libguestfs launch image failed in ubuntu
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Expired
|
Undecided
|
Unassigned | ||
OpenStack-Ansible |
Expired
|
Undecided
|
Unassigned |
Bug Description
I had following settings when I want to enable inject feature in nova.
[libvirt]
inject_partition = -1
inject_key = True
But nova-compute service will raise following exception
2015-10-20 07:12:57.318 ERROR nova.virt.
To see full error messages you may need to enable debugging.
See http://
2015-10-20 07:12:57.319 ERROR nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.319 TRACE nova.compute.
2015-10-20 07:12:57.322 INFO nova.compute.
Why guestfs will inspect capabilities fail?
Because of host's kernel only allow root user had read/write permission.
If compute-service didn't had read permission then it will launch image fail.
In libguestfs offical FAQ site had point out this issue, following is the link
http://
It had suggested users to change host's kernel permission.
You can also check result by guestfish command:
> export LIBGUESTFS_DEBUG=1
> export LIBGUESTFS_TRACE=1
> guestfish -a /dev/null
<fs> launch
...
...
/usr/bin/
libguestfs: error: /usr/bin/
...
...
We can have three way to resolve this problem.
1. Open service in root permission
2. Change kernel's permission in compute-service
3. Check whether service had permission to read kernel. Suggest users to modify permission instead directly modify permission. Then users need to manually change kernel's permission.
We shouldn't open service in root permission, therefore first way shouldn't been accepted.
It will probably have security issue if service can directly change file's permission.
At last, I prefer third way.
Because of this issue will only happen in ubuntu os and previous reasons.
libguestfs-tools 1:1.24.5-1
Changed in nova: | |
assignee: | nobody → Chung Chih, Hung (lyanchih) |
Changed in openstack-ansible: | |
status: | New → In Progress |
Changed in nova: | |
assignee: | Chung Chih, Hung (lyanchih) → nobody |
Changed in openstack-ansible: | |
status: | In Progress → Incomplete |
@lyanchih:
I tend to believe that this is a duplicate to bug 1413142 so I close this bug as duplicate so that the effort to solve this issue is solely focues on bug 1413142.