nova can't access instance image file because the file is now chowned to the kvm group by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Zed |
Fix Released
|
Critical
|
Unassigned | ||
nova (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Kinetic |
Fix Released
|
Critical
|
Unassigned | ||
Lunar |
Fix Released
|
Critical
|
Unassigned |
Bug Description
[Impact]
This affects the nova package for kinetic and lunar. It is a side-effect of the changes made in https:/
== original bug description ==
It seems libvirt package in Ubuntu 22.04 uses the kvm group instead of the libvirt-qemu group when launching a qemu process.
Because of this change and the default behavior of libvirt which makes all image files chowned by the group/user to run qemu process, the instance files are owned by the kvm group, instead of the libvirt-qemu group.
However currently the nova user is still added to the libvirt-qemu group instead of the kvm group.
Because of this inconsistency nova can't access to instance image once the files are chowned to the kvm group.
nova 3:26.1.
libvirt 8.0.0-1ubuntu7.4
I've found the problem in puppet jobs. (example https:/
Example error in nova can be found here: https:/
I've tested adding the nova user to the kvm group and confirmed this fixes the error.
https:/
[Test Case]
At the most basic level we can install the nova-compute-qemu package on a machine, and install the nova-compute-kvm package on another machine, and compare the directory and file modes under the /var/lib/nova/ tree.
I'm sure Takashi will be able to give feedback on the fix as well.
[Regression Potential]
This is fixing a regression. We already add the nova user to the kvm group as part of the nova-compute-kvm postinst script, and this fix is doing the same for the nova-compute-qemu postinst script. I don't foresee any new regressions as a result of this.
summary: |
- nova can't access instance data because now the file is chowned to kvm - group + nova can't access instance image file because the file is now chowned to + the kvm group by default |
Changed in nova (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Critical |
Changed in nova (Ubuntu Kinetic): | |
status: | New → Triaged |
importance: | Undecided → Critical |
description: | updated |
description: | updated |
Hi Takashi,
Thanks for reporting this. This code should be in place in the package: /git.launchpad. net/~ubuntu- openstack- dev/ubuntu/ +source/ nova/tree/ debian/ nova-compute- kvm.postinst? h=stable/ zed
https:/
On your installed system you can find postinst scripts installed in /var/lib/dpkg/info/
Is it possible that you're using a different package version than you've reported?
Corey