Bug 1860494

Summary: agent.{kernel,ramdisk} have incorrect permissions
Product: Red Hat OpenStack Reporter: Kevin Carter <kecarter>
Component: openstack-ironicAssignee: RHOS Maint <rhos-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Alistair Tonner <atonner>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 16.0 (Train)CC: bfournie, dtantsur, mburns, rpittau, sbaker
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-24 17:47:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin Carter 2020-07-24 18:59:02 UTC 
Description of problem:

Upon ironic image upload the permissions of the agent.kernel and agent.ramdisk are too restrictive, which creates a situation where it's impossible to introspect and provision new hosts. To resolve the issue, the permissions were set to 0644 on all files within the "/var/lib/ironic/httpboot" directory.

Version-Release number of selected component (if applicable):

$ cat /etc/rhosp-release
Red Hat OpenStack Platform release 16.0.2 (Train)

How reproducible: 100%


Steps to Reproduce:
1. Deploy an undercloud.
2. Upload new images.



Actual results:
$ ls -al /var/lib/ironic/httpboot/
total 534660
drwxr-xr-x. 2 42422 42422        86 Jul 24 18:00 .
drwxr-xr-x. 4 42422 42422        38 Jul 24 16:48 ..
-rwx------. 1 root  root    8115040 Jul 24 18:00 agent.kernel
-rw-------. 1 root  root  539362045 Jul 24 18:00 agent.ramdisk
-rw-r--r--. 1 42422 42422       758 Jul 24 17:37 boot.ipxe
-rw-r--r--. 1 42422 42422       473 Jul 24 17:10 inspector.ipxe

Expected results:
$ ls -al /var/lib/ironic/httpboot/
total 534660
drwxr-xr-x. 2 42422 42422        86 Jul 24 18:00 .
drwxr-xr-x. 4 42422 42422        38 Jul 24 16:48 ..
-rw-r--r--. 1 42422 42422   8115040 Jul 24 18:00 agent.kernel
-rw-r--r--. 1 42422 42422 539362045 Jul 24 18:00 agent.ramdisk
-rw-r--r--. 1 42422 42422       758 Jul 24 17:37 boot.ipxe
-rw-r--r--. 1 42422 42422       473 Jul 24 17:10 inspector.ipxe

Additional info:

Once the permissions were correct introspection and provisioning had no further issues.

Deployed using `rhos-release 16`.
Comment 1 Kevin Carter 2020-07-24 20:34:16 UTC 
I saw this same issue on 16.1 as well

$ cat /etc/rhosp-release
Red Hat OpenStack Platform release 16.1.0 GA (Train)

$ ls -al /var/lib/ironic/httpboot/
total 558004
drwxr-xr-x. 2 42422 42422        86 Jul 24 20:19 .
drwxr-xr-x. 4 42422 42422        38 Jul 24 19:40 ..
-rwx------. 1 root  root    8917856 Jul 24 20:19 agent.kernel
-rw-------. 1 root  root  562464013 Jul 24 20:19 agent.ramdisk
-rw-r--r--. 1 42422 42422       758 Jul 24 20:10 boot.ipxe
-rw-r--r--. 1 42422 42422       473 Jul 24 19:55 inspector.ipxe
Comment 2 Bob Fournier 2020-07-27 00:36:08 UTC 
Hi Kevin,

Can we get the command that you used to add the images?  I'm seeing the permissions OK on my setup (I'm using the RC build but don't expect any differences there):
$ ls -al /var/lib/ironic/httpboot/
total 558008
drwxr-xr-x. 3 42422 42422       106 Jul 23 14:55 .
drwxr-xr-x. 6 42422 42422        94 Jul  7 09:49 ..
-rwxr-xr-x. 1 root  root    8917856 Jun 30 09:06 agent.kernel
-rw-r--r--. 1 root  root  562468770 Jun 30 09:06 agent.ramdisk
-rw-r--r--. 1 42422 42422       758 Jun 30 08:52 boot.ipxe
-rw-r--r--. 1 42422 42422       491 Jun 30 08:44 inspector.ipxe
drwxr-xr-x. 2 42422 42422         6 Jul 23 14:55 pxelinux.cfg

I used this method of adding the images after the undercloud was installed:
$ source stackrc
$ sudo yum install -y rhosp-director-images
$ sudo yum install -y rhosp-director-images-ipa
$ mkdir images
$ cd images/
$ for i in /usr/share/rhosp-director-images/overcloud-full-latest-16.1.tar /usr/share/rhosp-director-images/ironic-python-agent-latest-16.1.tar; do tar -xvf $i; done
$ openstack overcloud image upload --image-path /home/stack/images/
Comment 3 Bob Fournier 2020-08-17 18:27:38 UTC 
Hi Kevin - any update to earlier question?
Comment 4 Bob Fournier 2020-08-24 17:47:52 UTC 
Closing this for now, please reopen with more info.
Comment 5 Red Hat Bugzilla 2023-09-14 06:04:20 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days