rajujith opened a new issue, #10029: URL: https://github.com/apache/cloudstack/issues/10029
<!-- Verify first that your issue/request is not already reported on GitHub. Also test if the latest release and main branch are affected too. Always add information AFTER of these HTML comments, but no need to delete the comments. --> ##### ISSUE TYPE <!-- Pick one below and delete the rest --> * Improvement Request ##### COMPONENT NAME <!-- Categorize the issue, e.g. API, VR, VPN, UI, etc. --> ~~~ Upgrade, systemVM template ~~~ ##### CLOUDSTACK VERSION <!-- New line separated list of affected versions, commit ID for issues on main branch. --> ~~~ 4.19.1.3 ~~~ ##### CONFIGURATION <!-- Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise --> Upgrade from 4.18.2.3 to 4.19.1.3 ##### OS / ENVIRONMENT <!-- Information about the environment if relevant, N/A otherwise --> EL ##### SUMMARY <!-- Explain the problem/feature briefly --> On management servers with security hardening implemented for example umask set to 0027 the systemVM template upgrade fails. Script 'setup-sysvm-tmplt' creates directory with 'sudo' but attempts to find the template without sudo. This fails in the secured operating systems. [cloud@mgmt1 ~]$ umask 0027 [cloud@mgmt1 ~]$ sudo mkdir -p /tmp/tmp10896605671384965986/template/tmpl/1/8 [cloud@mgmt1 ~]$ find /tmp/tmp10896605671384965986/template/tmpl/1/8 -name '*.ova' find: ‘/tmp/tmp10896605671384965986/template/tmpl/1/8’: Permission denied ##### STEPS TO REPRODUCE <!-- For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate. For new features, show how the feature would be used. --> <!-- Paste example playbooks or commands between quotes below --> ~~~ 1. Set umask to 0027 2. Upgrade cloudstack from 4.18.2.3 to 4.19.1.3 ~~~ <!-- You can also paste gist.github.com links for larger files --> ##### EXPECTED RESULTS <!-- What did you expect to happen when running the steps above? --> ~~~ SystemVM templates are upgraded. ~~~ ##### ACTUAL RESULTS <!-- What actually happened? --> <!-- Paste verbatim command output between quotes below --> ~~~ SystemVM templates are not upgraded. ~~~ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
