OpenStack Nova Compute Charm

nova-compute fails to start when contrail-agent is installed because of apparmor

Bug #1796127 reported by Nicolas Pochet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Nova Compute Charm
Triaged
Low
Unassigned

Bug Description

When installing the nova-compute charm with contrail-agent as a subordinate charm, the nova-compute service fails to start.
juju status shows the app as blocked with the message: Services not running that should be: nova-compute.
Using journalct for the nova-compute unit, one can find the following traceback:

Traceback (most recent call last):
   File "/usr/bin/nova-compute", line 6, in <module>
     from nova.cmd.compute import main
   File "/usr/lib/python2.7/dist-packages/nova/__init__.py", line 30, in <module>
     import eventlet # noqa
   File "/usr/lib/python2.7/dist-packages/eventlet/__init__.py", line 10, in <module>
     from eventlet import convenience
   File "/usr/lib/python2.7/dist-packages/eventlet/convenience.py", line 3, in <module>
     from eventlet import greenio
   File "/usr/lib/python2.7/dist-packages/eventlet/greenio/__init__.py", line 3, in <module>
     from eventlet.greenio.base import * # noqa
   File "/usr/lib/python2.7/dist-packages/eventlet/greenio/base.py", line 445, in <module>
     from OpenSSL import SSL
   File "/usr/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
     from OpenSSL import rand, crypto, SSL
   File "/usr/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 13, in <module>
     from cryptography.hazmat.primitives.asymmetric import dsa, rsa
   File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 14, in <module>
     from cryptography.hazmat.backends.interfaces import RSABackend
   File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>
     import pkg_resources
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3019, in <module>
     @_call_aside
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3003, in _call_aside
     f(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3032, in _initialize_master_working_set
     working_set = WorkingSet._build_master()
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 646, in _build_master
     ws = cls()
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 639, in __init__
     self.add_entry(entry)
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 695, in add_entry
     for dist in find_distributions(entry, True):
   File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2012, in find_on_path
     if len(os.listdir(fullpath)) == 0:
 OSError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/ContrailProvisioning-0.1.dev0.egg-info'

After further investigation, it turns out that apparmor is not allowing nova-compute to access the folder.
A work-around to have nova-compute in a good shape it to pass the following config to the app:
aa-profile-mode: disable
Instead of disable, complain could also work.

Revision history for this message
Nicolas Pochet (npochet) wrote :

I also attached a more than minimal version of the bundle to show the relation between the nova-compute charm and contrail-agent.

Revision history for this message
Nicolas Pochet (npochet) wrote :

Here is the output of juju config nova-compute app

James Page (james-page)
Changed in charm-nova-compute:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.