tripleo

nova-libvirt doesn't start with f28-based container and podman

Bug #1812013 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Undecided
Damien Ciabrini

Bug Description

When trying to deploy a standalone stack with f28-based containers and podman, the nova-libvirt container fails to start with the following error:

+ echo 'Running command: '\''/usr/sbin/libvirtd'\'''
+ exec /usr/sbin/libvirtd
2019-01-16 13:41:35.375+0000: 452430: info : libvirt version: 4.1.0, package: 5.fc28 (Fedora Project, 2018-08-23-19:00:58, buildvm-19.phx2.fedoraproject.org)
2019-01-16 13:41:35.375+0000: 452430: info : hostname: standalone.localdomain
2019-01-16 13:41:35.375+0000: 452430: error : virSecuritySELinuxQEMUInitialize:634 : cannot open SELinux label_handle: No such file or directory
2019-01-16 13:41:35.375+0000: 452430: error : qemuSecurityInit:425 : internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : virStateInitialize:775 : Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : daemonRunStateInit:837 : Driver state initialization failed

The following bind mount breaks when using podman:
 - /sys/fs/selinux:/sys/fs/selinux

OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: nobody → Damien Ciabrini (dciabrin)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/631235
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=34d0e5b02090bd7fa45693ff95aa738cd3c7c752
Submitter: Zuul
Branch: master

commit 34d0e5b02090bd7fa45693ff95aa738cd3c7c752
Author: Damien Ciabrini <email address hidden>
Date: Wed Jan 16 15:44:37 2019 +0100

    nova-libvirt: conditionalize selinux bind-mount

    on a F28-based container image nova-libvirt fails to
    start in Podman if /sys/fs/selinux is bind-mounted
    from the host, with the following logs:

    2019-01-16 13:41:35.375+0000: 452430: error : virSecuritySELinuxQEMUInitialize:634 : cannot open SELinux label_handle: No such file or directory
    2019-01-16 13:41:35.375+0000: 452430: error : qemuSecurityInit:425 : internal error: Failed to initialize security drivers
    2019-01-16 13:41:35.375+0000: 452430: error : virStateInitialize:775 : Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
    2019-01-16 13:41:35.375+0000: 452430: error : daemonRunStateInit:837 : Driver state initialization failed

    Perform the bind-mount only when the ContainerCli is set
    to 'docker'.

    Change-Id: I7a2ca4fb1ff8ea5950fd52774c648af5ef274796
    Closes-Bug: #1812013
    Co-Authored-By: Michele Baldessari <email address hidden>

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 10.4.0

This issue was fixed in the openstack/tripleo-heat-templates 10.4.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.