Red Hat Bugzilla – Bug 1044155
openstack-db command is too aggressive about redirecting stderr
Last modified: 2017-03-09 22:00:35 EST
Description of problem:
A few people have encountered this problem:
# openstack-db --service nova --update
Can't determine the existing sync level.
Please ensure the database is running and already initialised.
In both cases, it turned out that the root cause was /var/log/nova/nova-manage.log had been created with root ownership, so "nova-manage", when run as the "nova" user, was failing with:
IOError: [Errno 13] Permission denied: '/var/log/nova/nova-manage.log'
But because openstack-db is hiding this error...
version=$(db_manage version 2>/dev/null) || return 1
...it leaves the user confused.
Version-Release number of selected component (if applicable):
Note that on my system and on rdekel's system, something has created /var/log/nova/nova-manage.log as an empty root-owned file:
# ls -l /var/log/nova/nova-manage.log
-rw-r--r--. 1 root root 0 Dec 11 14:49 /var/log/nova/nova-manage.log
Not sure what is causing this file to get created.
Yes nova-manage should not be run as root.
I'll need to check why I added that redirect, and will adjust.
It seems pretty likely that people are going to be regularly running nova-manage as root. For example, after a packstack install, the keystone credentials are provisioned in /root/keystonerc-admin, so people will typically be operating as root when they first get started.
One of the first things someone might do when diagnosing a problem is to run "nova-manage service list".
In this case, it's not clear what actually happened: everyone who has encountered this particular problem has denied running nova-manage explicitly, and since the log file is zero-length it's not clear how it's getting created.
But yeah, at least presenting the "permission denied" error message to the user would help tremendously.
openstack-db should also attempt to:
test -e /var/log/$APP/$APP-manage.log && chown $APP: /var/log/$APP/$APP-manage.log || :
*** Bug 1048141 has been marked as a duplicate of this bug. ***
I've made two changes in https://github.com/redhat-openstack/openstack-utils/pull/8:
- remove the redirect of stderr
- implement the chown in comment 3
This is now fixed in RDO