** Description changed: + [Impact] Charm revision: 320 Cloud: bionic-ussuri Permissions 0644 for '/var/lib/nova/.ssh/id_rsa' are too open. Load key "/var/lib/nova/.ssh/id_rsa": bad permissions [email protected]: Permission denied (publickey). This was preventing nova resizing: /var/log/nova/nova-compute.log:2020-11-17 13:14:42.210 100221 ERROR oslo_messaging.rpc.server Command: ssh -o BatchMode=yes 10.35.80.49 mkdir -p /var/lib/nova/instances/39caee98-b81c-4cef-9810-815f2ecf1fc4 Manually setting to 0600 fixed the issue. + + Note (coreycb): It's important to note that /var/lib/nova/.ssh/ and + files contained in that directory are not created by the package. + Therefore the package should avoid changing permissions for this + directory. + + [Test Case] + Install a previous version of the nova-common package. + Setup ssh as described here (at least the creation of /var/lib/nova/.ssh/ files and chmod accordingly. + Upgrade to the patched version of nova-common and confirm the /var/lib/nova/.ssh/ directory/file modes haven't changed. + + [Regression Potential] + This is actually fixing a regression that was introduced to the package when we introduced the postinst code that does a blanket chmod to all of /var/lib/nova/. Assuming the test case above passes, I can't see any way for this to cause a regression.
** Description changed: [Impact] Charm revision: 320 Cloud: bionic-ussuri Permissions 0644 for '/var/lib/nova/.ssh/id_rsa' are too open. Load key "/var/lib/nova/.ssh/id_rsa": bad permissions [email protected]: Permission denied (publickey). This was preventing nova resizing: /var/log/nova/nova-compute.log:2020-11-17 13:14:42.210 100221 ERROR oslo_messaging.rpc.server Command: ssh -o BatchMode=yes 10.35.80.49 mkdir -p /var/lib/nova/instances/39caee98-b81c-4cef-9810-815f2ecf1fc4 Manually setting to 0600 fixed the issue. Note (coreycb): It's important to note that /var/lib/nova/.ssh/ and files contained in that directory are not created by the package. Therefore the package should avoid changing permissions for this directory. [Test Case] Install a previous version of the nova-common package. Setup ssh as described here (at least the creation of /var/lib/nova/.ssh/ files and chmod accordingly. Upgrade to the patched version of nova-common and confirm the /var/lib/nova/.ssh/ directory/file modes haven't changed. [Regression Potential] - This is actually fixing a regression that was introduced to the package when we introduced the postinst code that does a blanket chmod to all of /var/lib/nova/. Assuming the test case above passes, I can't see any way for this to cause a regression. + This is actually fixing a regression that was introduced to the package when we introduced the postinst code that does a blanket chmod to all of /var/lib/nova/. Assuming the test case above passes, I can't see any way for this to cause another regression. ** Description changed: [Impact] Charm revision: 320 Cloud: bionic-ussuri Permissions 0644 for '/var/lib/nova/.ssh/id_rsa' are too open. Load key "/var/lib/nova/.ssh/id_rsa": bad permissions [email protected]: Permission denied (publickey). This was preventing nova resizing: /var/log/nova/nova-compute.log:2020-11-17 13:14:42.210 100221 ERROR oslo_messaging.rpc.server Command: ssh -o BatchMode=yes 10.35.80.49 mkdir -p /var/lib/nova/instances/39caee98-b81c-4cef-9810-815f2ecf1fc4 Manually setting to 0600 fixed the issue. Note (coreycb): It's important to note that /var/lib/nova/.ssh/ and files contained in that directory are not created by the package. Therefore the package should avoid changing permissions for this directory. [Test Case] Install a previous version of the nova-common package. - Setup ssh as described here (at least the creation of /var/lib/nova/.ssh/ files and chmod accordingly. + Setup ssh as described here (at least the creation of /var/lib/nova/.ssh/ files and chmod accordingly): https://docs.openstack.org/nova/pike/admin/ssh-configuration.html Upgrade to the patched version of nova-common and confirm the /var/lib/nova/.ssh/ directory/file modes haven't changed. [Regression Potential] This is actually fixing a regression that was introduced to the package when we introduced the postinst code that does a blanket chmod to all of /var/lib/nova/. Assuming the test case above passes, I can't see any way for this to cause another regression. ** Also affects: nova (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: nova (Ubuntu Kinetic) Importance: Undecided Assignee: Rodrigo Barbieri (rodrigo-barbieri2010) Status: Triaged ** Also affects: nova (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: nova (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: nova (Ubuntu Focal) Status: New => Triaged ** Changed in: nova (Ubuntu Impish) Status: New => Triaged ** Changed in: nova (Ubuntu Jammy) Status: New => Triaged ** Changed in: nova (Ubuntu Kinetic) Importance: Undecided => High ** Changed in: nova (Ubuntu Jammy) Importance: Undecided => High ** Changed in: nova (Ubuntu Impish) Importance: Undecided => High ** Changed in: nova (Ubuntu Focal) Importance: Undecided => High ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/xena Importance: Undecided Status: New ** Also affects: cloud-archive/wallaby Importance: Undecided Status: New ** Also affects: cloud-archive/victoria Importance: Undecided Status: New ** Also affects: cloud-archive/ussuri Importance: Undecided Status: New ** Also affects: cloud-archive/zed Importance: Undecided Status: New ** Also affects: cloud-archive/yoga Importance: Undecided Status: New ** Changed in: cloud-archive/ussuri Importance: Undecided => High ** Changed in: cloud-archive/ussuri Status: New => Triaged ** Changed in: cloud-archive/victoria Importance: Undecided => High ** Changed in: cloud-archive/victoria Status: New => Triaged ** Changed in: cloud-archive/wallaby Importance: Undecided => High ** Changed in: cloud-archive/wallaby Status: New => Triaged ** Changed in: cloud-archive/xena Importance: Undecided => High ** Changed in: cloud-archive/xena Status: New => Triaged ** Changed in: cloud-archive/yoga Importance: Undecided => High ** Changed in: cloud-archive/yoga Status: New => Triaged ** Changed in: cloud-archive/zed Importance: Undecided => High ** Changed in: cloud-archive/zed Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1904580 Title: Permissions 0644 for '/var/lib/nova/.ssh/id_rsa' are too open To manage notifications about this bug go to: https://bugs.launchpad.net/charm-nova-compute/+bug/1904580/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
