Description of problem: base.pp class from the linked cinder submodule sets default permissions to 644, see: > https://github.com/packstack/puppetlabs-cinder/blob/d9f9efac3db5749c2130a8b74c511ffd1161bec2/manifests/base.pp#L31 That in turn makes puppet to set permissions to 755 on /var/log/cinder and /var/lib/cinder Version-Release number of selected component (if applicable): openstack-packstack-2013.1.1-0.5.dev538.el6.noarch Steps to Reproduce: 1. install openstack-cinder, check permissions for /var/log/cinder 2. run packstack, check permissions for /var/log/cinder Expected results: permissions aren't changed
for cinder (and probably for the other components too) the issue seems to have been fixed in puppet-cinder at https://github.com/stackforge/puppet-cinder/tree/master/manifests where things look to be changed a lot
keystone doesn't start for a permission error with openstack-packstack-2013.1.1-0.3.dev527.fc19. --- init.pp.old 2013-06-27 22:05:49.000000000 +0900 +++ init.pp 2013-06-27 22:06:06.000000000 +0900 @@ -114,6 +114,11 @@ mode => '0600', } + file { '/var/log/keystone/keystone.log': + owner => 'keystone', + group => 'keystone', + } + # default config keystone_config { 'DEFAULT/admin_token': value => $admin_token;
We don't use puppetlabs-cinder module for a long time. Instead we use puppet-cinder from stackforge [1]. Class "cinder::base" is deprecated according to source and in class "cinder" there isn't code which was modifying /var/log/permission. Will have to investigate more to find out reason of removal. [1] https://github.com/stackforge/puppet-cinder/blob/master/manifests/base.pp
Going through RDO bugs here. I just tested on an OpenStack setup with this version -- openstack-packstack-2014.1.1-0.19.dev1102.el7ost.noarch, and Cinder has 750 permissions. Also, posted drwxr-x---. 2 cinder root 98 Jun 3 02:27 cinder drwxr-xr-x. 2 neutron neutron 4.0K Jun 3 02:39 neutron drwxr-x---. 2 nova nova 4.0K Jun 3 02:35 nova drwxr-x---. 2 keystone keystone 25 Jun 3 02:24 keystone So, seems like it's fixed in the current version. Can you confirm this Giulio?
hi Kashayp, seeing your same results using openstack-packstack-2014.1.1-0.20.dev1109.el7ost.noarch still three other components continue to have 755: neutron, ceilometer and heat; I'm not sure though how important is this and if this is at all a bug
The problem originally described in this report has been corrected. I don't believe that mode 755 permissions on log directories is itself a problem unless we are inadvertently exposing secrets. If that is the case, please open a new bug with specific examples. Thanks!