)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33330,"name":"Karl Kloppenborg","email":"k@rl.ag","username":"karl_kloppenborg"},"change_message_id":"e4bad9e6f60ae6c85db713250681adebc18ec2c5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"03668c45_2322954c","updated":"2023-05-03 01:59:33.000000000","message":"@Vladimir I am of the opinion based on the https://storyboard.openstack.org/#!/story/2008526 that this change should be abandoned in favour of LOCI images?","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"fb20dfe8855215aa44f7a683a13f3ee92a64883a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"6065f459_c6d9a8bc","updated":"2023-04-28 07:39:09.000000000","message":"Just FYI, there was a story on the storyboard about this https://storyboard.openstack.org/#!/story/2008526\n\nAnd there was a fix for this in the image https://review.opendev.org/c/openstack/openstack-helm-images/+/753358/7/nova-ssh/Dockerfile.ubuntu_bionic \nAt the moment we use loci images by default. To fix this in the ssh-start.sh script seems reasonable but let\u0027s keep in mind that it is still more a matter of a particular image to provide all necessary default files for the software installed in the image.","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":33330,"name":"Karl Kloppenborg","email":"k@rl.ag","username":"karl_kloppenborg"},"change_message_id":"c842fd477ae0e0911066a52d6fa81a442842d25c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"3efebc74_a1b4ab7c","updated":"2023-04-28 04:37:31.000000000","message":"LGMT","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":4428,"name":"Liyingjun","email":"yinjalee@163.com","username":"liyingjun"},"change_message_id":"28290210a15a8a6e42da697599fc7f72a6d51f12","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0afbc0c0_c30fff1f","updated":"2023-04-24 07:07:46.000000000","message":"recheck","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"1e5d974021abf8532b59359989d7b8811a5ab927","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"361480d3_7dede0b4","updated":"2023-05-02 12:35:35.000000000","message":"recheck","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"c3fc35663a462886ecf4b8e9c9fa5a6d8c8713be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"44db0f07_48dd0487","updated":"2023-05-02 08:09:30.000000000","message":"recheck","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"bba551eefe562253dcebe6eb027381e1aa6e1cd5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"793beeae_1c13d2c3","updated":"2023-05-05 21:23:10.000000000","message":"recheck","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"3a8c096487e60be85be01f429dffd915144bdd15","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"c0472b2b_be8ee379","in_reply_to":"03668c45_2322954c","updated":"2023-05-04 08:29:23.000000000","message":"Generally speaking, you are right that it is a matter of an image to provide all necessary files like /run/sshd. And we used to run ssh server from a separate image nova-ssh https://opendev.org/openstack/openstack-helm-images/src/branch/master/nova-ssh where this directory is created /var/run/sshd (which is a symbolic link to /run/sshd).\nThe thing is that at the moment we use by default the loci nova image to run ssh server on compute nodes https://opendev.org/openstack/openstack-helm/src/branch/master/nova/values.yaml#L71 But there is no ssh server installed in this loci nova image and we don\u0027t see the error while testing only because the ssh server is disabled by default https://opendev.org/openstack/openstack-helm/src/branch/master/nova/values.yaml#L251 This is definitely a bug and it must be fixed. \n\nI don\u0027t know which image is used when a user gets this original error \"Missing privilege separation directory\" but this fix looks pretty safe (mkdir -p /run/sshd) and having this in our start script might be useful for the cases when a third party ssh image is used.","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"},{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"e4e70abd10f367d730c241c5fce0c0453aea4bfe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0c56a566_e63840d4","in_reply_to":"c0472b2b_be8ee379","updated":"2023-05-04 10:22:59.000000000","message":"Yet another thing. In the original ubuntu openssh-server package the sshd init script takes care of /run/sshd directory not the package postinstall script. Since our start-ssh.sh script in some sense plays the role of the the init script, then probably it makes sense to add this fix (mkdir -p /run/sshd) to our script.","commit_id":"f90fa9ea9ee0fa2630f212a9ddc3f61bca3302ae"}]}