cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-2758) cloudstack-management does not start from RPM packages
Date Mon, 03 Jun 2013 08:26:19 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13672890#comment-13672890
] 

ASF subversion and git services commented on CLOUDSTACK-2758:
-------------------------------------------------------------

Commit 54127f838eb0904c89d87aea34cffad6eb738fd6 in branch refs/heads/master from [~tsp]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=54127f8 ]

CLOUDSTACK-2758: Fix permissions of catalina.out

Because of CVE 2013-1976, catalina.out gets owned by root. Since
cloudstack-management is run under a privileged user env. of cloud have
cloud ($TOMCAT_USER) own the catalina.out.

Signed-off-by: Prasanna Santhanam <tsp@apache.org>

                
> cloudstack-management does not start from RPM packages
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-2758
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2758
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Packaging
>    Affects Versions: 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.2.0
>            Reporter: Prasanna Santhanam
>            Assignee: Prasanna Santhanam
>            Priority: Blocker
>             Fix For: 4.2.0
>
>
> For the last two days the packages for CloudStack from jenkins.cs.o haven't been able
to boot up the management server. The service start reports OK, but the service dies immediately.
> [root@cloudstack-centos63 ~]# bash -x /etc/init.d/cloudstack-management start
> + '[' -r /etc/rc.d/init.d/functions ']'
> + . /etc/rc.d/init.d/functions
> ++ TEXTDOMAIN=initscripts
> ++ umask 022
> ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin
> ++ export PATH
> ++ '[' -z '' ']'
> ++ COLUMNS=80
> ++ '[' -z '' ']'
> +++ /sbin/consoletype
> ++ CONSOLETYPE=pty
> ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']'
> ++ . /etc/profile.d/lang.sh
> ++ unset LANGSH_SOURCED
> ++ '[' -z '' ']'
> ++ '[' -f /etc/sysconfig/init ']'
> ++ . /etc/sysconfig/init
> +++ BOOTUP=color
> +++ RES_COL=60
> +++ MOVE_TO_COL='echo -en \033[60G'
> +++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
> +++ SETCOLOR_FAILURE='echo -en \033[0;31m'
> +++ SETCOLOR_WARNING='echo -en \033[0;33m'
> +++ SETCOLOR_NORMAL='echo -en \033[0;39m'
> +++ PROMPT=yes
> +++ AUTOSWAP=no
> +++ ACTIVE_CONSOLES='/dev/tty[1-6]'
> +++ SINGLE=/sbin/sushell
> ++ '[' pty = serial ']'
> ++ __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
> + '[' -r /lib/lsb/init-functions ']'
> + . /lib/lsb/init-functions
> ++ basename /etc/init.d/cloudstack-management
> + NAME=cloudstack-management
> + case "$1" in
> + set_ulimit
> ++ ulimit -n
> + fd_limit=1024
> + '[' 1024 '!=' 4096 ']'
> ++ whoami
> + user=root
> + '[' root == root ']'
> + ulimit -n 4096
> + . /etc/rc.d/init.d/tomcat6
> ++ '[' -r /lib/lsb/init-functions ']'
> ++ . /lib/lsb/init-functions
> +++ lsb_release -i -s
> ++ DISTRIB_ID=CentOS
> +++ basename /etc/init.d/cloudstack-management
> ++ NAME=cloudstack-management
> ++ unset ISBOOT
> ++ '[' c = S -o c = K ']'
> ++ '[' -x /sbin/runuser ']'
> ++ SU='/sbin/runuser -s /bin/sh'
> ++ TOMCAT_CFG=/etc/tomcat6/tomcat6.conf
> ++ '[' -r /etc/tomcat6/tomcat6.conf ']'
> ++ . /etc/tomcat6/tomcat6.conf
> +++ CATALINA_BASE=/usr/share/tomcat6
> +++ CATALINA_HOME=/usr/share/tomcat6
> +++ JASPER_HOME=/usr/share/tomcat6
> +++ CATALINA_TMPDIR=/var/cache/tomcat6/temp
> +++ JAVA_OPTS=' -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory'
> +++ TOMCAT_USER=tomcat
> +++ SECURITY_MANAGER=false
> +++ SHUTDOWN_WAIT=30
> +++ SHUTDOWN_VERBOSE=false
> +++ CATALINA_PID=/var/run/tomcat6.pid
> ++ '[' -r /etc/sysconfig/cloudstack-management ']'
> ++ . /etc/sysconfig/cloudstack-management
> +++ dummy=1
> +++ export TOMCAT_CFG=/etc/cloudstack/management/tomcat6.conf
> +++ TOMCAT_CFG=/etc/cloudstack/management/tomcat6.conf
> +++ . /etc/cloudstack/management/tomcat6.conf
> ++++ CATALINA_BASE=/usr/share/cloudstack-management
> ++++ CATALINA_HOME=/usr/share/cloudstack-management
> ++++ JASPER_HOME=/usr/share/cloudstack-management
> ++++ CATALINA_TMPDIR=/usr/share/cloudstack-management/temp
> ++++ JAVA_OPTS='-Djava.awt.headless=true -Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/
-XX:PermSize=512M -XX:MaxPermSize=800m'
> ++++ TOMCAT_USER=cloud
> ++++ TOMCAT6_USER=cloud
> ++++ TOMCAT_LOG=/var/log/cloudstack/management//catalina.out
> ++++ SECURITY_MANAGER=false
> ++++ SHUTDOWN_WAIT=30
> ++++ SHUTDOWN_VERBOSE=false
> ++++ CATALINA_PID=/var/run/cloudstack-management.pid
> ++++ dummy=1
> ++++ . /etc/cloudstack/management/classpath.conf
> +++++ SYSTEMJARS=
> ++++++ build-classpath
> +++++ SCP=
> +++++ '[' 2 '!=' 0 ']'
> +++++ export SCP=
> +++++ SCP=
> +++++ MCP=
> +++++ DCP=
> +++++ CLASSPATH=:::/etc/cloudstack/management:/usr/share/cloudstack-management/setup
> +++++ for jarfile in '"/usr/share/cloudstack-management/premium"/*'
> +++++ '[' '!' -e '/usr/share/cloudstack-management/premium/*' ']'
> +++++ continue
> +++++ for plugin in '"/usr/share/cloudstack-management/plugin"/*'
> +++++ '[' '!' -e '/usr/share/cloudstack-management/plugin/*' ']'
> +++++ continue
> +++++ for vendorconf in '"/etc/cloudstack/management"/vendor/*'
> +++++ '[' '!' -d '/etc/cloudstack/management/vendor/*' ']'
> +++++ continue
> +++++ export CLASSPATH
> +++++ PATH=/sbin:/usr/sbin:/sbin:/usr/sbin:/bin:/usr/bin
> +++++ export PATH
> ++ CONNECTOR_PORT=8080
> ++ TOMCAT_SCRIPT=/usr/sbin/tomcat6
> ++ TOMCAT_PROG=cloudstack-management
> ++ TOMCAT_USER=cloud
> ++ TOMCAT_LOG=/var/log/cloudstack/management//catalina.out
> ++ export CATALINA_PID=/var/run/cloudstack-management.pid
> ++ CATALINA_PID=/var/run/cloudstack-management.pid
> ++ RETVAL=0
> ++ RETVAL=0
> ++ case "$1" in
> ++ start
> ++ echo -n 'Starting cloudstack-management: '
> Starting cloudstack-management: ++ '[' 0 '!=' 0 ']'
> ++ '[' -f /var/lock/subsys/cloudstack-management ']'
> ++ touch /var/run/cloudstack-management.pid
> ++ '[' 0 -eq 0 -a 0 -eq 0 ']'
> ++ chown cloud:cloud /var/run/cloudstack-management.pid
> ++ parseOptions
> ++ options=
> +++ awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' /etc/cloudstack/management/tomcat6.conf
> ++ options=' export  CATALINA_BASE="/usr/share/cloudstack-management" ; export  CATALINA_HOME="/usr/share/cloudstack-management"
; export  JASPER_HOME="/usr/share/cloudstack-management" ; export  CATALINA_TMPDIR="/usr/share/cloudstack-management/temp"
; export  JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/
-XX:PermSize=512M -XX:MaxPermSize=800m" ; export  TOMCAT_USER="cloud" ; export  TOMCAT6_USER="$TOMCAT_USER"
; export  TOMCAT_LOG="/var/log/cloudstack/management//catalina.out" ; export  SECURITY_MANAGER="false"
; export  SHUTDOWN_WAIT="30" ; export  SHUTDOWN_VERBOSE="false" ; export  CATALINA_PID="/var/run/cloudstack-management.pid"
; export  dummy=1 ; . /etc/cloudstack/management/classpath.conf ; '
> ++ '[' -r /etc/sysconfig/cloudstack-management ']'
> +++ awk '!/^#/ && !/^$/ { ORS=" "; 
>                                            print "export ", $0, ";" }' /etc/sysconfig/cloudstack-management
