<div dir="ltr"><div><div>Hi,<br><br></div>From Pike cinder-api only runs as a wsgi process and container has been migrated into an apache process, currenty we run apache as root user and not as service's user.<br><br></div>Regards<br><div><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-06-11 10:46 GMT+02:00 Jae Sang Lee <span dir="ltr"><<a href="mailto:hyangii@gmail.com" target="_blank">hyangii@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, stackers.<div><br></div><div><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">We are distributing </span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_20 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling m_-6985336391828993582gmail-ins-del m_-6985336391828993582gmail-multiReplace" id="m_-6985336391828993582gmail-20" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">OpenStack</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>to<span> </span></span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_22 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling" id="m_-6985336391828993582gmail-22" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">kube<wbr>rnetes</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>using the docker image generated by<span> </span></span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_21 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling m_-6985336391828993582gmail-ins-del m_-6985336391828993582gmail-multiReplace" id="m_-6985336391828993582gmail-21" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">kolla</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">. I recently upgraded from<span> </span></span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_23 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling m_-6985336391828993582gmail-ins-del m_-6985336391828993582gmail-multiReplace" id="m_-6985336391828993582gmail-23" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">ocata</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>to pike and found that the cinder-</span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_24 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling m_-6985336391828993582gmail-ins-del m_-6985336391828993582gmail-multiReplace" id="m_-6985336391828993582gmail-24" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">api</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>container does not run as a cinder user. </span></div><div><font color="#444444">So it does not pass our unit test.</font></div><div><font color="#444444"><br></font></div><div><span style="color:rgb(68,68,68)">This seems to have been fixed in the following code, </span><br></div><div><span style="color:rgb(68,68,68)"><a href="https://review.openstack.org/#/c/463535/2/docker/cinder/cinder-api/Dockerfile.j2,unified" target="_blank">https://review.openstack.org/#<wbr>/c/463535/2/docker/cinder/<wbr>cinder-api/Dockerfile.j2,<wbr>unified</a></span><br></div><div><span style="text-align:start;text-indent:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><font color="#444444"><br></font></span></div><div><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Is there a reason why it should not be run as a cinder user? Other services<span> </span></span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_32 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_gramm m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-Grammar m_-6985336391828993582gmail-only-ins m_-6985336391828993582gmail-replaceWithoutSep" id="m_-6985336391828993582gmail-32" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">except</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span> </span>cinder-</span><span class="m_-6985336391828993582gmail-gr_ m_-6985336391828993582gmail-gr_25 m_-6985336391828993582gmail-gr-alert m_-6985336391828993582gmail-gr_spell m_-6985336391828993582gmail-gr_inline_cards m_-6985336391828993582gmail-gr_run_anim m_-6985336391828993582gmail-ContextualSpelling m_-6985336391828993582gmail-ins-del m_-6985336391828993582gmail-multiReplace" id="m_-6985336391828993582gmail-25" style="display:inline;color:rgb(68,68,68);border-bottom:2px solid transparent;background-repeat:no-repeat;font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">api</span><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> (<wbr>cinder-scheduler, cinder-volume, cinder-backup) are all running as cinder user. If this is a simple bug, try to fix it.</span><br></div><div><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(68,68,68);font-family:arial,sans-serif;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Thanks.</span></div></div>
</blockquote></div><br></div>