Nova: Permission Denied, Ubuntu 12.04 B1

add the following to /etc/sudoers.d/nova_sudoers

Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
                      /bin/chown /var/lib/nova/tmp/*/root/.ssh, \
                      /bin/chown, \
                      /bin/chmod, \
                      /bin/dd, \
                      /sbin/ip, \
                      /sbin/route, \
                      /sbin/iptables-save, \
                      /sbin/iptables-restore, \
                      /sbin/ip6tables-save, \
                      /sbin/ip6tables-restore, \
                      /sbin/kpartx, \
                      /sbin/losetup, \
                      /sbin/lvcreate, \
                      /sbin/lvdisplay, \
                      /sbin/lvremove, \
                      /bin/mkdir, \
                      /bin/mount, \
                      /sbin/pvcreate, \
                      /usr/bin/tee, \
                      /sbin/tune2fs, \
                      /bin/umount, \
                      /sbin/vgcreate, \
                      /usr/bin/qemu-nbd, \
                      /usr/sbin/brctl, \
                      /sbin/brctl, \
                      /usr/sbin/radvd, \
                      /usr/sbin/vblade-persist, \
                      /bin/kill, \
                      /usr/sbin/ietadm, \
                      /sbin/vgs, \
                      /sbin/iscsiadm, \
                      /usr/bin/socat, \
                      /sbin/parted, \
                      /usr/sbin/dnsmasq, \
                      /usr/bin/arping

nova ALL = (root) NOPASSWD: SETENV: NOVACMDS

Clearly not the right fix

Might be a packaging bug, have you any idea why those were created root-owned in the first place ? I bet you always ran nova as "nova" user, right ?

I've never had to alter or change permissions before. Nova services has always ran as 'nova'.
This is on a fresh install too.
Certainly wouldn't expect a bug to be closed because I can add a number of entries to sudoers.

Incidentally my sudo config is:
nova.conf:
--root_helper=sudo nova-rootwrap

sudoers:
#includedir /etc/sudoers.d

/etc/sudoers.d/nova_sudoers
Defaults:nova !requiretty

nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap

Feels to me specifically related to packaging, setting the /var/lib/nova to root:root perms.

Packaging makes new installs do chmod /var/lib/nova nova:nova properly.
And looking at your description /var/lib/nova is owned by nova...

Looks like buckets, images, instances, keys and networks were created while running as root, which means nova was running as root when it created them. Could that be the result of some test ? Can you reproduce it ?

I'm repeating the install now.

For clarification: I've not deviated from any startup/boot scripts. When launching services I am the root user, but I'm using the upstart scripts. I've never ran any service directly as the root user (or without the upstart/init script) which implies its an upstart/init script that has done something as root that shouldn't have. All services when ran as the root user change to run as the appropriate unprivileged user.

e.g. (as root): $ start nova-compute

Just doing another 12.04 install now to ensure nothing has crept in that does this, or at least helps identify this.

Happy to mark as invalid.
Install of nova-* on Ubuntu 12.04 - permissions seem good now.

# ls -al /var/lib/nova/
total 148
drwxr-xr-x 9 nova nova 4096 Mar 19 12:21 .
drwxr-xr-x 41 root root 4096 Mar 19 12:20 ..
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 buckets
drwxr-xr-x 8 nova nova 4096 Mar 19 12:19 CA
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 images
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 instances
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 keys
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 networks
-rw-r--r-- 1 nova nova 104448 Mar 19 12:21 nova.sqlite
-rw------- 1 nova nova 1024 Mar 19 12:19 .rnd
drwxr-xr-x 2 nova nova 4096 Mar 16 20:20 tmp