Bug 1006902 - openstack-cinder-volume doesn't use rootwrap to mount NFS share
openstack-cinder-volume doesn't use rootwrap to mount NFS share
Product: RDO
Classification: Community
Component: openstack-cinder (Show other bugs)
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: Eric Harney
Giulio Fidente
Depends On:
  Show dependency treegraph
Reported: 2013-09-11 09:29 EDT by Sandro Mathys
Modified: 2016-04-26 13:06 EDT (History)
2 users (show)

See Also:
Fixed In Version: openstack-cinder-2013.2-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-01-13 13:35:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1223879 None None None Never

  None (edit)
Description Sandro Mathys 2013-09-11 09:29:34 EDT
Description of problem:
In Havana-3, if Cinder is configured with the NfsDriver, openstack-cinder-volume tries to execute mount directly with sudo instead of through the rootwrap.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup OpenStack
2. Configure Cinder to use the NfsDriver
3. Try to create a volume

Actual results:
2013-09-11 14:55:41.919 8586 INFO cinder.volume.manager [-] Updating volume status
2013-09-11 14:55:41.971 8586 WARNING cinder.volume.drivers.nfs [-] Exception during mounting Unexpected error while running command.
Command: sudo mount -t nfs -o rw,sync /etc/cinder/volumes/08624ff4b087fa2469aa49ffe177f16a
Exit code: 1
Stdout: ''
Stderr: 'sudo: no tty present and no askpass program specified\n'

Expected results:
sudo /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf mount <...>

Additional info:
Installed with own Puppet manifests, using the stackforge Puppet modules. There's a hopefully correct "rootwrap_config = /etc/cinder/rootwrap.conf" line in /etc/cinder/cinder.conf and /etc/sudeors.d/cinder reads:
Defaults:cinder !requiretty

cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
Comment 1 Eric Harney 2013-09-11 09:31:30 EDT
Likely introduced by https://review.openstack.org/#/c/43064/ .
Comment 2 Yukihiro KAWADA 2013-09-19 23:55:39 EDT
I fixed like below.

diff -urp -rup cinder-2013.2.b3/cinder/brick/remotefs/remotefs.py cinder-my_2013.2.b3/cinder/brick/remotefs/remotefs.py
--- cinder-2013.2.b3/cinder/brick/remotefs/remotefs.py  2013-09-07 00:39:49.000000000 +0900
+++ cinder-my_2013.2.b3/cinder/brick/remotefs/remotefs.py       2013-09-20 12:24:52.450943786 +0900
@@ -60,7 +60,7 @@ class RemoteFsClient(object):
             self._mount_options = None
             raise exception.ProtocolNotSupported(protocol=mount_type)
-        self.root_helper = root_helper
+        self.root_helper = 'sudo cinder-rootwrap %s' % CONF.rootwrap_config

     def set_execute(self, execute):
Comment 3 Eric Harney 2014-01-13 13:35:39 EST
Fixed in 2013.2 release.

Note You need to log in before you can comment on or make changes to this bug.