<html><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:8pt"><div id="yiv0429569847" class="" style=""><div class="" style=""><div style="background-color: rgb(255, 255, 255);" class=""><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_4" style="color: rgb(0, 0, 0); font-family: 'lucida console', sans-serif; font-size: 8pt;">Also, these docs should help you out: <a href="https://wiki.openstack.org/wiki/Rootwrap" class="" style="font-size: 8pt; background-color: rgb(255, 255, 255);">https://wiki.openstack.org/wiki/Rootwrap</a></div><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_4" style=""><br></div><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_6" style="color: rgb(0, 0, 0); font-family: 'lucida console', sans-serif; font-size: 8pt;"></div><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_8" style="color: rgb(0, 0, 0); font-family: 'lucida console', sans-serif;
font-size: 8pt;"> </div><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_10" style="color: rgb(0, 0, 0); font-family: 'lucida console', sans-serif; font-size: 8pt;">:)=</div> <div class="" id="yiv0429569847yqt85084" style="color: rgb(0, 0, 0); font-family: 'lucida console', sans-serif; font-size: 8pt;"><div class="" id="yiv0429569847yui_3_16_0_8_1406756409121_13" style="display: none;"> <div class="" style="font-family:lucida console, sans-serif;font-size:8pt;"> <div class="" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;"> <div class="" dir="ltr" style=""> <font class="" size="2" face="Arial" style=""> On , James Penick <james_r_penick@yahoo.com> wrote:<br clear="none" style="" class=""> </font> </div> <br clear="none" class="" style=""><br clear="none" class="" style=""> <div class="" style=""><div class="" id="yiv0429569847" style=""><div class="" style=""><div
class="" style="color:#000;background-color:#fff;font-family:lucida console, sans-serif;font-size:8pt;"><div class="" style="">Can you paste the line you have for this headless user in /etc/sudoers?</div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style="color:rgb(0, 0, 0);font-size:11.111111640930176px;font-family:'lucida console', sans-serif;font-style:normal;background-color:transparent;">make sure you have something like:</div><div class="" style="color:rgb(0, 0, 0);font-size:11.111111640930176px;font-family:'lucida console', sans-serif;font-style:normal;background-color:transparent;"><br clear="none" class="" style=""></div><div class="" style="background-color:transparent;">$user<span class="" style="white-space:pre;"> </span>ALL NOPASSWD: /usr/bin/<span class="" style="font-family:monospace;font-size:13.333333969116211px;">nova-rootwrap</span><br clear="none" class="" style=""></div><div class=""
style=""></div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style="">where $user is the name of the headless user you've created to execute this process.</div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style="">-James</div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style=""><span class="" style="font-size:8pt;"> </span><br clear="none" class="" style=""></div><div class="" style="">:)=</div> <div class="" style=""><br clear="none" class="" style=""><br clear="none" class="" style=""></div><div class="" style="display:block;"> <div class="" style="font-family:lucida console, sans-serif;font-size:8pt;"> <div class="" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;"> <div class="" id="yiv0429569847yqt91060" style=""><div
class="" dir="ltr" style=""> <font class="" size="2" face="Arial" style=""> On Wednesday, July 30, 2014 12:16 PM, Abel Lopez <alopgeek@gmail.com> wrote:<br clear="none" class="" style=""> </font> </div> <br clear="none" class="" style=""><br clear="none" class="" style=""> <div class="" style=""><div class="" id="yiv0429569847" style=""><div class="" style="">Couple of things I’d check, first make sure /etc/sudoers has the “#includedir /etc/sudoers.d” <div class="" style="">It must have the #, that’s not a comment, that’s what the directive looks like.</div><div class="" style=""><br clear="none" class="" style=""></div><div class="" style="">Secondly, parse the file with visudo to make sure it’s syntactically correct, both the /etc/sudoers and any file that may be in /etc/sudoers.d/</div><div class="" style="">Your nova user’s shell is fine, mine is /bin/false, </div><div class="" style=""><br clear="none" class=""
style=""><div class="" style=""><div class="" id="yiv0429569847yqt33496" style=""><div class="" style="">On Jul 30, 2014, at 12:04 PM, Jeff Silverman <<a rel="nofollow" shape="rect" class="" ymailto="mailto:jeff@sweetlabs.com" target="_blank" href="mailto:jeff@sweetlabs.com" style="">jeff@sweetlabs.com</a>>
wrote:</div><br clear="none" class="" style=""><blockquote class="" type="cite" style=""><div class="" dir="ltr" style=""><div class="" style="font-family:'times new roman', serif;">I had several openstack daemons running properly after going through the set up process. I decided to reboot the machine (because it's going to reboot sooner or later and I wanted to find out what would go wrong before we pressed the system into production). Several of the daemons don't start properly. In all cases, there is an error message in the log files of the form:</div>
<div class="" style="font-family:'times new roman', serif;"><br clear="none" class="" style=""></div><div class="" style="font-family:'times new roman', serif;"><pre class="" style="">2014-07-30 10:56:57.349 878 CRITICAL nova [-] ProcessExecutionError: Unexpected error while running command.<br clear="none" class="" style="">
