From 1d4c3ad6ece7648d7329c5a6bfd42ed9b53b3022 Mon Sep 17 00:00:00 2001 From: Paulo Matias Date: Thu, 27 Oct 2016 17:24:50 -0200 Subject: [PATCH] Fix permissions for the Nova lock directory in systemd The directory set as `lock_path` in `nova.conf` must be created with the nova system user as its owner, otherwise the VIF plugin would fail to acquire a lock when launching an instance. Here we set up systemd to create this directory with correct owner and permissions, besides moving its path to a `nova_lock_path` variable. Apparently, the `/var/lock/{{ item.value.service_name }}` directory, which is also created by `nova-systemd-tempfiles.j2`, is not needed at all. But as this patch is intended to be backported to a stable release, we keep it by now to avoid any unforeseen issues. Change-Id: I9886778eddc23f0f71dfdfc87f4f715054946b3d Closes-Bug: #1636604 --- defaults/main.yml | 2 ++ tasks/nova_pre_install.yml | 2 +- templates/nova-systemd-tempfiles.j2 | 1 + templates/nova.conf.j2 | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7a0f68a4..c0329eb4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -54,6 +54,8 @@ nova_system_comment: nova system user nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}" nova_libvirt_save_path: "{{ nova_system_home_folder }}/save" +nova_lock_path: "/var/lock/nova" + ## Manually specified nova UID/GID # Deployers can specify a UID for the nova user as well as the GID for the # nova group if needed. This is commonly used in environments where shared diff --git a/tasks/nova_pre_install.yml b/tasks/nova_pre_install.yml index 7cdf09c4..38a597c8 100644 --- a/tasks/nova_pre_install.yml +++ b/tasks/nova_pre_install.yml @@ -69,7 +69,7 @@ - { path: "{{ nova_system_home_folder }}/cache/api" } - { path: "{{ nova_system_home_folder }}/instances" } - { path: "{{ nova_libvirt_save_path }}", mode: "0750" } - - { path: "/var/lock/nova" } + - { path: "{{ nova_lock_path }}" } - { path: "/var/run/nova" } tags: - nova-dirs diff --git a/templates/nova-systemd-tempfiles.j2 b/templates/nova-systemd-tempfiles.j2 index 6c172fb9..4ee37ffc 100644 --- a/templates/nova-systemd-tempfiles.j2 +++ b/templates/nova-systemd-tempfiles.j2 @@ -2,3 +2,4 @@ D /var/lock/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }} D /var/run/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }} +D {{ nova_lock_path }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }} diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2 index 71d084ef..27b1ecf3 100644 --- a/templates/nova.conf.j2 +++ b/templates/nova.conf.j2 @@ -242,7 +242,7 @@ pool_timeout = {{ nova_api_db_pool_timeout }} [oslo_concurrency] -lock_path = /var/lock/nova +lock_path = {{ nova_lock_path }} [oslo_messaging_rabbit]