Description of problem: After upgrading a RHOS 3 system to RHOS 4, various neutron components will fail with: sudo: sorry, you must have a tty to run sudo Version-Release number of selected component (if applicable): 2013.2-1.el6ost Additional info: This happens because the neutron package installs /etc/sudoers.d/neutron with the following contents: Defaults:neutron !requiretty neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap But installs the neutron user with same UID as the quantum user in /etc/passwd: # egrep 'quantum|neutron' /etc/passwd quantum:x:164:164:OpenStack Quantum Daemons:/var/lib/quantum:/sbin/nologin neutron:x:164:164:OpenStack Quantum Daemons:/var/lib/neutron:/sbin/nologin Since the sudoers configuration is name based, and quantum is earlier in the passwd file, sudo commands get evaluated for the "quantum" user.
Auto adding >= MODIFIED bugs to beta
Version-Release number of selected component (if applicable): ------------------------------------------------------------- Grizzly Puddle: 2013-11-14.2 Havana Puddle: 2013-12-11.1 Results: -------- After the upgrade I created a new instance in a new network with subnet and attach it to a new floating-ip, then checked it's ingress and egress connection. Also I run all of the following commands. All of them worked properly: 400 neutron floatingip-list 422 neutron port-show f69fa3a7-18fd-4826-b8ae-1e3049789ca8 426* neutron port-list > after/port.lis 447 neutron security-group-rule-list 456 neutron net-list > after/net.list 457 neutron subnet-list > after/subnet.list 458 neutron router-list > after/subnet.list 472 for i in `neutron floatingip-show | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron floatingip-show $i ; done > after/floatingip.show 473 for i in `neutron floatingip-list | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron floatingip-show $i ; done > after/floatingip.show 474 for i in `neutron net-list | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron net-show $i ; done > after/net.show 475 for i in `neutron subnet-list | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron subnet-show $i ; done > after/subnet.show 476 for i in `neutron router-list | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron router-show $i ; done > after/router.show 477 for i in `neutron security-group-rule-list | tail -n +4 | head -n -1 | cut -d" " -f2` ; do neutron security-group-rule-show $i ; done > after/security-group-rule.show 506 neutron floatingip-create 507 neutron floatingip-create netExt233VLAN 508 neutron floatingip-create netExt233 518 neutron router-interface-add router01 netInt238VLAN 519 neutron floatingip-list 520 neutron port-list 521 neutron floatingip-associate 0531e9a1-1d60-4b61-9c29-a0f57556fa51 c819d24a-58bb-4c43-8899-4ad18b3b2de9 522 neutron floatingip-list
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html