Bug 1608273 - TLS-Everywhere - missing folder /var/lib/novajoin
Summary: TLS-Everywhere - missing folder /var/lib/novajoin
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-novajoin
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z7
: 13.0 (Queens)
Assignee: Ade Lee
QA Contact: Pavan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-25 08:49 UTC by Federico Iezzi
Modified: 2022-07-09 10:45 UTC (History)
17 users (show)

Fixed In Version: python-novajoin-1.1.1-2.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1683302 (view as bug list)
Environment:
Last Closed: 2019-07-10 13:00:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
RDO 15928 0 None rpm-master: MERGED openstack/novajoin-distgit: Add missing directory (Ibe62749d4d826f65a070872d5bccc2f8ee677c5f) 2018-12-03 10:30:37 UTC
Red Hat Issue Tracker OSP-1109 0 None None None 2021-12-10 16:51:02 UTC
Red Hat Product Errata RHSA-2019:1728 0 None None None 2019-07-10 13:00:13 UTC

Description Federico Iezzi 2018-07-25 08:49:57 UTC 
Description of problem:

Installing undercloud and enabling novajoin, puppet forgets to create main lib novajoin folder at /var/lib/novajoin/

The results is that both novajoin-notify and novajoin-server have errors during startup.

# systemctl restart novajoin-server.service novajoin-notify.service
# systemctl status novajoin-server.service novajoin-notify.service
● novajoin-server.service - OpenStack Nova IPA Join Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:45:59 EDT; 8s ago
 Main PID: 854 (novajoin-server)
    Tasks: 9
   CGroup: /system.slice/novajoin-server.service
           ├─854 /usr/bin/python2 /usr/bin/novajoin-server
           ├─880 /usr/bin/python2 /usr/bin/novajoin-server
           ├─881 /usr/bin/python2 /usr/bin/novajoin-server
           ├─882 /usr/bin/python2 /usr/bin/novajoin-server
           ├─883 /usr/bin/python2 /usr/bin/novajoin-server
           ├─884 /usr/bin/python2 /usr/bin/novajoin-server
           ├─885 /usr/bin/python2 /usr/bin/novajoin-server
           ├─886 /usr/bin/python2 /usr/bin/novajoin-server
           └─887 /usr/bin/python2 /usr/bin/novajoin-server

Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Join Service.
Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Join Service...
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: ERROR: Could not create log_dir u'/var/lib/novajoin/.ipa/log'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/var/lib/novajoin'
Jul 25 04:46:00 undercloud.redhat.local novajoin-server[854]: ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: '/var/lib/novajoin'

● novajoin-notify.service - OpenStack Nova IPA Notification Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-notify.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:45:59 EDT; 9s ago
 Main PID: 852 (novajoin-notify)
    Tasks: 2
   CGroup: /system.slice/novajoin-notify.service
           └─852 /usr/bin/python2 /usr/bin/novajoin-notify

Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Notification Service.
Jul 25 04:45:59 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Notification Service...
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: ERROR: Could not create log_dir u'/var/lib/novajoin/.ipa/log'
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:45:59 undercloud.redhat.local novajoin-notify[852]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'
Jul 25 04:46:00 undercloud.redhat.local novajoin-notify[852]: ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/var/lib/novajoin'
Jul 25 04:46:00 undercloud.redhat.local novajoin-notify[852]: ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: '/var/lib/novajoin'

Simple workaround
# mkdir /var/lib/novajoin
# chown -R novajoin:novajoin /var/lib/novajoin/

# systemctl status novajoin-server.service novajoin-notify.service 
● novajoin-server.service - OpenStack Nova IPA Join Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:48:52 EDT; 10s ago
[SNIP]

Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Join Service.
Jul 25 04:48:53 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Join Service...
Jul 25 04:48:53 undercloud.redhat.local novajoin-server[1252]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:48:53 undercloud.redhat.local novajoin-server[1252]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'

● novajoin-notify.service - OpenStack Nova IPA Notification Service
   Loaded: loaded (/usr/lib/systemd/system/novajoin-notify.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-25 04:48:52 EDT; 10s ago
[SNIP]

Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Started OpenStack Nova IPA Notification Service.
Jul 25 04:48:52 undercloud.redhat.local systemd[1]: Starting OpenStack Nova IPA Notification Service...
Jul 25 04:48:53 undercloud.redhat.local novajoin-notify[1250]: ipa: INFO: trying https://freeipa.redhat.local/ipa/json
Jul 25 04:48:53 undercloud.redhat.local novajoin-notify[1250]: ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://freeipa.redhat.local/ipa/json'
Comment 1 Juan Antonio Osorio 2018-07-26 12:43:54 UTC 
I guess it should be added to the spec file https://github.com/rdo-packages/novajoin-distgit/blob/rpm-master/python-novajoin.spec ; and not done via puppet.
Comment 3 Ade Lee 2018-08-24 20:36:54 UTC 
Yes - this is precisely where it should be added.

Reason is --  we write to this directory because we set it as the home directory for the novajoin user -- which we create in the spec file.

So, its incumbent on us to create that directory in the spec file as well.
Comment 4 Ade Lee 2018-08-24 20:47:43 UTC 
https://review.rdoproject.org/r/15928
Comment 6 Harry Rybacki 2018-11-02 16:11:19 UTC 
Fix merged in RDO. Moving bug to POST.
Comment 40 errata-xmlrpc 2019-07-10 13:00:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1728
Note You need to log in before you can comment on or make changes to this bug.