Hide Forgot
Description of problem: In an environment that uses managed /etc/sudoers file that does not contain the statement"#includedir /etc/sudoers.d" then several OpenStack services that have custom sudo rules will fail as those files will not be read. Version-Release number of selected component (if applicable): openstack-packstack-2013.2.1-0.11.dev847.el6ost.noarch How reproducible: Everytime with this version Steps to Reproduce: 1. Remove the "#includedir /etc/sudoers.d" statement from /etc/sudoers 2. Install OpenStack via PackStack 3. Attempt to use cinder, neutron, or nova Actual results: From the /var/log/neutron/openvswitch-agent.log Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'patch-int', 'ofport'] Stderr: 'sudo: no tty present and no askpass program specified\n' Expected results: PackStack (or whatever installer is used) should check /etc/sudoers for the presence of: #includedir /etc/sudoers.d An appropriate action should be taken if it is not present, halting or at least displaying a warning at the end of PackStack to warn the user.
Errors from cinder: 2013-12-18 13:01:20.197 32739 WARNING cinder.volume.drivers.glusterfs [req-cf3d3c09-3bc9-416b-981f-18ef6fc5eb9c None None] Exception during mounting Unexpected error while running command. Command: sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t glusterfs 10.205.20.3:/cinder /var/lib/cinder/mnt/99a4d8b40ccc6587f02fe7ad88d5f629 Exit code: 1 Stdout: '' Stderr: 'sudo: no tty present and no askpass program specified\n' 2013-12-18 13:02:26.039 32739 WARNING cinder.volume.drivers.glusterfs [-] Exception during mounting Unexpected error while running command. Command: sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t glusterfs 10.205.20.3:/cinder /var/lib/cinder/mnt/99a4d8b40ccc6587f02fe7ad88d5f629 Exit code: 1 Stdout: '' Stderr: 'sudo: no tty present and no askpass program specified\n'
Installing OpenStack using packstack on systems that have previous configuration is not recommended. I recommend this bug to be close as NOTABUG. What do you think Martin?
Just to clarify, these were freshly installed systems from Satellite. The /etc/sudoers file is managed as part of their corporate kickstart. It seems a packstack warning if the include statement is not present might be good enough to warn the user at least.
Well we can document this case, but I agree with Ivan. Packstack should not mess with sudoers file. Perry, should we reassign this bug to some doc component?
I think a docs bug is needed yes, but to Vinny's point, I think a better warning would make sense. This wouldn't mean that we mess with sudoers, but at least we could tell the user "Hey, you messed with the sudoers file and OpenStack will not work because of that" I actually think that check probably belongs in the puppet modules, since the host that packstack is running on is not likely the host we care about this being broken on. And also, we'd want this warning to be visible for Foreman as well, not just packstack
It's doable (in 4 LOC). However, it'd be nasty hack in the Python part of packstack, and I'd rather not add something like that. There is an endless number of ways to mess with a Linux system that will stop packstack from working, and I don't think we ought to try to check for them. Am closing this bug as WONTFIX. Please, feel free to reopen it if you have strong feeling about getting this specific case covered.