[Openstack] object storage error: permission denied

Ali Nazemian alinazemian at gmail.com
Tue Feb 10 10:09:34 UTC 2015 

Fortunately disabling SElinux solved my problem. Is disabling SELinux make
openstack vulnerable to attacks?
Regards.

On Tue, Feb 10, 2015 at 12:39 PM, Anil2 Sharma <anil2.sharma at aricent.com>
wrote:

>  Hi Ali Nazemian,
>
>
>
> Can you post the output of  account.builder, container.builder and
> object.builder file?
>
>
>
> Regards
>
> Anil
>
>
>
> *From:* Ali Nazemian [mailto:alinazemian at gmail.com]
> *Sent:* Tuesday, February 10, 2015 1:17 PM
> *To:* Remo Mattei
> *Cc:* openstack
> *Subject:* Re: [Openstack] object storage error: permission denied
>
>
>
> Dear Remo,
>
> What will happen if I disable SELinux? Should I do the installation once
> more or just restarting the services would be enough?
>
> Regards.
>
>
>
> On Tue, Feb 10, 2015 at 3:44 AM, Remo Mattei <remo at italy1.com> wrote:
>
> Try to set the permission on permissive and check also you may want to run
> restorecon and see if the files have the right permissions
>
> Inviato da iPhone ()
>
>
> Il giorno 09/feb/2015, alle ore 14:08, Ali Nazemian <alinazemian at gmail.com>
> ha scritto:
>
>   Dear Remo,
>
> Hi,
>
> Yeah, Selinux is enabled although I did install openstack-selinux for this
> purpose.
>
> Regards.
>
>
>
> On Mon, Feb 9, 2015 at 11:22 PM, Remo Mattei <Remo at italy1.com> wrote:
>
>  Are you running SELinux?
>
>
>
> Remo
>
>    On Feb 9, 2015, at 11:21, Ali Nazemian <alinazemian at gmail.com> wrote:
>
>
>
> I did try to install and configure swift juno with one proxy node
> (controller) and two object storage node. (CentOS 7) After i tried to
> verify the installation process I have found out that there is some problem
> with the installation. The output of swift stat command looks normal but
> when I tried to create storage container in order to upload some file this
> error showed up:
>
>
>
>  Error trying to create container 'demo-container1': 404 Not Found:
> <html><h1>Not Found</h1><p>The resource could not be found.<
>
> Object PUT failed:
> http://controller:8080/v1/AUTH_699fcdbd76d64bd184fc948ac1e9b32c/demo-container1/root/centos-indexhtml-7-9.el7.centos.noarch.rpm 404
> Not Found  [first 60 chars of response] <html><h1>Not Found</h1><p>The
> resource could not be found.<
>
>
>
> I did check the service logs on the proxy server side, here is the output
> of proxy-server service:
>
>   Feb 09 22:27:57 controller proxy-server[2522]: Container GET returning
> 503 for (503, 503, 503) (txn: tx96539e1fc77640fd99898-0054d90335)
> (client_ip: 10.102.1.70)
>
> Feb 09 22:27:57 controller proxy-server[2522]: Could not autocreate
> account '/AUTH_699fcdbd76d64bd184fc948ac1e9b32c' (txn:
> tx96539e1fc77640fd99898-0054d90335) (client_ip: 10.102.1.70)
>
>
>
>
>
> On the storage node here are the logs of different services:
>
> object-auditor service:
>
>   Feb 09 22:32:36 object1 object-auditor[2115]: Begin object audit
> "forever" mode (ALL)
>
> Feb 09 22:32:36 object1 object-auditor[2115]: ERROR: Unable to run
> auditing: [Errno 13] Permission denied: '/srv/node/sdc1'
>
>
>
>   object-replicator service:
>
>   Feb 09 22:33:04 object1 object-replicator[872]: ERROR creating
> /srv/node/sdb1/objects: #012Traceback (most recent call last):#012  File
> "/usr/lib/python2.7/site-packages/swift/obj/replicator.py", line 428, in
> process_repl#012    mkdirs(obj_path)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/utils.py", line 770, in
> mkdirs#012    os.makedirs(path)#012  File "/usr/lib64/python2.7/os.py",
> line 157, in makedirs#012    mkdir(name, mode)#012OSError: [Errno 13]
> Permission denied: '/srv/node/sdb1/objects'
>
> Feb 09 22:33:04 object1 object-replicator[872]: ERROR creating
> /srv/node/sdc1/objects: #012Traceback (most recent call last):#012  File
> "/usr/lib/python2.7/site-packages/swift/obj/replicator.py", line 428, in
