[openstack-dev] [nova][NFS] Inexplicable utime permission denied when launching instance
sombrafam at gmail.com
Wed Oct 24 12:40:23 UTC 2018
I think that there's a change that AppArmor is blocking the access. Have
you checked the dmesg messages related with apparmor?
Em sex, 19 de out de 2018 às 09:38, Neil Jerram <neil at tigera.io> escreveu:
> Wracking my brains over this one, would appreciate any pointers...
> Setup: Small test deployment with just 3 compute nodes, Queens on Ubuntu
> Bionic. The first compute node is an NFS server for
> /var/lib/nova/instances, and the other compute nodes mount that as NFS
> Problem: Sometimes, when launching an instance which is scheduled to one
> of the client nodes, nova-compute (in imagebackend.py) gets Permission
> Denied (errno 13) when calling utime to touch the timestamp on the instance
> Through various bits of debugging and hackery, I've established that:
> - it looks like the problem never occurs when this is the call that
> bootstraps the privsep setup; but it does occur quite frequently on later
> - when the problem occurs, retrying doesn't help (5 times, with 0.5s in
> - the instance file does exist, and is owned by root with read/write
> permission for root
> - the privsep helper is running as root
> - the privsep helper receives and executes the request - so it's not a
> problem with communication between nova-compute and the helper
> - root is uid 0 on both NFS server and client
> - NFS setup does not have the root_squash option
> - there is some AppArmor setup, on both client and server, and I haven't
> yet worked out whether that might be relevant.
> Any ideas?
> Many thanks,
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev