Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 731D1200C22 for ; Tue, 21 Feb 2017 21:42:51 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 71AFA160B68; Tue, 21 Feb 2017 20:42:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 469D4160B4F for ; Tue, 21 Feb 2017 21:42:50 +0100 (CET) Received: (qmail 50266 invoked by uid 500); 21 Feb 2017 20:42:49 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 50257 invoked by uid 500); 21 Feb 2017 20:42:49 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 50254 invoked by uid 99); 21 Feb 2017 20:42:49 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2017 20:42:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id E9454C66A8 for ; Tue, 21 Feb 2017 20:42:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.799 X-Spam-Level: * X-Spam-Status: No, score=1.799 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id TxYNZyvUXRo8 for ; Tue, 21 Feb 2017 20:42:47 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 59BD95F2C2 for ; Tue, 21 Feb 2017 20:42:46 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 55081E0AE8 for ; Tue, 21 Feb 2017 20:42:45 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 51EBD2413C for ; Tue, 21 Feb 2017 20:42:44 +0000 (UTC) Date: Tue, 21 Feb 2017 20:42:44 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-8608) Fix unpleasant admin experience with VMware fresh installs/upgrades - System VM's failed to start due to permissions issue MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 21 Feb 2017 20:42:51 -0000 [ https://issues.apache.org/jira/browse/CLOUDSTACK-8608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15876671#comment-15876671 ] ASF GitHub Bot commented on CLOUDSTACK-8608: -------------------------------------------- Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1875 Trillian test result (tid-867) Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 7 Total time taken: 48400 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr1875-t867-vmware-55u3.zip Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Test completed. 46 look ok, 3 have error(s) Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_rvpc_privategw_static_routes | `Failure` | 872.15 | test_privategw_acl.py test_02_redundant_VPC_default_routes | `Error` | 237.39 | test_vpc_redundant.py test_02_list_snapshots_with_removed_data_store | `Error` | 75.67 | test_snapshots.py test_02_list_snapshots_with_removed_data_store | `Error` | 80.75 | test_snapshots.py test_01_vpc_site2site_vpn | Success | 375.63 | test_vpc_vpn.py test_01_vpc_remote_access_vpn | Success | 186.40 | test_vpc_vpn.py test_01_redundant_vpc_site2site_vpn | Success | 596.74 | test_vpc_vpn.py test_02_VPC_default_routes | Success | 368.38 | test_vpc_router_nics.py test_01_VPC_nics_after_destroy | Success | 750.75 | test_vpc_router_nics.py test_05_rvpc_multi_tiers | Success | 665.98 | test_vpc_redundant.py test_04_rvpc_network_garbage_collector_nics | Success | 1527.05 | test_vpc_redundant.py test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | Success | 691.66 | test_vpc_redundant.py test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Success | 1373.64 | test_vpc_redundant.py test_09_delete_detached_volume | Success | 20.62 | test_volumes.py test_06_download_detached_volume | Success | 70.58 | test_volumes.py test_05_detach_volume | Success | 100.22 | test_volumes.py test_04_delete_attached_volume | Success | 15.17 | test_volumes.py test_03_download_attached_volume | Success | 25.26 | test_volumes.py test_02_attach_volume | Success | 58.86 | test_volumes.py test_01_create_volume | Success | 519.45 | test_volumes.py test_change_service_offering_for_vm_with_snapshots | Success | 534.17 | test_vm_snapshots.py test_03_delete_vm_snapshots | Success | 275.17 | test_vm_snapshots.py test_02_revert_vm_snapshots | Success | 227.10 | test_vm_snapshots.py test_01_test_vm_volume_snapshot | Success | 191.26 | test_vm_snapshots.py test_01_create_vm_snapshots | Success | 161.62 | test_vm_snapshots.py test_deploy_vm_multiple | Success | 216.81 | test_vm_life_cycle.py test_deploy_vm | Success | 0.02 | test_vm_life_cycle.py test_advZoneVirtualRouter | Success | 0.02 | test_vm_life_cycle.py test_10_attachAndDetach_iso | Success | 26.68 | test_vm_life_cycle.py test_09_expunge_vm | Success | 125.18 | test_vm_life_cycle.py test_08_migrate_vm | Success | 101.03 | test_vm_life_cycle.py test_07_restore_vm | Success | 0.06 | test_vm_life_cycle.py test_06_destroy_vm | Success | 10.14 | test_vm_life_cycle.py test_03_reboot_vm | Success | 5.10 | test_vm_life_cycle.py test_02_start_vm | Success | 20.17 | test_vm_life_cycle.py test_01_stop_vm | Success | 10.11 | test_vm_life_cycle.py test_CreateTemplateWithDuplicateName | Success | 241.44 | test_templates.py test_08_list_system_templates | Success | 0.02 | test_templates.py test_07_list_public_templates | Success | 0.03 | test_templates.py test_05_template_permissions | Success | 0.04 | test_templates.py test_04_extract_template | Success | 10.16 | test_templates.py test_03_delete_template | Success | 5.08 | test_templates.py test_02_edit_template | Success | 90.18 | test_templates.py test_01_create_template | Success | 120.87 | test_templates.py test_10_destroy_cpvm | Success | 236.61 | test_ssvm.py test_09_destroy_ssvm | Success | 268.53 | test_ssvm.py test_08_reboot_cpvm | Success | 366.63 | test_ssvm.py test_07_reboot_ssvm | Success | 308.41 | test_ssvm.py test_06_stop_cpvm | Success | 176.51 | test_ssvm.py test_05_stop_ssvm | Success | 173.30 | test_ssvm.py test_04_cpvm_internals | Success | 1.02 | test_ssvm.py test_03_ssvm_internals | Success | 3.32 | test_ssvm.py test_02_list_cpvm_vm | Success | 0.09 | test_ssvm.py test_01_list_sec_storage_vm | Success | 0.09 | test_ssvm.py test_01_snapshot_root_disk | Success | 66.15 | test_snapshots.py test_04_change_offering_small | Success | 92.44 | test_service_offerings.py test_03_delete_service_offering | Success | 0.04 | test_service_offerings.py test_02_edit_service_offering | Success | 0.06 | test_service_offerings.py test_01_create_service_offering | Success | 0.08 | test_service_offerings.py test_02_sys_template_ready | Success | 0.14 | test_secondary_storage.py test_01_sys_vm_start | Success | 0.13 | test_secondary_storage.py test_09_reboot_router | Success | 175.86 | test_routers.py test_08_start_router | Success | 155.82 | test_routers.py test_07_stop_router | Success | 25.21 | test_routers.py test_06_router_advanced | Success | 0.04 | test_routers.py test_05_router_basic | Success | 0.03 | test_routers.py test_04_restart_network_wo_cleanup | Success | 5.53 | test_routers.py test_03_restart_network_cleanup | Success | 150.81 | test_routers.py test_02_router_internal_adv | Success | 0.88 | test_routers.py test_01_router_internal_basic | Success | 0.47 | test_routers.py test_router_dns_guestipquery | Success | 76.65 | test_router_dns.py test_router_dns_externalipquery | Success | 0.06 | test_router_dns.py test_router_dhcphosts | Success | 175.51 | test_router_dhcphosts.py test_router_dhcp_opts | Success | 21.30 | test_router_dhcphosts.py test_01_updatevolumedetail | Success | 0.05 | test_resource_detail.py test_01_reset_vm_on_reboot | Success | 30.28 | test_reset_vm_on_reboot.py test_createRegion | Success | 0.03 | test_regions.py test_create_pvlan_network | Success | 5.31 | test_pvlan.py test_dedicatePublicIpRange | Success | 0.33 | test_public_ip_range.py test_03_vpc_privategw_restart_vpc_cleanup | Success | 1021.87 | test_privategw_acl.py test_02_vpc_privategw_static_routes | Success | 690.34 | test_privategw_acl.py test_01_vpc_privategw_acl | Success | 212.22 | test_privategw_acl.py test_01_primary_storage_nfs | Success | 38.41 | test_primary_storage.py test_createPortablePublicIPRange | Success | 15.16 | test_portable_publicip.py test_createPortablePublicIPAcquire | Success | 15.32 | test_portable_publicip.py test_isolate_network_password_server | Success | 93.92 | test_password_server.py test_UpdateStorageOverProvisioningFactor | Success | 0.09 | test_over_provisioning.py test_oobm_zchange_password | Success | 30.59 | test_outofbandmanagement.py test_oobm_multiple_mgmt_server_ownership | Success | 16.27 | test_outofbandmanagement.py test_oobm_issue_power_status | Success | 10.21 | test_outofbandmanagement.py test_oobm_issue_power_soft | Success | 15.30 | test_outofbandmanagement.py test_oobm_issue_power_reset | Success | 15.25 | test_outofbandmanagement.py test_oobm_issue_power_on | Success | 10.26 | test_outofbandmanagement.py test_oobm_issue_power_off | Success | 15.28 | test_outofbandmanagement.py test_oobm_issue_power_cycle | Success | 15.69 | test_outofbandmanagement.py test_oobm_enabledisable_across_clusterzones | Success | 82.17 | test_outofbandmanagement.py test_oobm_enable_feature_valid | Success | 5.11 | test_outofbandmanagement.py test_oobm_enable_feature_invalid | Success | 0.28 | test_outofbandmanagement.py test_oobm_disable_feature_valid | Success | 5.15 | test_outofbandmanagement.py test_oobm_disable_feature_invalid | Success | 0.07 | test_outofbandmanagement.py test_oobm_configure_invalid_driver | Success | 0.06 | test_outofbandmanagement.py test_oobm_configure_default_driver | Success | 0.06 | test_outofbandmanagement.py test_oobm_background_powerstate_sync | Success | 23.30 | test_outofbandmanagement.py test_extendPhysicalNetworkVlan | Success | 15.25 | test_non_contigiousvlan.py test_01_nic | Success | 468.92 | test_nic.py test_releaseIP | Success | 503.86 | test_network.py test_reboot_router | Success | 610.18 | test_network.py test_public_ip_user_account | Success | 10.20 | test_network.py test_public_ip_admin_account | Success | 40.38 | test_network.py test_network_rules_acquired_public_ip_3_Load_Balancer_Rule | Success | 76.47 | test_network.py test_network_rules_acquired_public_ip_2_nat_rule | Success | 61.34 | test_network.py test_network_rules_acquired_public_ip_1_static_nat_rule | Success | 124.88 | test_network.py test_delete_account | Success | 302.46 | test_network.py test_02_port_fwd_on_non_src_nat | Success | 55.51 | test_network.py test_01_port_fwd_on_src_nat | Success | 111.72 | test_network.py test_nested_virtualization_vmware | Success | 328.08 | test_nested_virtualization.py test_nic_secondaryip_add_remove | Success | 191.89 | test_multipleips_per_nic.py login_test_saml_user | Success | 17.82 | test_login.py test_assign_and_removal_lb | Success | 148.37 | test_loadbalance.py test_02_create_lb_rule_non_nat | Success | 207.25 | test_loadbalance.py test_01_create_lb_rule_src_nat | Success | 207.61 | test_loadbalance.py test_03_list_snapshots | Success | 0.06 | test_list_ids_parameter.py test_02_list_templates | Success | 0.03 | test_list_ids_parameter.py test_01_list_volumes | Success | 0.05 | test_list_ids_parameter.py test_07_list_default_iso | Success | 0.04 | test_iso.py test_05_iso_permissions | Success | 0.04 | test_iso.py test_04_extract_Iso | Success | 5.27 | test_iso.py test_03_delete_iso | Success | 95.19 | test_iso.py test_02_edit_iso | Success | 0.06 | test_iso.py test_01_create_iso | Success | 20.68 | test_iso.py test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | Success | 569.14 | test_internal_lb.py test_03_vpc_internallb_haproxy_stats_on_all_interfaces | Success | 388.49 | test_internal_lb.py test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | Success | 1073.04 | test_internal_lb.py test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | Success | 824.05 | test_internal_lb.py test_dedicateGuestVlanRange | Success | 10.18 | test_guest_vlan_range.py test_UpdateConfigParamWithScope | Success | 0.13 | test_global_settings.py test_rolepermission_lifecycle_update | Success | 5.82 | test_dynamicroles.py test_rolepermission_lifecycle_list | Success | 5.71 | test_dynamicroles.py test_rolepermission_lifecycle_delete | Success | 5.58 | test_dynamicroles.py test_rolepermission_lifecycle_create | Success | 5.60 | test_dynamicroles.py test_rolepermission_lifecycle_concurrent_updates | Success | 5.68 | test_dynamicroles.py test_role_lifecycle_update_role_inuse | Success | 5.61 | test_dynamicroles.py test_role_lifecycle_update | Success | 10.75 | test_dynamicroles.py test_role_lifecycle_list | Success | 5.94 | test_dynamicroles.py test_role_lifecycle_delete | Success | 10.68 | test_dynamicroles.py test_role_lifecycle_create | Success | 5.78 | test_dynamicroles.py test_role_inuse_deletion | Success | 5.58 | test_dynamicroles.py test_role_account_acls_multiple_mgmt_servers | Success | 7.07 | test_dynamicroles.py test_role_account_acls | Success | 7.12 | test_dynamicroles.py test_default_role_deletion | Success | 5.73 | test_dynamicroles.py test_04_create_fat_type_disk_offering | Success | 0.05 | test_disk_offerings.py test_03_delete_disk_offering | Success | 0.03 | test_disk_offerings.py test_02_edit_disk_offering | Success | 0.03 | test_disk_offerings.py test_02_create_sparse_type_disk_offering | Success | 0.05 | test_disk_offerings.py test_01_create_disk_offering | Success | 0.06 | test_disk_offerings.py test_deployvm_userdispersing | Success | 55.56 | test_deploy_vms_with_varied_deploymentplanners.py test_deployvm_userconcentrated | Success | 80.72 | test_deploy_vms_with_varied_deploymentplanners.py test_deployvm_firstfit | Success | 231.49 | test_deploy_vms_with_varied_deploymentplanners.py test_deployvm_userdata_post | Success | 35.45 | test_deploy_vm_with_userdata.py test_deployvm_userdata | Success | 156.22 | test_deploy_vm_with_userdata.py test_02_deploy_vm_root_resize | Success | 5.57 | test_deploy_vm_root_resize.py test_01_deploy_vm_root_resize | Success | 5.58 | test_deploy_vm_root_resize.py test_00_deploy_vm_root_resize | Success | 5.65 | test_deploy_vm_root_resize.py test_deploy_vm_from_iso | Success | 201.71 | test_deploy_vm_iso.py test_3d_gpu_support | Success | 451.01 | test_deploy_vgpu_enabled_vm.py test_DeployVmAntiAffinityGroup | Success | 227.64 | test_affinity_groups.py test_08_resize_volume | Skipped | 5.08 | test_volumes.py test_07_resize_fail | Skipped | 15.24 | test_volumes.py test_06_copy_template | Skipped | 0.00 | test_templates.py test_static_role_account_acls | Skipped | 0.02 | test_staticroles.py test_11_ss_nfs_version_on_ssvm | Skipped | 0.02 | test_ssvm.py test_01_scale_vm | Skipped | 66.29 | test_scale_vm.py test_01_primary_storage_iscsi | Skipped | 0.03 | test_primary_storage.py test_06_copy_iso | Skipped | 0.00 | test_iso.py test_deploy_vgpu_enabled_vm | Skipped | 0.76 | test_deploy_vgpu_enabled_vm.py > Fix unpleasant admin experience with VMware fresh installs/upgrades - System VM's failed to start due to permissions issue > -------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-8608 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8608 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Reporter: Likitha Shetty > Assignee: Likitha Shetty > Fix For: Future > > > VMware uses a folder in machine where management server is running to mount secondary storage. This is a bootstrap phase to start system vm, because unlike KVM, Xenserver, management server cannot directly access VMWare ESXI host to download systemvm template from secondary storage to primary storage. The secondary storage is usually managed by SSVM that uses root account to download templates. However, management server is using account 'cloud' to manipulate templates after secondary storage is mounted. After admin registers new systemvm template in CS as a normal upgrade procedure, the old SSVM will download the template using account root, but management server will create new SSVM from the new template using account 'cloud'. Then a permission denied error will raise. > Prior to 4.4, CS used to handle this by running 'chmod -R' to the folder to which secondary storage is mounted every time management server mounts secondary storage. Unfortunately, this method is slow because we are trying to give permissions to the entire folder. So in 4.4, we stopped automatically providing the permissions and asked admin to manually run 'chmod -R' to the folder 'templates' on secondary storage, after registering new systemvm template. > We can avoid this manual admin step by only providing permissions for the /templates folder instead of the entire folder. This way we will avoid the snapshots folder which could be very large in upgrade setups. -- This message was sent by Atlassian JIRA (v6.3.15#6346)