Open Stack

Hi Simon,

I'm the Debian developer responsible for the package in Debian.

On 07/21/2011 07:58 PM, Simon Guerrero wrote:
>  Hi folks
>
> I've been trying to get an install of openStack working on Debian
> (sid, for my sins). I figured a good start point might be the
> Ubuntu Maverick guide.

The word "unstable" doesn't mean "crashes often", but "is updated
often". So it doesn't mean that it's going to fail just because you are
using SID!!!

> I followed the guide, then the "Installing Nova On A Single Host"
> guide. I had to make a few changes, but it looked generally OK.
> However, I'm finding nova-compute won't start because it gets a
> "Permission Denied" error, namely:
>
> (nova.exception): TRACE:     if ret is None:raise
> libvirtError('virConnectOpenAuth() failed')
> (nova.exception): TRACE: libvirtError: unable to connect to
> '/var/run/libvirt/libvirt-sock', libvirtd may need to be started:
> Permission denied

Unfortunately, I haven't been able to find out what the problem was.
Nova is part of the libvirt group in Debian, as you can see in the postinst:

if [ "$1" = "configure" ]; then
    if dpkg-vendor --derives-from ubuntu ; then
        LIBVIRTGRP=libvirtd
    else
        LIBVIRTGRP=libvirt
    fi
    if ! getent group ${LIBVIRTGRP} | grep -qE '\<nova\>'
    then
        adduser nova ${LIBVIRTGRP}
    fi
fi

Indeed, there's a difference between Debian and Ubuntu. In Ubuntu,
libvirt group is libvirtd, but in Debian it's libvirt, hence the
postinst above for nova-compute.

But it still doesn't work. The only way to have it working is to set
more permissive rights for the socket file in
/var/run/libvirt/libvirt-sock. That is done by tweaking the
configuration files of libvirt-bin (eg: if you put 777 for the variable
unix_sock_rw_perms in /etc/libvirt/libvirtd.conf).

I didn't have time to investigate the issue, but it's possible that
somewhere in the Nova code, there's something that uses the group
libvirtd instead of libvirt. Help on this would be much much appreciated.

If you don't really care, just put 777 in unix_sock_rw_perms and go with
it, but of course, that's a security issue!!!

> Looks like it might be a problem with euca2ools. It seems to be taking
> the path "images/aki-lucid/image" and trying to remove the end of it,
> but doing a rather greedy match on "image" and ending up taking out the
> start too!

No, when you put the permissions above for the libvirt socket file,
euca2ools are working just fine.

> Can anyone help, especially with the Permission Denied error? I figured
> if I could get this running, the modified instructions might be useful
> to other Debianites in the meantime...

It'd be great if you could report the issue in the Debian bts (use
"reportbug" on the shell to do that, or one of the graphical version if
you like it more this way), and write about the workaround in it.

Also, there's more grave issues we are facing in Debian. It's been a
while that Nova simply doesn't build anymore. It used to be just an
issue with the test suite, but now it's more serious. It did before, but
now that SID has evolved, there's lots of issues, possibly because of
some python modules that have been upgraded. For sure, sphynx is also
totally broken... :(

I've been quite alone working on the Debian port. I'd appreciate a lot
to have some help.

Thomas