[Rdo-list] AIO juno on CentOS7 issues

Liping Mao -X (limao - YI JIN XIN XI FU WU(SU ZHOU)YOU XIAN GONG SI at Cisco) limao at cisco.com
Fri Sep 26 09:52:07 UTC 2014 

Thanks Ihar,

My SELinux is enable, and have AVCs in the audit.log:
type=AVC msg=audit(1411721759.040:33286): avc:  denied  { dac_override } for  pid=15974 comm="nova-api" capability=1  scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability
type=AVC msg=audit(1411721759.040:33286): avc:  denied  { dac_read_search } for  pid=15974 comm="nova-api" capability=2  scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability
type=SYSCALL msg=audit(1411721759.040:33286): arch=c000003e syscall=2 success=no exit=-13 a0=e183d0 a1=0 a2=1b6 a3=0 items=0 ppid=1 pid=15974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nova-api" exe="/usr/bin/python2.7" subj=system_u:system_r:nova_api_t:s0 key=(null)

After I disable SELinux, nova-api and glane-api can works well without error. Thanks.

Regards,
Liping Mao

-----Original Message-----
From: rdo-list-bounces at redhat.com [mailto:rdo-list-bounces at redhat.com] On Behalf Of Ihar Hrachyshka
Sent: 2014年9月26日 17:34
To: rdo-list at redhat.com
Subject: Re: [Rdo-list] AIO juno on CentOS7 issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Do you have SELinux enabled? Any AVCs in audit.log?
/Ihar

On 26/09/14 11:10, Liping Mao -X (limao - YI JIN XIN XI FU WU(SU ZHOU)YOU XIAN GONG SI at Cisco) wrote:
> Hi ,
> 
> 
> 
> When I install Juno AIO on CentOS7 today, I get two issues.
> 
> 
> 
> #Issue 1, glance-api can?t start up:
> 
> Here is the error message in glance-api.log:
> 
> 2014-09-26 07:50:39.994 22950 INFO glance.wsgi.server [-] (22950) wsgi 
> starting up on http://0.0.0.0:9292/
> 
> 2014-09-26 07:50:39.995 22943 INFO glance.wsgi.server [-] Started 
> child 22951
> 
> 2014-09-26 07:50:39.996 22951 INFO glance.wsgi.server [-] (22951) wsgi 
> starting up on http://0.0.0.0:9292/
> 
> 2014-09-26 07:50:39.997 22943 INFO glance.wsgi.server [-] Started 
> child 22952
> 
> 2014-09-26 07:50:39.998 22952 INFO glance.wsgi.server [-] (22952) wsgi 
> starting up on http://0.0.0.0:9292/
> 
> 2014-09-26 07:50:40.000 22943 INFO glance.wsgi.server [-] Started 
> child 22953
> 
> 2014-09-26 07:50:40.000 22953 INFO glance.wsgi.server [-] (22953) wsgi 
> starting up on http://0.0.0.0:9292/
> 
> 2014-09-26 07:50:40.034 22943 CRITICAL glance [-] error: [Errno 13] 
> Permission denied
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance Traceback (most recent call 
> last):
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File
> "/usr/bin/glance-api", line 10, in <module>
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance     sys.exit(main())
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File 
> "/usr/lib/python2.7/site-packages/glance/cmd/api.py", line 84, in main
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance
> systemd.notify_once()
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File 
> "/usr/lib/python2.7/site-packages/glance/openstack/common/systemd.py",
>
> 
line 66, in notify_once
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance     _sd_notify(True,
> 'READY=1')
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File 
> "/usr/lib/python2.7/site-packages/glance/openstack/common/systemd.py",
>
> 
line 39, in _sd_notify
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance     sock = 
> socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File 
> "/usr/lib/python2.7/site-packages/eventlet/greenio.py", line 125, in 
> __init__
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance     fd = 
> _original_socket(family_or_realsock, *args, **kwargs)
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance   File 
> "/usr/lib64/python2.7/socket.py", line 187, in __init__
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance     _sock = 
> _realsocket(family, type, proto)
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance error: [Errno 13] 
> Permission denied
> 
> 2014-09-26 07:50:40.034 22943 TRACE glance
> 
> 
> 
> 
> 
> #Issue 2, nova-api can?t start up:
> 
> The error message in nova-api.log:
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova Traceback (most recent call 
> last):
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File
> "/usr/bin/nova-api", line 10, in <module>
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     sys.exit(main())
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/cmd/api.py", line 55, in main
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     server = 
> service.WSGIService(api, use_ssl=should_use_ssl)
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/service.py", line 331, in 
> __init__
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     self.manager = 
> self._get_manager()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/service.py", line 383, in 
> _get_manager
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     return
> manager_class()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/api/manager.py", line 30, in 
> __init__
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova
> self.network_driver.metadata_accept()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 
> 666, in metadata_accept
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova
> iptables_manager.apply()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 
> 434, in apply
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     self._apply()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/openstack/common/lockutils.py",
>
> 
line 322, in inner
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     with lock(name, 
> lock_file_prefix, external, lock_path):
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib64/python2.7/contextlib.py", line 17, in __enter__
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     return
> self.gen.next()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/openstack/common/lockutils.py",
>
> 
line 287, in lock
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     with ext_lock:
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/openstack/common/lockutils.py",
>
> 
line 171, in __enter__
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     self.acquire()
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova   File 
> "/usr/lib/python2.7/site-packages/nova/openstack/common/lockutils.py",
>
> 
line 166, in acquire
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova     initial_value=1)
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova OSError: [Errno 38] Function 
> not implemented
> 
> 2014-09-26 07:59:42.206 28353 TRACE nova
> 
> 
> 
> 
> 
> 
> 
> I temporarily skip the two issues by run glance-api and nova-api with 
> root user? After this , everything else works well for me.
> 
> Anyone get this kind of error before?
> 
> 
> 
> 
> 
> Regards,
> 
> Liping Mao
> 
> 
> 
> 
> 
> _______________________________________________ Rdo-list mailing list 
> Rdo-list at redhat.com https://www.redhat.com/mailman/listinfo/rdo-list
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJUJTMSAAoJEC5aWaUY1u57h0YIAIR3C4YwRfCX7iBMWZXzRXYZ
owFxyGHhnP8B+8xtKc5+ewfhXe8plU6I+RvGFVgGWCk/ZdN1eSyUcmSKUynrz5Sk
Qp6WNT9JCOQ3nkWqK3lHYHEpa6koixQRm2f27Kw1/dYhjej+MX0bPa3e0Z+w0rZ4
eDILUlURj9NyMegSGEwCf0IBTB/ElMPmq5DMSpXQxgcRQ6qcCvqvcTn6FI/3XeL2
VjuTxSOXmrtUYjbHziAUbEh/KpWokIYvVCZTS2pDNHm8z6rZjj4wfvTBrYyfJyaA
8j02i+f7sMYYYiWlDBWpwok+TxMFWvUpykjEi2O/kamyeDo4/L10sFpV56FzxQU=
=0WqW
-----END PGP SIGNATURE-----

_______________________________________________
Rdo-list mailing list
Rdo-list at redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list

More information about the dev mailing list