| 2022-01-21 21:56:00 |
Billy Olsen |
bug |
|
|
added bug |
| 2022-01-21 21:56:08 |
Billy Olsen |
charm-nova-compute: status |
New |
In Progress |
|
| 2022-01-21 21:56:11 |
Billy Olsen |
charm-nova-compute: importance |
Undecided |
High |
|
| 2022-01-21 21:56:14 |
Billy Olsen |
charm-nova-compute: importance |
High |
Medium |
|
| 2022-01-21 21:56:16 |
Billy Olsen |
charm-nova-compute: assignee |
|
Billy Olsen (billy-olsen) |
|
| 2022-01-21 21:56:20 |
Billy Olsen |
charm-nova-compute: milestone |
|
22.04 |
|
| 2022-01-21 22:43:43 |
Billy Olsen |
description |
When apparmor is enabled, instances launched using UEFI bootloader fails with errors in the nova compute log indicating that UEFINotSupported as follows:
2022-01-21 18:36:27.711 210601 ERROR nova.compute.manager [req-3f3210ac-7955-4a5f-bb82-e3142f553ba8 368f85f2704047bf828f04440314fb4f ccaa6e8d5ad241be903e2b6d1b084b3f - 3dd99fe5d6d340dbbe1e3954db2f243a 3dd99fe5d6
d340dbbe1e3954db2f243a] [instance: 41f84494-60e1-464b-aee4-684b4ebbbb1a] Failed to build and run instance: nova.exception.UEFINotSupported: UEFI is not supported
This is due to apparmor denying access to the necessary OVMF data, as seen in the kernel log:
Jan 21 18:36:19 juju-2fd326-zaza-f91f109580ce-10 kernel: [26072.013560] audit: type=1400 audit(1642790179.754:95): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/usr/share/qemu/firmware/" pid=210601 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0
To recreate this, set the image to boot with UEFI bootloader:
$ openstack image set --property hw_firmware_type=uefi $IMAGE
And launch an instance.
Work around is to disable apparmor or put it into complain mode. |
When apparmor is enabled, instances launched using UEFI bootloader fails with errors in the nova compute log indicating that UEFINotSupported as follows:
2022-01-21 18:36:27.711 210601 ERROR nova.compute.manager [req-3f3210ac-7955-4a5f-bb82-e3142f553ba8 368f85f2704047bf828f04440314fb4f ccaa6e8d5ad241be903e2b6d1b084b3f - 3dd99fe5d6d340dbbe1e3954db2f243a 3dd99fe5d6
d340dbbe1e3954db2f243a] [instance: 41f84494-60e1-464b-aee4-684b4ebbbb1a] Failed to build and run instance: nova.exception.UEFINotSupported: UEFI is not supported
This is due to apparmor denying access to the necessary firmware data, as seen in the kernel log:
Jan 21 18:36:19 juju-2fd326-zaza-f91f109580ce-10 kernel: [26072.013560] audit: type=1400 audit(1642790179.754:95): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/usr/share/qemu/firmware/" pid=210601 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0
To recreate this, set the image to boot with UEFI bootloader:
$ openstack image set --property hw_firmware_type=uefi $IMAGE
And launch an instance.
Work around is to disable apparmor or put it into complain mode. |
|
| 2022-04-04 13:46:11 |
OpenStack Infra |
charm-nova-compute: status |
In Progress |
Fix Committed |
|
| 2022-04-04 23:41:53 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
| 2022-04-25 12:35:55 |
OpenStack Infra |
tags |
|
in-stable-xena |
|
| 2022-05-10 15:31:17 |
Alex Kavanagh |
charm-nova-compute: status |
Fix Committed |
Fix Released |
|
