Bug 1249751
| Summary: | centralized logging - fluentd is blocked from accessing Nova compute logs | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Ben England <bengland> | |
| Component: | openstack-nova | Assignee: | Artom Lifshitz <alifshit> | |
| Status: | CLOSED ERRATA | QA Contact: | Gabriel Szasz <gszasz> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.0 (Kilo) | CC: | alifshit, berrange, dasmith, eglynn, gszasz, jharriga, jschluet, jtaleric, kchamart, ndipanov, nlevinki, pbrady, pportant, rbiba, sbauza, sferdjao, sgordon, twilkins, vromanso, yeylon | |
| Target Milestone: | z3 | Keywords: | ZStream | |
| Target Release: | 7.0 (Kilo) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | openstack-nova-2015.1.2-5.el7ost | Doc Type: | Bug Fix | |
| Doc Text: |
The group ownership of the nova log directory has been changed from "root" to "nova", which will allow fluentd to access the logs.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1284659 (view as bug list) | Environment: | ||
| Last Closed: | 2015-12-21 17:05:32 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1284659 | |||
|
Description
Ben England
2015-08-03 17:28:52 UTC
In RHEL OSP 7, problem is fixed for Nova but not for Cinder and some other services. [root@overcloud-compute-0 ~]# ls -ld /var/log/* | grep '^d' | grep root | grep -v 'root root' drwxr-xr-x. 2 ceilometer root 81 Aug 2 03:42 /var/log/ceilometer drwxr-x---. 2 cinder root 6 Jun 23 05:51 /var/log/cinder drwxr-x---. 2 heat root 6 Jun 19 15:10 /var/log/heat drwxr-x---. 2 mongodb root 6 May 6 15:45 /var/log/mongodb Based on the 'Installing the log collection agent on all nodes' section from http://file.bne.redhat.com/~ggillies/optools_doc/ (same link as in Ben's description), the following components may be affected: nova neutron keystone glance cinder I checked the %files section in their respective .spec files (since %files has the final say on permissions, and not %install), and found that only Nova and Cinder have their log directory group-owned by root: ./openstack-keystone/openstack-keystone.spec:%dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone ./openstack-cinder/openstack-cinder.spec:%dir %attr(0750, cinder, root) %{_localstatedir}/log/cinder ./openstack-neutron/openstack-neutron.spec:%dir %attr(0750, %{service}, %{service}) %{_localstatedir}/log/%{service} ./openstack-glance/openstack-glance.spec:%dir %attr(0750, glance, glance) %{_localstatedir}/log/glance ./openstack-nova/openstack-nova.spec:%dir %attr(0750, nova, root) %{_localstatedir}/log/nova Once I have qa_ack I'll push a fix for Nova - in the meantime I'm cloning this to Cinder. Tested against openstack-nova-2015.1.2-7.el7ost ls -ld /var/log/nova drwxr-x---. 2 nova nova 4096 Dec 15 09:25 /var/log/nova The patch was applied and group ownership of the /var/log/nova is fixed and fluentd can now access nova logs. Note that this issue is still not fixed for cinder (see bug 1284659): ls -ld /var/log/* | grep '^d' | grep root | grep -v 'root root' drwxr-xr-x. 2 ceilometer root 4096 Dec 15 09:35 /var/log/ceilometer drwxr-x---. 2 cinder root 98 Dec 15 09:21 /var/log/cinder drwxr-x---. 2 mongodb root 24 Dec 15 09:34 /var/log/mongodb Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2673 |