[Openstack-operators] Several openstack nova daemons refuse to start after a reboot
Jeff Silverman
jeff at sweetlabs.com
Thu Jul 31 16:25:58 UTC 2014
James,
The problem was that the sudoers file did not include the directive
#include /etc/sudoers.d so that the contents of /etc/sudoers.d/neutron and
/etc/sudoers.d/nova were not included.
The /etc/sudoers.d/neutron file contains:
Defaults:neutron !requiretty
neutron ALL = (root) NOPASSWD: SETENV: /usr/bin/neutron-rootwrap
The /etc/sudoers.d/nova file contains:
Defaults:nova !requiretty
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *
Thank you for your kind assistance.
Jeff
On Wed, Jul 30, 2014 at 2:52 PM, James Penick <james_r_penick at yahoo.com>
wrote:
> Can you paste the line you have for this headless user in /etc/sudoers?
>
> make sure you have something like:
>
> $user ALL NOPASSWD: /usr/bin/nova-rootwrap
>
> where $user is the name of the headless user you've created to execute
> this process.
>
> -James
>
>
>
> :)=
>
>
> On Wednesday, July 30, 2014 12:16 PM, Abel Lopez <alopgeek at gmail.com>
> wrote:
>
>
> Couple of things I’d check, first make sure /etc/sudoers has the
> “#includedir /etc/sudoers.d”
> It must have the #, that’s not a comment, that’s what the directive looks
> like.
>
> Secondly, parse the file with visudo to make sure it’s syntactically
> correct, both the /etc/sudoers and any file that may be in /etc/sudoers.d/
> Your nova user’s shell is fine, mine is /bin/false,
>
> On Jul 30, 2014, at 12:04 PM, Jeff Silverman <jeff at sweetlabs.com> wrote:
>
> I had several openstack daemons running properly after going through the
> set up process. I decided to reboot the machine (because it's going to
> reboot sooner or later and I wanted to find out what would go wrong before
> we pressed the system into production). Several of the daemons don't start
> properly. In all cases, there is an error message in the log files of the
> form:
>
> 2014-07-30 10:56:57.349 878 CRITICAL nova [-] ProcessExecutionError: Unexpected error while running command.
>
> Command: sudo nova-nn /etc/nova/rootwrap.conf iptables-save -c
> Exit code: 1
> Stdout: ''
> Stderr: 'sudo: no tty present and no askpass program specified\n'
>
>
> I have googled the error message and I find several items of advice, all
> of which I have taken and none of which have resolved my issue:
>
>
> - Remove the defaults requiretty from the /etc/sudoers file. I have
> done both #Defaults requiretty and Defaults !requiretty and tried
> again. No joy.
> - I added the following line to nova.conf:
> root_helper=sudo nova-rootwrap
> no joy, there, either.
> - Interestingly enough, if I give the command
> sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c
> from the command line as user root, then it works.
> - I notice that user nova is in /etc/passwd with shell /bin/nologin.
> I assume that that's there for a reason, so I am reluctant to change it.
> - If I give the command
> sudo nova-nn whoami
> I get:
> sudo: nova-nn: command not found
> -
>
>
> I am open to additional suggestions. I am running on Centos 6.5
>
>
> --
> *Jeff Silverman*
> Systems Engineer
> (253) 459-2318 (c)
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
--
*Jeff Silverman*
Systems Engineer
(253) 459-2318 (c)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140731/39cdcc5f/attachment.html>
More information about the OpenStack-operators
mailing list