Open Stack

On Mon, Oct 19, 2020 at 7:09 AM Oliver Weinmann <oliver.weinmann at me.com> wrote:
>
> Hi all,
>
> I have successfully deployed the overcloud many many times, but this time I have a strange behaviour. Whenever I try to launch an instance it fails. I checked the logs on the compute node and saw this error:
>
> Failed to build and run instance: libvirt.libvirtError: internal error: process exited while connecting to monitor: libvirt:  error : cannot execute binary /usr/libexec/qemu-kvm: Permission denied
>
> googling led me to the solution to disable selinux:
>
> setenforce 0
>
> I have not made this change persistent yet, as I would like to know why I'm facing this issue right now. What is actually the default for the overcloud nodes SeLinux? Enforcing, permissive or disabled? I build the ipa and overcloud image myself as I had to include drivers. Is this maybe the reason why SeLinux is now enabled, but is actually disabled when using the default ipa images?
>

>From a TripleO perspective, we do not officially support selinux
enabled when running with CentOS.  In theory it should work, however
it is very dependent on versions. I think you're likely running into
an issue with the correct version of podman which is likely causing
this.  We've had some issues as of late which require a very specific
version of podman in order to work correctly with nova compute when
running with selinux enabled.  You need 1.6.4-15 or higher which I
don't think is available with centos8.  It should be available via
RDO.

Related: https://review.opendev.org/#/c/736173/

> Thanks and Best Regards,
> Oliver
>