devstack

Unable to run `setgid` on cent7 (sudo needed?)

Bug #1626786 reported by Joshua Harlow
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
devstack
Invalid
Undecided
Unassigned

Bug Description

I am running devstack on a cent7 virtual machine,

With the following configuration:

[[local|localrc]]

<tokens and stuff>

# Might as well do this (since it's for dev. anyway).
DATABASE_QUERY_LOGGING=True

LOGFILE=/opt/stack/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=False
ENABLE_DEBUG_LOG_LEVEL=true

GIT_BASE=${GIT_BASE:-https://git.openstack.org}
SYSLOG=False
USE_SCREEN=False
LOG_COLOR=False

VIRT_DRIVER=libvirt
LIBVIRT_TYPE=qemu
FORCE_CONFIG_DRIVE=True

ENABLED_SERVICES=nova
ENABLED_SERVICES+=n-api-meta,n-cpu,n-net,
DISABLED_SERVICE+=,n-sch,n-api,n-obj,n-novnc,n-xvnc,n-spice
DISABLED_SERVICE+=,n-crt,n-cauth,n-sproxy
DISABLED_SERVICE+=,mysql,postgresql

Upon starting though a weird issue happens (that isn't apparently handled correctly?)

Setup and such works out fine, but when starting the service I see the following:

setsid sg libvirtd '/usr/bin/nova-compute --config-file /etc/nova/nova.conf'

setgid: Operation not permitted

Tracking this into functions-common it almost feels like a sudo is needed on that operation?

Revision history for this message
Joshua Harlow (harlowja) wrote :

$ cat n-cpu.log
+ [[ -n libvirtd ]]
+ echo 8220
+ exit 0
+ setsid sg libvirtd '/usr/bin/nova-compute --config-file /etc/nova/nova.conf'
setgroups: Operation not permitted
setgid: Operation not permitted

Revision history for this message
Ian Wienand (iwienand) wrote :

we run this in the gate and it works ...

---
+ functions-common:_run_process:1440 : [[ -n libvirtd ]]
+ functions-common:_run_process:1441 : setsid sg libvirtd '/usr/bin/nova-compute --config-file /etc/nova/nova.conf'
+ functions-common:_run_process:1441 : echo 18702
+ functions-common:_run_process:1447 : exit 0
---

I get the feeling that maybe you haven't been properly put into the libvirtd group?

---
lib/nova_plugins/functions-libvirt: # The user that nova runs as needs to be member of **libvirtd** group otherwise
lib/nova_plugins/functions-libvirt: # nova-compute will be unable to use libvirt.
---

maybe attach the full logs?

Revision history for this message
Joshua Harlow (harlowja) wrote :

Sure, I'll attach, though I also ran the 'add to' libvirtd group (aka the add command u mentioned) manually, then tried the same command stack.sh ran to start n-cpu, then still got this kind of error.

Will get the logs tomorrow though (currently at home which doesn't have them); and I'll mess around with ensuring the user actually got added to the group...

Part of this is because I'm working through https://github.com/harlowja/multi-devstack (an easy to use multi-node devstack) and perhaps it's just never been seen before.

Revision history for this message
Sean Dague (sdague) wrote :

This devstack bug was last updated over 180 days ago, as devstack
is a fast moving project and we'd like to get the tracker down to
currently actionable bugs, this is getting marked as Invalid. If the
issue still exists, please feel free to reopen it.

Changed in devstack:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.