[Openstack-operators] Several openstack nova daemons refuse to start after a reboot

Jeff Silverman jeff at sweetlabs.com
Thu Jul 31 16:25:58 UTC 2014


James,

The problem was that the sudoers file did not include the directive
#include /etc/sudoers.d so that the contents of /etc/sudoers.d/neutron and
/etc/sudoers.d/nova were not included.

The /etc/sudoers.d/neutron file contains:
Defaults:neutron !requiretty

neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap

The /etc/sudoers.d/nova file contains:

Defaults:nova !requiretty

nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *


Thank you for your kind assistance.


Jeff




On Wed, Jul 30, 2014 at 2:52 PM, James Penick <james_r_penick at yahoo.com>
wrote:

> Can you paste the line you have for this headless user in /etc/sudoers?
>
> make sure you have something like:
>
> $user ALL NOPASSWD: /usr/bin/nova-rootwrap
>
> where $user is the name of the headless user you've created to execute
> this process.
>
> -James
>
>
>
> :)=
>
>
>   On Wednesday, July 30, 2014 12:16 PM, Abel Lopez <alopgeek at gmail.com>
> wrote:
>
>
> Couple of things I’d check, first make sure /etc/sudoers has the
> “#includedir /etc/sudoers.d”
> It must have the #, that’s not a comment, that’s what the directive looks
> like.
>
> Secondly, parse the file with visudo to make sure it’s syntactically
> correct, both the /etc/sudoers and any file that may be in /etc/sudoers.d/
> Your nova user’s shell is fine, mine is /bin/false,
>
> On Jul 30, 2014, at 12:04 PM, Jeff Silverman <jeff at sweetlabs.com> wrote:
>
> I had several openstack daemons running properly after going through the
> set up process.  I decided to reboot the machine (because it's going to
> reboot sooner or later and I wanted to find out what would go wrong before
> we pressed the system into production).  Several of the daemons don't start
> properly.  In all cases, there is an error message in the log files of the
> form:
>
> 2014-07-30 10:56:57.349 878 CRITICAL nova [-] ProcessExecutionError: Unexpected error while running command.
>
> Command: sudo nova-nn /etc/nova/rootwrap.conf iptables-save -c
> Exit code: 1
> Stdout: ''
> Stderr: 'sudo: no tty present and no askpass program specified\n'
>
>
> I have googled the error message and I find several items of advice, all
> of which I have taken and none of which have resolved my issue:
>
>
>    - Remove the defaults requiretty from the /etc/sudoers file.  I have
>    done both #Defaults requiretty and Defaults !requiretty  and tried
>    again.  No joy.
>    - I added the following line to nova.conf:
>    root_helper=sudo nova-rootwrap
>    no joy, there, either.
>    - Interestingly enough, if I give the command
>    sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c
>    from the command line as user root, then it works.
>    - I notice that user nova is in /etc/passwd with shell /bin/nologin.
>     I assume that that's there for a reason, so I am reluctant to change it.
>    - If I give the command
>    sudo nova-nn whoami
>    I get:
>    sudo: nova-nn: command not found
>    -
>
>
> I am open to additional suggestions.  I am running on Centos 6.5
>
>
> --
> *Jeff Silverman*
> Systems Engineer
> (253) 459-2318 (c)
>
>  _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>


-- 
*Jeff Silverman*
Systems Engineer
(253) 459-2318 (c)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140731/39cdcc5f/attachment.html>


More information about the OpenStack-operators mailing list