Custom console access port breaks nova-spiceproxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Cloud Controller Charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Hi team,
I enabled the option of console-
ubuntu@
× nova-spiceproxy
Loaded: loaded (/lib/systemd/
Active: failed (Result: exit-code) since Wed 2024-05-01 09:28:15 UTC; 58s ago
Docs: man:nova-
Process: 232230 ExecStart=
Main PID: 232230 (code=exited, status=1/FAILURE)
CPU: 1.217s
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: nova-spiceproxy
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: Stopped OpenStack Compute Spice HTML5 Proxy.
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: nova-spiceproxy
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: nova-spiceproxy
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: nova-spiceproxy
May 01 09:28:15 juju-8291a9-6-lxd-9 systemd[1]: Failed to start OpenStack Compute Spice HTML5 Proxy.
Checking the logs for it I find:
2024-05-01 09:36:30.033 275287 INFO nova.console.
2024-05-01 09:36:30.033 275287 INFO nova.console.
2024-05-01 09:36:30.033 275287 INFO nova.console.
2024-05-01 09:36:30.033 275287 INFO nova.console.
2024-05-01 09:36:30.034 275287 CRITICAL nova [-] Unhandled error: PermissionError: [Errno 13] Permission denied
2024-05-01 09:36:30.034 275287 ERROR nova Traceback (most recent call last):
2024-05-01 09:36:30.034 275287 ERROR nova File "/usr/bin/
2024-05-01 09:36:30.034 275287 ERROR nova sys.exit(main())
2024-05-01 09:36:30.034 275287 ERROR nova File "/usr/lib/
2024-05-01 09:36:30.034 275287 ERROR nova baseproxy.proxy(
2024-05-01 09:36:30.034 275287 ERROR nova File "/usr/lib/
2024-05-01 09:36:30.034 275287 ERROR nova ).start_server()
2024-05-01 09:36:30.034 275287 ERROR nova File "/usr/lib/
2024-05-01 09:36:30.034 275287 ERROR nova lsock = self.socket(
2024-05-01 09:36:30.034 275287 ERROR nova File "/usr/lib/
2024-05-01 09:36:30.034 275287 ERROR nova sock.bind(
2024-05-01 09:36:30.034 275287 ERROR nova PermissionError: [Errno 13] Permission denied
Versions;
Openstack Yoga
Juju 3.4.2
nova-cloud-
description: | updated |
Changed in charm-nova-cloud-controller: | |
status: | Confirmed → Triaged |
This issue happens because 443 is a privileged port and nova-spiceproxy runs as non-root. Fixing this would probably require us to rethink how this daemon gets deployed, maybe with haproxy (or apache2) in front of it.
@Natalia, I'm marking this bug as a whishlist, if you need this to be higher priority , please share with us the use case that you are trying to satisfy by binding this daemon to the port 443.