Bug 1313411 - incorrect permissions on systemd .service files
incorrect permissions on systemd .service files
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
6.0 (Juno)
x86_64 Linux
medium Severity medium
: async
: 6.0 (Juno)
Assigned To: Michal Pryc
Prasanth Anbalagan
: ZStream
Depends On:
Blocks: 1339488 1337177 1337178 1337180
  Show dependency treegraph
 
Reported: 2016-03-01 09:53 EST by GE Scott Knauss
Modified: 2016-08-28 09:28 EDT (History)
20 users (show)

See Also:
Fixed In Version: openstack-nova-2014.2.3-73.el7ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1337177 1337178 1337180 (view as bug list)
Environment:
RHEL 7 Openstack 6
Last Closed: 2016-06-22 07:42:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description GE Scott Knauss 2016-03-01 09:53:37 EST
Description of problem:

/var/log/messages is being flooded with below messages on all nodes:
--
Feb 18 08:24:32 tb-compute-1 systemd: Configuration file /usr/lib/systemd/system/wpa_supplicant.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:24:32 tb-compute-1 systemd: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
--

Additionally these messages are flooding on Controller nodes:
--
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-novncproxy.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-metadata-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-console.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-consoleauth.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-xvpvncproxy.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-conductor.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-conductor.service is marked executable. Please remove executable permission bits. Proceeding anyway.

Version-Release number of selected component (if applicable):

openstack-nova-2014.2.3-54.el7ost.src.rpm

How reproducible:

Steps to Reproduce:

1. Install latest nova packages for openstack 6
2. monitor logs

Actual results:

many errors in logs

Expected results:

no errors in logs

Additional info:

I've checked the spec files from all src.rpm packages from the latest openstack repo and only the openstack-nova package is installing service files with incorrect permissions. (755 vs 644)
Comment 2 Felipe Alfaro Solana 2016-05-05 11:08:56 EDT
This also happens in RHOSP7 (Kilo). And perhaps in RHOSP8 (Liberty).
Comment 8 Alan Pevec 2016-06-09 18:32:59 EDT
rpm-master review https://review.rdoproject.org/r/1352
Comment 10 Prasanth Anbalagan 2016-06-16 16:05:16 EDT
Verified as follows - Permission for nova .service files have been restored to 644 as like other component service files. Further, no error messages were observed in nova logs.

*********
VERSION
*********

[root@serverA ~]# yum list installed | grep openstack-nova
openstack-nova-api.noarch            2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-cert.noarch           2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-common.noarch         2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-compute.noarch        2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-conductor.noarch      2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-console.noarch        2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-novncproxy.noarch     2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-scheduler.noarch      2014.2.3-73.el7ost      @rhelosp-6.0-puddle

***********
LOGS
***********

[root@serverA ~]# ls -l /usr/lib/systemd/system/*openstack*service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service
-rw-r--r--. 1 root root 237 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-api.service
-rw-r--r--. 1 root root 253 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-central.service
-rw-r--r--. 1 root root 256 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-collector.service
-rw-r--r--. 1 root root 253 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-compute.service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-notification.service
-rw-r--r--. 1 root root 307 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-api.service
-rw-r--r--. 1 root root 316 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-backup.service
-rw-r--r--. 1 root root 325 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-scheduler.service
-rw-r--r--. 1 root root 316 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-volume.service
-rw-r--r--. 1 root root 261 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-api.service
-rw-r--r--. 1 root root 271 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-registry.service
-rw-r--r--. 1 root root 267 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-scrubber.service
-rw-r--r--. 1 root root 242 May  6 05:57 /usr/lib/systemd/system/openstack-keystone.service
-rw-r--r--. 1 root root 571 Jun 15 22:33 /usr/lib/systemd/system/openstack-losetup.service
-rw-r--r--. 1 root root 195 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-api.service
-rw-r--r--. 1 root root 197 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-cert.service
-rw-r--r--. 1 root root 267 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-compute.service
-rw-r--r--. 1 root root 207 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-conductor.service
-rw-r--r--. 1 root root 216 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-consoleauth.service
-rw-r--r--. 1 root root 209 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-console.service
-rw-r--r--. 1 root root 213 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-metadata-api.service
-rw-r--r--. 1 root root 285 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-novncproxy.service
-rw-r--r--. 1 root root 207 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-scheduler.service
-rw-r--r--. 1 root root 197 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-xvpvncproxy.service
-rw-r--r--. 1 root root 286 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-auditor.service
-rw-r--r--. 1 root root 264 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-auditor@.service
-rw-r--r--. 1 root root 247 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-reaper.service
-rw-r--r--. 1 root root 262 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-reaper@.service
-rw-r--r--. 1 root root 322 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-replicator.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-replicator@.service
-rw-r--r--. 1 root root 282 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account.service
-rw-r--r--. 1 root root 297 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account@.service
-rw-r--r--. 1 root root 255 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-auditor.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-auditor@.service
-rw-r--r--. 1 root root 265 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-reconciler.service
-rw-r--r--. 1 root root 328 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-replicator.service
-rw-r--r--. 1 root root 276 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-replicator@.service
-rw-r--r--. 1 root root 288 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container.service
-rw-r--r--. 1 root root 303 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container@.service
-rw-r--r--. 1 root root 255 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-updater.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-updater@.service
-rw-r--r--. 1 root root 283 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-auditor.service
-rw-r--r--. 1 root root 261 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-auditor@.service
-rw-r--r--. 1 root root 247 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-expirer.service
-rw-r--r--. 1 root root 319 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-replicator.service
-rw-r--r--. 1 root root 267 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-replicator@.service
-rw-r--r--. 1 root root 279 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object.service
-rw-r--r--. 1 root root 294 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object@.service
-rw-r--r--. 1 root root 246 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-updater.service
-rw-r--r--. 1 root root 261 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-updater@.service
-rw-r--r--. 1 root root 276 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-proxy.service
Comment 12 errata-xmlrpc 2016-06-22 07:42:30 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1280

Note You need to log in before you can comment on or make changes to this bug.