Re: CentOS 8 Ussuri can't launch instance /usr/libexec/qemu-kvm: Permission denied

Oliver Weinmann oliver.weinmann at me.com
Wed Nov 11 15:49:01 UTC 2020


Hi again,



sorry to pick up this old post again but I manged to figure out what's wrong. The error:



end Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)

only arises when using the nano flavor:


openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano


It works fine when using 128 instead of 64MB RAM:


openstack flavor create --id 0 --vcpus 1 --ram 128 --disk 1 m1.nano
Cheers,
Oliver


Am 19. Oktober 2020 um 16:21 schrieb Oliver Weinmann <oliver.weinmann at me.com>:


Ok, I will try to disable selinux and deploy one more compute node. I just stumbled across another issue, not sure if it is related. The instance seems to be deployed just fine but now I looked on the console and neither cirros nor centos 7 seem to be booting up correctly.



on cirros i see an error:



[    0.846019] ---[ end Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) ]---

and on centos7:

error: not a correct XFS inode.

I tried to create with ephemeral and volume.

Cheers,
Oliver

Am 19. Oktober 2020 um 16:09 schrieb Alex Schultz <aschultz at redhat.com>:


On Mon, Oct 19, 2020 at 7:59 AM Oliver Weinmann <oliver.weinmann at me.com> wrote:



First of all thanks a lot for the quick reply.


I just checked and it seems that the package is really not available for centos8 from the upstream repo:


https://centos.pkgs.org/8/centos-appstream-x86_64/podman-1.6.4-15.module_el8.2.0+465+f9348e8f.x86_64.rpm.html



When you say it should be available via rdo, does this mean I have to add or use a different repo when deploying undercloud / overcloud? I have followed the tripleo guide to deploy it:

I thought we shipped it, maybe we don't because we run with selinux
disabled so it doesn't show up in CI.




https://docs.openstack.org/tripleo-docs/latest/



And is there a way to disable selinux on all overcloud nodes by default? I guess it is the default to disable it?

Set the following in an environment file as part of the deployment:

parameter_defaults:
SELinuxMode: permissive




Cheers,
Oliver


Am 19. Oktober 2020 um 15:29 schrieb Alex Schultz <aschultz at redhat.com>:


On Mon, Oct 19, 2020 at 7:09 AM Oliver Weinmann <oliver.weinmann at me.com> wrote:




Hi all,




I have successfully deployed the overcloud many many times, but this time I have a strange behaviour. Whenever I try to launch an instance it fails. I checked the logs on the compute node and saw this error:




Failed to build and run instance: libvirt.libvirtError: internal error: process exited while connecting to monitor: libvirt: error : cannot execute binary /usr/libexec/qemu-kvm: Permission denied




googling led me to the solution to disable selinux:




setenforce 0




I have not made this change persistent yet, as I would like to know why I'm facing this issue right now. What is actually the default for the overcloud nodes SeLinux? Enforcing, permissive or disabled? I build the ipa and overcloud image myself as I had to include drivers. Is this maybe the reason why SeLinux is now enabled, but is actually disabled when using the default ipa images?






From a TripleO perspective, we do not officially support selinux
enabled when running with CentOS. In theory it should work, however
it is very dependent on versions. I think you're likely running into
an issue with the correct version of podman which is likely causing
this. We've had some issues as of late which require a very specific
version of podman in order to work correctly with nova compute when
running with selinux enabled. You need 1.6.4-15 or higher which I
don't think is available with centos8. It should be available via
RDO.


Related: https://review.opendev.org/#/c/736173/



Thanks and Best Regards,


Oliver










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201111/e5834fe3/attachment-0001.html>


More information about the openstack-discuss mailing list