Public bug reported: tl;dr When running Quobyte Cinder storage with nas_secure_file_* settings set to true libvirt is currently required to be configured with dynamic_ownership=0 (off). This is not recommended with Nova.
Expected results: secure settings in Cinder should work with Nova and unmodified dynamic_ownership in libvirt config Actual results: The option in libvirt is required More detailed: When run with dynamic_ownership=1 libvirt changes file ownership on guest files to root:root at some point. Running Cinder with the Quobyte driver in nas_secure_file_ownership / nas_secure_file_permissions = true conflicts with this: In secure mode image files belong to the nova/cinder service users (both in a common group) and file permissions are 660 (instead of running root:root/666 as is the insecure mode for these cinder options). When libvirt changes the files ownership to root:root nova/cinder cannot access those files any longer, hurting e.g. snapshots and the like. A correction proposal was made by Daniel Berrange at https://bugs.launchpad.net/nova/+bug/1597644/comments/22 : "[..]If so, a much better approach is to enhance nova so that it can set a <seclabel> element against *just* the quobyte backed disks, that tells libvirt to skip ownership changes for those disks. That way operation of libvirt / QEMU in general will not be affect, thus avoiding nasty side-effects such as this console.log problem.[..]" ** Affects: nova Importance: Undecided Status: New ** Tags: libvirt quobyte -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1609298 Title: libvirt should not require dynamic_ownership off for secure Cinder/Quobyte settings Status in OpenStack Compute (nova): New Bug description: tl;dr When running Quobyte Cinder storage with nas_secure_file_* settings set to true libvirt is currently required to be configured with dynamic_ownership=0 (off). This is not recommended with Nova. Expected results: secure settings in Cinder should work with Nova and unmodified dynamic_ownership in libvirt config Actual results: The option in libvirt is required More detailed: When run with dynamic_ownership=1 libvirt changes file ownership on guest files to root:root at some point. Running Cinder with the Quobyte driver in nas_secure_file_ownership / nas_secure_file_permissions = true conflicts with this: In secure mode image files belong to the nova/cinder service users (both in a common group) and file permissions are 660 (instead of running root:root/666 as is the insecure mode for these cinder options). When libvirt changes the files ownership to root:root nova/cinder cannot access those files any longer, hurting e.g. snapshots and the like. A correction proposal was made by Daniel Berrange at https://bugs.launchpad.net/nova/+bug/1597644/comments/22 : "[..]If so, a much better approach is to enhance nova so that it can set a <seclabel> element against *just* the quobyte backed disks, that tells libvirt to skip ownership changes for those disks. That way operation of libvirt / QEMU in general will not be affect, thus avoiding nasty side-effects such as this console.log problem.[..]" To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1609298/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
