DescriptionDavid Vallee Delisle
2018-10-05 03:06:36 UTC
+++ This bug was initially created as a clone of Bug #1636290 +++
Description of problem:
A lot of deployments are mounting /tmp with noexec flag for security reasons. Because of this, it's impossible to run any executables in there, which breaks the undercloud install and undercloud upgrade processes as described here [1]
[1] https://access.redhat.com/solutions/3002821
Version-Release number of selected component (if applicable):
All
How reproducible:
All the time
Steps to Reproduce:
[stack@undercloud-0 ~]$ echo "tmpfs /tmp tmpfs mode=1777,nosuid,nodev,noexec 0 0" | sudo tee -a /etc/fstab
[stack@undercloud-0 ~]$ sudo mount /tmp
[stack@undercloud-0 ~]$ sudo systemctl stop 'openstack-*' 'neutron-*' httpd
[stack@undercloud-0 ~]$ sudo yum update python-tripleoclient
[stack@undercloud-0 ~]$ openstack undercloud (upgrade or install)
Actual results:
instack uses tempfile.mkdtemp() without any argument to create a temporary folder to store scripts that are going to be run by dib-run-parts. When dib-run-parts starts, it runs a find /tmp/path/to/scripts -executable which returns nothing and it quits.
Expected results:
instack should use a different prefix.
Additional info:
in instack/main.py, we already use ~stack/.instack/ to store the logs. It might be a good candidate to store the temp folders, for example: ~stack/.instack/tmp/
Comment 10Artem Hrechanychenko
2018-11-19 15:20:46 UTC
Created attachment 1507299[details]
instack logs
instack logs for different cases
install undercloud
change fstab and re-install undercloud
change fstab and re-install undercloud from scratch