> process_repl#012    mkdirs(obj_path)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/utils.py", line 770, in
> mkdirs#012    os.makedirs(path)#012  File "/usr/lib64/python2.7/os.py",
> line 157, in makedirs#012    mkdir(name, mode)#012OSError: [Errno 13]
> Permission denied: '/srv/node/sdc1/objects'
>
>
>
>   object-updater service:
>
>   Feb 09 22:23:38 object1 object-updater[2017]: UNCAUGHT
> EXCEPTION#012Traceback (most recent call last):#012  File
> "/usr/bin/swift-object-updater", line 23, in <module>#012
>  run_daemon(ObjectUpdater, conf_file, **options)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 110, in
> run_daemon#012    klass(conf).run(once=once, **kwargs)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 57, in
> run#012    self.run_forever(**kwargs)#012  File
> "/usr/lib/python2.7/site-packages/swift/obj/updater.py", line 91, in
> run_forever#012    self.object_sweep(os.path.join(self.devices,
> device))#012  File "/usr/lib/python2.7/site-packages/swift/obj/updater.py",
> line 141, in object_sweep#012    for asyncdir in
> os.listdir(device):#012OSError: [Errno 13] Permission denied:
> '/srv/node/sdc1'
>
> Feb 09 22:23:38 object1 object-updater[873]: Object update sweep
> completed: 0.07s
>
> Feb 09 22:28:38 object1 object-updater[873]: Begin object update sweep
>
> Feb 09 22:28:38 object1 object-updater[2073]: UNCAUGHT
> EXCEPTION#012Traceback (most recent call last):#012  File
> "/usr/bin/swift-object-updater", line 23, in <module>#012
>  run_daemon(ObjectUpdater, conf_file, **options)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 110, in
> run_daemon#012    klass(conf).run(once=once, **kwargs)#012  File
> "/usr/lib/python2.7/site-packages/swift/common/daemon.py", line 57, in
> run#012    self.run_forever(**kwargs)#012  File
> "/usr/lib/python2.7/site-packages/swift/obj/updater.py", line 91, in
> run_forever#012    self.object_sweep(os.path.join(self.devices,
> device))#012  File "/usr/lib/python2.7/site-packages/swift/obj/updater.py",
> line 141, in object_sweep#012    for asyncdir in
> os.listdir(device):#012OSError: [Errno 13] Permission denied:
> '/srv/node/sdb1'
>
>
>
>  there is same permission error for account service. And here is the
> rsync log on storage node:
>
>   2015/02/09 22:16:22 [584] unable to bind any inbound sockets on port 873
>
> 2015/02/09 22:16:22 [584] rsync error: error in socket IO (code 10) at
> socket.c(555) [Receiver=3.0.9]
>
>
>
> It seems that I have a permission problem with /srv/node directory. I
> check the permission and everything looks normal. (swift user and swift
> group) I also check the permission for creating a directory inside
> /srv/node with using "swift" user. It was fine. I really appriciate if
> somebody could help me through this issue.
>
>
>
> Best regards.
>
>
>
> --
>
> A.Nazemian
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,54d90cdc141954615547069!
>
>
>
>
>
>
>
> --
>
> A.Nazemian
>
> !DSPAM:1,54d931c1238128606622627!
>
>
>
>
>
> --
>
> A.Nazemian
>   "DISCLAIMER: This message is proprietary to Aricent and is intended
> solely for the use of the individual to whom it is addressed. It may
> contain privileged or confidential information and should not be circulated
> or used for any purpose other than for what it is intended. If you have
> received this message in error, please notify the originator immediately.
> If you are not the intended recipient, you are notified that you are
> strictly prohibited from using, copying, altering, or disclosing the
> contents of this message. Aricent accepts no responsibility for loss or
> damage arising from the use of the information transmitted by this email
> including damage from virus."
>



-- 
A.Nazemian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150210/b5fbfacd/attachment.html>

More information about the Openstack mailing list