1006902 – openstack-cinder-volume doesn't use rootwrap to mount NFS share

RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1006902 - openstack-cinder-volume doesn't use rootwrap to mount NFS share

Summary: openstack-cinder-volume doesn't use rootwrap to mount NFS share

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RDO
Classification:	Community
Component:	openstack-cinder
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Eric Harney
QA Contact:	Giulio Fidente
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-11 13:29 UTC by Sandro Mathys
Modified:	2016-04-26 17:06 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openstack-cinder-2013.2-1.el6
Clone Of:
Environment:
Last Closed:	2014-01-13 18:35:39 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1223879	0	None	None	None	Never

Description Sandro Mathys 2013-09-11 13:29:34 UTC

Description of problem:
In Havana-3, if Cinder is configured with the NfsDriver, openstack-cinder-volume tries to execute mount directly with sudo instead of through the rootwrap.

Version-Release number of selected component (if applicable):
openstack-cinder-2013.2-0.8.b3.el6.noarch

How reproducible:
Unknown.

Steps to Reproduce:
1. Setup OpenStack
2. Configure Cinder to use the NfsDriver
3. Try to create a volume

Actual results:
2013-09-11 14:55:41.919 8586 INFO cinder.volume.manager [-] Updating volume status
2013-09-11 14:55:41.971 8586 WARNING cinder.volume.drivers.nfs [-] Exception during mounting Unexpected error while running command.
Command: sudo mount -t nfs -o rw,sync 192.168.100.30:/nfs/cs2_cinder1 /etc/cinder/volumes/08624ff4b087fa2469aa49ffe177f16a
Exit code: 1
Stdout: ''
Stderr: 'sudo: no tty present and no askpass program specified\n'

Expected results:
sudo /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf mount <...>

Additional info:
Installed with own Puppet manifests, using the stackforge Puppet modules. There's a hopefully correct "rootwrap_config = /etc/cinder/rootwrap.conf" line in /etc/cinder/cinder.conf and /etc/sudeors.d/cinder reads:
Defaults:cinder !requiretty

cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *

Comment 1 Eric Harney 2013-09-11 13:31:30 UTC

Likely introduced by https://review.openstack.org/#/c/43064/ .

Comment 2 Yukihiro KAWADA 2013-09-20 03:55:39 UTC

I fixed like below.

diff -urp -rup cinder-2013.2.b3/cinder/brick/remotefs/remotefs.py cinder-my_2013.2.b3/cinder/brick/remotefs/remotefs.py
--- cinder-2013.2.b3/cinder/brick/remotefs/remotefs.py  2013-09-07 00:39:49.000000000 +0900
+++ cinder-my_2013.2.b3/cinder/brick/remotefs/remotefs.py       2013-09-20 12:24:52.450943786 +0900
@@ -60,7 +60,7 @@ class RemoteFsClient(object):
             self._mount_options = None
         else:
             raise exception.ProtocolNotSupported(protocol=mount_type)
-        self.root_helper = root_helper
+        self.root_helper = 'sudo cinder-rootwrap %s' % CONF.rootwrap_config
         self.set_execute(execute)

     def set_execute(self, execute):

Comment 3 Eric Harney 2014-01-13 18:35:39 UTC

Fixed in 2013.2 release.

Note You need to log in before you can comment on or make changes to this bug.