Command: sudo nova-nn /etc/nova/rootwrap.conf iptables-save -c<br clear="none" class="" style="">Exit code: 1<br clear="none" class="" style="">Stdout: ''<br clear="none" class="" style="">Stderr: 'sudo: no tty present and no askpass program specified\n'<br clear="none" class="" style=""></pre></div><div class="" style="font-family:'times new roman', serif;">
<br clear="none" class="" style=""></div><div class="" style="font-family:'times new roman', serif;">I have googled the error message and I find several items of advice, all of which I have taken and none of which have resolved my issue:</div>
<div class="" style="font-family:'times new roman', serif;"><br clear="none" class="" style=""></div><div class="" style=""><ul class="" id="yiv0429569847yui_3_16_0_1_1406756409121_7865" style=""><li class="" style=""><font class="" face="times new roman, serif" style="">Remove the defaults requiretty from the /etc/sudoers file. I have done both </font><tt class="" style=""><font class="" color="#00cccc" style="">#Defaults requiretty</font></tt> and <tt class="" style=""><font class="" color="#ff6600" style="">Defaults</font> <font class="" color="#00cccc" style="">!requiretty</font></tt> <font class="" face="times new roman, serif" style="">and tried again. No joy.</font></li><li class="" style=""><font class="" face="times new roman, serif" style="">I added the following line to nova.conf:</font><br clear="none" class="" style=""><font class="" face="courier new, monospace" style="">root_helper=sudo
nova-rootwrap</font><br clear="none" class="" style=""><font class="" face="times new roman, serif" style="">no joy, there, either.</font></li><li class="" style=""><font class="" face="times new roman, serif" style="">Interestingly enough, if I give the
command
<kbd class="" style="">sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c</kbd>
<br clear="none" class="" style="">
from the command line as user root, then it works.</font></li><li class="" style=""><font class="" face="times new roman, serif" style="">I notice that user nova is in</font><font class="" face="courier new, monospace" style=""> /etc/passwd</font><font class="" face="times new roman, serif" style=""> with shell</font><font class="" face="courier new, monospace" style=""> /bin/nologin</font><font class="" face="times new roman, serif" style="">. I assume that that's there for a reason, so I am reluctant to change it.</font></li><li class="" style=""><font class="" face="times new roman, serif" style="">If I give the command</font><br clear="none" class="" style=""><font class="" face="courier new, monospace" style="">sudo nova-nn whoami</font><br clear="none" class="" style=""><font class="" face="times new roman, serif" style="">I get:</font><br clear="none" class="" style=""><font class="" face="courier new, monospace" style="">sudo:
nova-nn: command not found</font></li><li class="" style="font-family:'times new roman', serif;"><br clear="none" class="" style=""></li></ul></div><div class="" style="font-family:'times new roman', serif;"><br clear="none" class="" style=""></div><div class="" style="font-family:'times new roman', serif;">
I am open to additional suggestions. I am running on Centos 6.5</div><div class="" style="font-family:'times new roman', serif;"><br clear="none" class="" style=""></div><div class="" style=""><br clear="none" class="" style=""></div>-- <br clear="none" class="" style=""><div class="" dir="ltr" style=""><b class="" style="">Jeff Silverman</b><div class="" style="">
Systems Engineer</div><div class="" style="">(253) 459-2318 (c)</div><div class="" style=""><img class="" src="https://dl.dropboxusercontent.com/u/16943296/SweetLabs-Signatures/New_2014/signature-logo.png" style=""><br clear="none" class="" style=""></div></div>
</div>
_______________________________________________<br clear="none" class="" style="">OpenStack-operators mailing list<br clear="none" class="" style=""><a rel="nofollow" shape="rect" class="" ymailto="mailto:OpenStack-operators@lists.openstack.org" target="_blank" href="mailto:OpenStack-operators@lists.openstack.org" style="">OpenStack-operators@lists.openstack.org</a><br clear="none" class="" style="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators<br clear="none" class="" style=""></blockquote></div></div><br clear="none" class="" style=""></div></div></div><br clear="none" class="" style=""><div class="" id="yiv0429569847yqt58656" style="">_______________________________________________<br clear="none" class="" style="">OpenStack-operators mailing list<br clear="none" class="" style=""><a rel="nofollow" shape="rect" class="" ymailto="mailto:OpenStack-operators@lists.openstack.org" target="_blank"
href="mailto:OpenStack-operators@lists.openstack.org" style="">OpenStack-operators@lists.openstack.org</a><br clear="none" class="" style=""><a rel="nofollow" shape="rect" class="" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" style="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br clear="none" class="" style=""></div><br clear="none" class="" style=""><br clear="none" class="" style=""></div></div> </div> </div> </div> </div></div></div><br clear="none" class="" style=""><br clear="none" class="" style=""></div> </div> </div> </div></div> </div></div></div></div></body></html>