Bug 1608273

Summary: TLS-Everywhere - missing folder /var/lib/novajoin
Product: Red Hat OpenStack Reporter: Federico Iezzi <fiezzi>
Component: python-novajoinAssignee: Ade Lee <alee>
Status: CLOSED ERRATA QA Contact: Pavan <pkesavar>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: alee, ebarrera, ggrasza, hrybacki, jagee, jjoyce, josorior, jschluet, mbooth, nkinder, nlevinki, owalsh, rcritten, rmascena, shdunne, slinaber, tvignaud
Target Milestone: z7Keywords: Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-novajoin-1.1.1-2.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1683302 (view as bug list) Environment:
Last Closed: 2019-07-10 13:00:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Federico Iezzi 2018-07-25 08:49:57 UTC
Description of problem:

Installing undercloud and enabling novajoin, puppet forgets to create main lib novajoin folder at /var/lib/novajoin/

The results is that both novajoin-notify and novajoin-server have errors during startup.

# systemctl restart novajoin-server.service novajoin-notify.service
# systemctl status novajoin-server.service novajoin-notify.service
● novajoin-server.service - OpenStack Nova IPA Join Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:45:59 EDT; 8s ago
 Main PID: 854 (novajoin-server)
    Tasks: 9
   CGroup: /system.slice/novajoin-server.service
           ├─854 /usr/bin/python2 /usr/bin/novajoin-server
           ├─880 /usr/bin/python2 /usr/bin/novajoin-server
           ├─881 /usr/bin/python2 /usr/bin/novajoin-server
           ├─882 /usr/bin/python2 /usr/bin/novajoin-server
           ├─883 /usr/bin/python2 /usr/bin/novajoin-server
           ├─884 /usr/bin/python2 /usr/bin/novajoin-server
           ├─885 /usr/bin/python2 /usr/bin/novajoin-server
           ├─886 /usr/bin/python2 /usr/bin/novajoin-server
           └─887 /usr/bin/python2 /usr/bin/novajoin-server

Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Join Service.
Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Join Service...
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: ERROR: Could not create log_dir u'/var/lib/novajoin/.ipa/log'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/var/lib/novajoin'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: '/var/lib/novajoin'

● novajoin-notify.service - OpenStack Nova IPA Notification Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-notify.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:45:59 EDT; 9s ago
 Main PID: 852 (novajoin-notify)
    Tasks: 2
   CGroup: /system.slice/novajoin-notify.service
           └─852 /usr/bin/python2 /usr/bin/novajoin-notify

Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Notification Service.
Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Notification Service...
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: ERROR: Could not create log_dir u'/var/lib/novajoin/.ipa/log'
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'
Jul 25 04:46:00 undercloud.redhat.local novajoin-notify[852]: ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/var/lib/novajoin'
Jul 25 04:46:00 undercloud.redhat.local novajoin-notify[852]: ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: '/var/lib/novajoin'

Simple workaround
# mkdir /var/lib/novajoin
# chown -R novajoin:novajoin /var/lib/novajoin/

# systemctl status novajoin-server.service novajoin-notify.service 
● novajoin-server.service - OpenStack Nova IPA Join Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:48:52 EDT; 10s ago
[SNIP]

Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Join Service.
Jul 25 04:48:53 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Join Service...
Jul 25 04:48:53 undercloud.redhat.local novajoin-server[1252]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:48:53 undercloud.redhat.local novajoin-server[1252]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'

● novajoin-notify.service - OpenStack Nova IPA Notification Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-notify.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:48:52 EDT; 10s ago
[SNIP]

Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Notification Service.
Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Notification Service...
Jul 25 04:48:53 undercloud.redhat.local novajoin-notify[1250]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:48:53 undercloud.redhat.local novajoin-notify[1250]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'

Comment 1 Juan Antonio Osorio 2018-07-26 12:43:54 UTC
I guess it should be added to the spec file https://github.com/rdo-packages/novajoin-distgit/blob/rpm-master/python-novajoin.spec ; and not done via puppet.

Comment 3 Ade Lee 2018-08-24 20:36:54 UTC
Yes - this is precisely where it should be added.

Reason is --  we write to this directory because we set it as the home directory for the novajoin user -- which we create in the spec file.

So, its incumbent on us to create that directory in the spec file as well.

Comment 4 Ade Lee 2018-08-24 20:47:43 UTC
https://review.rdoproject.org/r/15928

Comment 6 Harry Rybacki 2018-11-02 16:11:19 UTC
Fix merged in RDO. Moving bug to POST.

Comment 40 errata-xmlrpc 2019-07-10 13:00:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1728