Fortunately disabling SElinux solved my problem. Is disabling SELinux make openstack vulnerable to attacks? Regards.
On Tue, Feb 10, 2015 at 12:39 PM, Anil2 Sharma <anil2.sha...@aricent.com> wrote: > Hi Ali Nazemian, > > > > Can you post the output of account.builder, container.builder and > object.builder file? > > > > Regards > > Anil > > > > *From:* Ali Nazemian [mailto:alinazem...@gmail.com] > *Sent:* Tuesday, February 10, 2015 1:17 PM > *To:* Remo Mattei > *Cc:* openstack > *Subject:* Re: [Openstack] object storage error: permission denied > > > > Dear Remo, > > What will happen if I disable SELinux? Should I do the installation once > more or just restarting the services would be enough? > > Regards. > > > > On Tue, Feb 10, 2015 at 3:44 AM, Remo Mattei <r...@italy1.com> wrote: > > Try to set the permission on permissive and check also you may want to run > restorecon and see if the files have the right permissions > > Inviato da iPhone () > > > Il giorno 09/feb/2015, alle ore 14:08, Ali Nazemian <alinazem...@gmail.com> > ha scritto: > > Dear Remo, > > Hi, > > Yeah, Selinux is enabled although I did install openstack-selinux for this > purpose. > > Regards. > > > > On Mon, Feb 9, 2015 at 11:22 PM, Remo Mattei <r...@italy1.com> wrote: > > Are you running SELinux? > > > > Remo > > On Feb 9, 2015, at 11:21, Ali Nazemian <alinazem...@gmail.com> wrote: > > > > I did try to install and configure swift juno with one proxy node > (controller) and two object storage node. (CentOS 7) After i tried to > verify the installation process I have found out that there is some problem > with the installation. The output of swift stat command looks normal but > when I tried to create storage container in order to upload some file this > error showed up: > > > > Error trying to create container 'demo-container1': 404 Not Found: > <html><h1>Not Found</h1><p>The resource could not be found.< > > Object PUT failed: > http://controller:8080/v1/AUTH_699fcdbd76d64bd184fc948ac1e9b32c/demo-container1/root/centos-indexhtml-7-9.el7.centos.noarch.rpm > 404 > Not Found [first 60 chars of response] <html><h1>Not Found</h1><p>The > resource could not be found.< > > > > I did check the service logs on the proxy server side, here is the output > of proxy-server service: > > Feb 09 22:27:57 controller proxy-server[2522]: Container GET returning > 503 for (503, 503, 503) (txn: tx96539e1fc77640fd99898-0054d90335) > (client_ip: 10.102.1.70) > > Feb 09 22:27:57 controller proxy-server[2522]: Could not autocreate > account '/AUTH_699fcdbd76d64bd184fc948ac1e9b32c' (txn: > tx96539e1fc77640fd99898-0054d90335) (client_ip: 10.102.1.70) > > > > > > On the storage node here are the logs of different services: > > object-auditor service: > > Feb 09 22:32:36 object1 object-auditor[2115]: Begin object audit > "forever" mode (ALL) > > Feb 09 22:32:36 object1 object-auditor[2115]: ERROR: Unable to run > auditing: [Errno 13] Permission denied: '/srv/node/sdc1' > > > > object-replicator service: > > Feb 09 22:33:04 object1 object-replicator[872]: ERROR creating > /srv/node/sdb1/objects: #012Traceback (most recent call last):#012 File > "/usr/lib/python2.7/site-packages/swift/obj/replicator.py", line 428, in > process_repl#012 mkdirs(obj_path)#012 File > "/usr/lib/python2.7/site-packages/swift/common/utils.py", line 770, in > mkdirs#012 os.makedirs(path)#012 File "/usr/lib64/python2.7/os.py", > line 157, in makedirs#012 mkdir(name, mode)#012OSError: [Errno 13] > Permission denied: '/srv/node/sdb1/objects' > > Feb 09 22:33:04 object1 object-replicator[872]: ERROR creating > /srv/node/sdc1/objects: #012Traceback (most recent call last):#012 File > "/usr/lib/python2.7/site-packages/swift/obj/replicator.py", line 428, in > process_repl#012 mkdirs(obj_path)#012 File > "/usr/lib/python2.7/site-packages/swift/common/utils.py", line 770, in > mkdirs#012 os.makedirs(path)#012 File "/usr/lib64/python2.7/os.py", > line 157, in makedirs#012 mkdir(name, mode)#012OSError: [Errno 13] > Permission denied: '/srv/node/sdc1/objects' > > > > object-updater service: > > Feb 09 22:23:38 object1 object-updater[2017]: UNCAUGHT > EXCEPTION#012Traceback (most recent call last):#012 File > "/usr/bin/swift-object-updater", line 23, in <module>#012 > run_daemon(ObjectUpdater, conf_file, **options)#012 File > "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 110, in > run_daemon#012 klass(conf).run(once=once, **kwargs)#012 File > "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 57, in > run#012 self.run_forever(**kwargs)#012 File > "/usr/lib/python2.7/site-packages/swift/obj/updater.py", line 91, in > run_forever#012 self.object_sweep(os.path.join(self.devices, > device))#012 File "/usr/lib/python2.7/site-packages/swift/obj/updater.py", > line 141, in object_sweep#012 for asyncdir in > os.listdir(device):#012OSError: [Errno 13] Permission denied: > '/srv/node/sdc1' > > Feb 09 22:23:38 object1 object-updater[873]: Object update sweep > completed: 0.07s > > Feb 09 22:28:38 object1 object-updater[873]: Begin object update sweep > > Feb 09 22:28:38 object1 object-updater[2073]: UNCAUGHT > EXCEPTION#012Traceback (most recent call last):#012 File > "/usr/bin/swift-object-updater", line 23, in <module>#012 > run_daemon(ObjectUpdater, conf_file, **options)#012 File > "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 110, in > run_daemon#012 klass(conf).run(once=once, **kwargs)#012 File > "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 57, in > run#012 self.run_forever(**kwargs)#012 File > "/usr/lib/python2.7/site-packages/swift/obj/updater.py", line 91, in > run_forever#012 self.object_sweep(os.path.join(self.devices, > device))#012 File "/usr/lib/python2.7/site-packages/swift/obj/updater.py", > line 141, in object_sweep#012 for asyncdir in > os.listdir(device):#012OSError: [Errno 13] Permission denied: > '/srv/node/sdb1' > > > > there is same permission error for account service. And here is the > rsync log on storage node: > > 2015/02/09 22:16:22 [584] unable to bind any inbound sockets on port 873 > > 2015/02/09 22:16:22 [584] rsync error: error in socket IO (code 10) at > socket.c(555) [Receiver=3.0.9] > > > > It seems that I have a permission problem with /srv/node directory. I > check the permission and everything looks normal. (swift user and swift > group) I also check the permission for creating a directory inside > /srv/node with using "swift" user. It was fine. I really appriciate if > somebody could help me through this issue. > > > > Best regards. > > > > -- > > A.Nazemian > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,54d90cdc141954615547069! > > > > > > > > -- > > A.Nazemian > > !DSPAM:1,54d931c1238128606622627! > > > > > > -- > > A.Nazemian > "DISCLAIMER: This message is proprietary to Aricent and is intended > solely for the use of the individual to whom it is addressed. It may > contain privileged or confidential information and should not be circulated > or used for any purpose other than for what it is intended. If you have > received this message in error, please notify the originator immediately. > If you are not the intended recipient, you are notified that you are > strictly prohibited from using, copying, altering, or disclosing the > contents of this message. Aricent accepts no responsibility for loss or > damage arising from the use of the information transmitted by this email > including damage from virus." > -- A.Nazemian
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
