lars Kellogg-Stedman 2014-01-06 18:06:27 UTC 
I've made two changes in https://github.com/redhat-openstack/openstack-utils/pull/8:

- remove the redirect of stderr
- implement the chown in comment 3
Comment 6 Pádraig Brady 2014-01-10 17:01:41 UTC 
This is now fixed in RDO