yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1672357] [NEW] [Newton][Nova] When deploying an instance. Get the following error: sudo: pam_unix(sudo:auth): auth could not identify password for [nova]sudo: pam_unix(sudo:auth): auth could not identify password for [nova]

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Viggo Ahl <1672357@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Mar 2017 12:21:34 -0000
Reply-to: Bug 1672357 <1672357@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I have recently installed a new Openstackcloud.
One controller and two nova nodes. When I tried to launch a new instance I got an error. 
I could only launch instance on the controller node, but not on the two nova nodes.

The error message I got was:
==> nova/nova-compute.log <==
2017-03-13 09:18:37.738 780 INFO oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] Running privsep helper: ['sudo', 'nova-rootwrap', '/etc/nova/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/nova/nova.conf', '--config-file', '/etc/nova/nova-compute.conf', '--privsep_context', 'os_brick.privileged.default', '--privsep_sock_path', '/tmp/tmpcWGEib/privsep.sock']

==> auth.log <==
Mar 13 09:18:37 nova1 sudo: pam_unix(sudo:auth): auth could not identify password for [nova]
Mar 13 09:18:37 nova1 sudo:     nova : command not allowed ; TTY=unknown ; PWD=/var/lib/nova ; USER=root ; COMMAND=/usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-compute.conf --privsep_context os_brick.privileged.default --privsep_sock_path /tmp/tmpcWGEib/privsep.sock

==> nova/nova-compute.log <==
2017-03-13 09:18:37.772 780 CRITICAL oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] privsep helper command exited non-zero (1)
2017-03-13 09:18:37.777 780 WARNING oslo.privsep.daemon [-] privsep log: sudo: no tty present and no askpass program specified
2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Instance failed block device setup
2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Traceback (most recent call last):
2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]   File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1582, in _prep_block_device
2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]     wait_func=self._await_block_device_map_created)


After some investigation I had to change a couple of thing to get it to work.

1.) Add the following line to sudoer
nova ALL = (root) NOPASSWD: /usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf *
According to the manual, it should be /usr/bin/nova-rootwrap. But that didn't work either.

2.) Change owner on directory /var/lib/nova/instance to nova:nova. For some reason it is registered as root:root. 
For some reason most directory in /var/lib/nova has owner root:root.

I have follow the installation manual for Openstack newton.

** Affects: nova
     Importance: Undecided
         Status: New

** Project changed: horizon => nova

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1672357

Title:
  [Newton][Nova] When deploying an instance. Get the following error:
  sudo: pam_unix(sudo:auth): auth could not identify password for
  [nova]sudo: pam_unix(sudo:auth): auth could not identify password for
  [nova]

Status in OpenStack Compute (nova):
  New

Bug description:
  I have recently installed a new Openstackcloud.
  One controller and two nova nodes. When I tried to launch a new instance I got an error. 
  I could only launch instance on the controller node, but not on the two nova nodes.

  The error message I got was:
  ==> nova/nova-compute.log <==
  2017-03-13 09:18:37.738 780 INFO oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] Running privsep helper: ['sudo', 'nova-rootwrap', '/etc/nova/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/nova/nova.conf', '--config-file', '/etc/nova/nova-compute.conf', '--privsep_context', 'os_brick.privileged.default', '--privsep_sock_path', '/tmp/tmpcWGEib/privsep.sock']

  ==> auth.log <==
  Mar 13 09:18:37 nova1 sudo: pam_unix(sudo:auth): auth could not identify password for [nova]
  Mar 13 09:18:37 nova1 sudo:     nova : command not allowed ; TTY=unknown ; PWD=/var/lib/nova ; USER=root ; COMMAND=/usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-compute.conf --privsep_context os_brick.privileged.default --privsep_sock_path /tmp/tmpcWGEib/privsep.sock

  ==> nova/nova-compute.log <==
  2017-03-13 09:18:37.772 780 CRITICAL oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] privsep helper command exited non-zero (1)
  2017-03-13 09:18:37.777 780 WARNING oslo.privsep.daemon [-] privsep log: sudo: no tty present and no askpass program specified
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Instance failed block device setup
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Traceback (most recent call last):
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]   File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1582, in _prep_block_device
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]     wait_func=self._await_block_device_map_created)

  
  After some investigation I had to change a couple of thing to get it to work.

  1.) Add the following line to sudoer
  nova ALL = (root) NOPASSWD: /usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf *
  According to the manual, it should be /usr/bin/nova-rootwrap. But that didn't work either.

  2.) Change owner on directory /var/lib/nova/instance to nova:nova. For some reason it is registered as root:root. 
  For some reason most directory in /var/lib/nova has owner root:root.

  I have follow the installation manual for Openstack newton.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1672357/+subscriptions

Follow ups

[Bug 1672357] Re: [Newton][Nova] When deploying an instance. Get the following error: sudo: pam_unix(sudo:auth): auth could not identify password for [nova]sudo: pam_unix(sudo:auth): auth could not identify password for [nova]
From: Launchpad Bug Tracker, 2017-06-17