Bug 1101516 - SQLite database created with bad permission/ownership
Summary: SQLite database created with bad permission/ownership
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-sahara
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: z4
: 5.0 (RHEL 7)
Assignee: Elise Gafford
QA Contact: Luigi Toscano
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-27 11:44 UTC by Tomas Rusnak
Modified: 2015-04-16 14:37 UTC (History)
5 users (show)

Fixed In Version: openstack-sahara-2014.1.3-3.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, SQLite database was created by a user who ran the database management script, resulting in Sahara being unable to read the default database without changing ownership of the database. With this update, the file is not touched and the ownership is assigned to Sahara (for only the default file location). As a result, Sahara now has access to its database in the default flow.
Clone Of:
Environment:
Last Closed: 2015-04-16 14:37:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0825 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory 2015-04-16 18:28:14 UTC

Description Tomas Rusnak 2014-05-27 11:44:35 UTC 
Description of problem:

Sahara database migration is creating sahara-server.db in /var/lib/sahara. As the sahara directory have sahara.sahara owner/group, the database file have root.root as an owner set by sahara-db-manage.
Due to this, any write (INSERT) attempt to the database ends with error like:

OperationalError: (OperationalError) attempt to write a readonly database u'INSERT INTO node_group_templates (created_at, updated_at, id, name, description, tenant_id, flavor_id, image_id, plugin_name, hadoop_version, node_processes, node_configs, volumes_per_node, volumes_size, volume_mount_prefix, floating_ip_pool) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' ('2014-05-27 11:32:26.741107', None, u'a7591a2a-de8b-4d1f-9909-c66a1e885e16', u'node-group-template', u'', u'6809bd3836de4440a06a6c89a865cdc4', u'1', None, u'vanilla', u'1.2.1', '["namenode", "datanode", "secondarynamenode", "oozie", "tasktracker", "jobtracker", "hiveserver"]', '{"HDFS": {}, "JobFlow": {}, "MapReduce": {}, "Hive": {}}', 0, 0, '/volumes/disk', None)

Version-Release number of selected component (if applicable):
openstack-sahara.noarch-2014.1.0-13.fc20

How reproducible:
100%

Steps to Reproduce:
1. configure sahara to use sqlite
2. create/migrate database with sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
3. # ls -la /var/lib/sahara/sahara-server.db -rw-r--r--. 1 root root 46080 May 22 10:26 /var/lib/sahara/sahara-server.db

Actual results:
database with bad owner/group is in read-only mode for sahara daemon

Expected results:
database file should have sahara.sahara owner
Comment 4 Luigi Toscano 2015-04-03 15:29:11 UTC 
The openstack-sahara package now ships an empty SQLite3 database in /var/lib/sahara/sahara-server.db whose owner/group owner are sahara/sahara, and the permissions are 0700. This configuration allows users to properly configure the database without additional steps. 

(This issue is relevant only when a SQLite3 db is used).

Verified on openstack-sahara-2014.1.3-3.el7ost.noarch
Comment 6 errata-xmlrpc 2015-04-16 14:37:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0825.html
Note You need to log in before you can comment on or make changes to this bug.