> ++ options=' export  CATALINA_BASE="/usr/share/cloudstack-management" ; export  CATALINA_HOME="/usr/share/cloudstack-management"
; export  JASPER_HOME="/usr/share/cloudstack-management" ; export  CATALINA_TMPDIR="/usr/share/cloudstack-management/temp"
; export  JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/
-XX:PermSize=512M -XX:MaxPermSize=800m" ; export  TOMCAT_USER="cloud" ; export  TOMCAT6_USER="$TOMCAT_USER"
; export  TOMCAT_LOG="/var/log/cloudstack/management//catalina.out" ; export  SECURITY_MANAGER="false"
; export  SHUTDOWN_WAIT="30" ; export  SHUTDOWN_VERBOSE="false" ; export  CATALINA_PID="/var/run/cloudstack-management.pid"
; export  dummy=1 ; . /etc/cloudstack/management/classpath.conf ;  export  dummy=1 ; export
TOMCAT_CFG=/etc/cloudstack/management/tomcat6.conf ; . /etc/cloudstack/management/tomcat6.conf
; '
> ++ TOMCAT_SCRIPT=' export  CATALINA_BASE="/usr/share/cloudstack-management" ; export
 CATALINA_HOME="/usr/share/cloudstack-management" ; export  JASPER_HOME="/usr/share/cloudstack-management"
; export  CATALINA_TMPDIR="/usr/share/cloudstack-management/temp" ; export  JAVA_OPTS="-Djava.awt.headless=true
-Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/
-XX:PermSize=512M -XX:MaxPermSize=800m" ; export  TOMCAT_USER="cloud" ; export  TOMCAT6_USER="$TOMCAT_USER"
; export  TOMCAT_LOG="/var/log/cloudstack/management//catalina.out" ; export  SECURITY_MANAGER="false"
; export  SHUTDOWN_WAIT="30" ; export  SHUTDOWN_VERBOSE="false" ; export  CATALINA_PID="/var/run/cloudstack-management.pid"
; export  dummy=1 ; . /etc/cloudstack/management/classpath.conf ;  export  dummy=1 ; export
TOMCAT_CFG=/etc/cloudstack/management/tomcat6.conf ; . /etc/cloudstack/management/tomcat6.conf
;  /usr/sbin/tomcat6'
> ++ '[' 0 -eq 0 -a false = true ']'
> ++ '[' 0 -eq 0 ']'
> ++ /sbin/runuser -s /bin/sh - cloud -c ' export  CATALINA_BASE="/usr/share/cloudstack-management"
; export  CATALINA_HOME="/usr/share/cloudstack-management" ; export  JASPER_HOME="/usr/share/cloudstack-management"
; export  CATALINA_TMPDIR="/usr/share/cloudstack-management/temp" ; export  JAVA_OPTS="-Djava.awt.headless=true
-Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/
-XX:PermSize=512M -XX:MaxPermSize=800m" ; export  TOMCAT_USER="cloud" ; export  TOMCAT6_USER="$TOMCAT_USER"
; export  TOMCAT_LOG="/var/log/cloudstack/management//catalina.out" ; export  SECURITY_MANAGER="false"
; export  SHUTDOWN_WAIT="30" ; export  SHUTDOWN_VERBOSE="false" ; export  CATALINA_PID="/var/run/cloudstack-management.pid"
; export  dummy=1 ; . /etc/cloudstack/management/classpath.conf ;  export  dummy=1 ; export
TOMCAT_CFG=/etc/cloudstack/management/tomcat6.conf ; . /etc/cloudstack/management/tomcat6.conf
;  /usr/sbin/tomcat6 start'
> ++ '[' 0 -eq 0 ']'
> ++ log_success_msg
> ++ /etc/redhat-lsb/lsb_log_message success
>                                                            [  OK  ]
> ++ touch /var/lock/subsys/cloudstack-management
> ++ '[' CentOS = MandrivaLinux ']'
> ++ exit 0
> Only information in catalina.out is that of permissions. 
> [root@cloudstack-centos63 ~]# cat /var/log/cloudstack/management/catalina.out 
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> /usr/sbin/tomcat6: line 30: /usr/share/cloudstack-management/logs/catalina.out: Permission
denied
> The dev environment server startup is working so this looks like a packaging issue.
> Its mainly happening when we are creating new  machine and installing MS on it

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message