yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1452143] [NEW] nova-idmapshift is missing its rootwrap filter

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: gustavo panizzo <1452143@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 May 2015 06:57:15 -0000
Reply-to: Bug 1452143 <1452143@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

when i try to boot a vm using lxc idmap the following error appears on
nova-compute log


2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]   File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 206, in execute
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]     return processutils.execute(*cmd, **kwargs)
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]   File "/usr/lib/python2.7/dist-packages/oslo_concurrency/processutils.py", line 233, in execute
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]     cmd=sanitized_cmd)
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] ProcessExecutionError: Unexpected error while running command.
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Command: sudo nova-rootwrap /etc/nova/rootwrap.conf nova-idmapshift -i -u 0:1000:100 -g 0:1000:100 /var/lib/nova/instances/2c776372-1fa2-4b19-83aa-8358b7212d06/rootfs
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Exit code: 99
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Stdout: u''
2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Stderr: u'/usr/bin/nova-rootwrap: Unauthorized command: nova-idmapshift -i -u 0:1000:100 -g 0:1000:100 /var/lib/nova/instances/2c776372-1fa2-4b19-83aa-8358b7212d06/rootfs (no filter matched)\n'


i check on nova's source (both kilo and master) and there is no rootwrap
filter for nova-idmap.

i will provide a patch

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1452143

Title:
  nova-idmapshift is missing its rootwrap filter

Status in OpenStack Compute (Nova):
  New

Bug description:
  when i try to boot a vm using lxc idmap the following error appears on
  nova-compute log

  
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]   File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 206, in execute
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]     return processutils.execute(*cmd, **kwargs)
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]   File "/usr/lib/python2.7/dist-packages/oslo_concurrency/processutils.py", line 233, in execute
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06]     cmd=sanitized_cmd)
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] ProcessExecutionError: Unexpected error while running command.
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Command: sudo nova-rootwrap /etc/nova/rootwrap.conf nova-idmapshift -i -u 0:1000:100 -g 0:1000:100 /var/lib/nova/instances/2c776372-1fa2-4b19-83aa-8358b7212d06/rootfs
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Exit code: 99
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Stdout: u''
  2015-05-06 14:46:10.827 8940 TRACE nova.compute.manager [instance: 2c776372-1fa2-4b19-83aa-8358b7212d06] Stderr: u'/usr/bin/nova-rootwrap: Unauthorized command: nova-idmapshift -i -u 0:1000:100 -g 0:1000:100 /var/lib/nova/instances/2c776372-1fa2-4b19-83aa-8358b7212d06/rootfs (no filter matched)\n'


  i check on nova's source (both kilo and master) and there is no
  rootwrap filter for nova-idmap.

  i will provide a patch

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1452143/+subscriptions

Follow ups

[Bug 1452143] Re: nova-idmapshift is missing its rootwrap filter
From: Thierry Carrez, 2015-06-24
[Bug 1452143] [NEW] nova-idmapshift is missing its rootwrap filter
From: gustavo panizzo, 2015-05-06

References

[Bug 1452143] [NEW] nova-idmapshift is missing its rootwrap filter
From: gustavo panizzo, 2015-05-06