← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1672357] Re: [Newton][Nova] When deploying an instance. Get the following error: sudo: pam_unix(sudo:auth): auth could not identify password for [nova]sudo: pam_unix(sudo:auth): auth could not identify password for [nova]

 

[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]

** Changed in: nova
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1672357

Title:
  [Newton][Nova] When deploying an instance. Get the following error:
  sudo: pam_unix(sudo:auth): auth could not identify password for
  [nova]sudo: pam_unix(sudo:auth): auth could not identify password for
  [nova]

Status in OpenStack Compute (nova):
  Expired

Bug description:
  I have recently installed a new Openstackcloud.
  One controller and two nova nodes. When I tried to launch a new instance I got an error. 
  I could only launch instance on the controller node, but not on the two nova nodes.

  The error message I got was:
  ==> nova/nova-compute.log <==
  2017-03-13 09:18:37.738 780 INFO oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] Running privsep helper: ['sudo', 'nova-rootwrap', '/etc/nova/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/nova/nova.conf', '--config-file', '/etc/nova/nova-compute.conf', '--privsep_context', 'os_brick.privileged.default', '--privsep_sock_path', '/tmp/tmpcWGEib/privsep.sock']

  ==> auth.log <==
  Mar 13 09:18:37 nova1 sudo: pam_unix(sudo:auth): auth could not identify password for [nova]
  Mar 13 09:18:37 nova1 sudo:     nova : command not allowed ; TTY=unknown ; PWD=/var/lib/nova ; USER=root ; COMMAND=/usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-compute.conf --privsep_context os_brick.privileged.default --privsep_sock_path /tmp/tmpcWGEib/privsep.sock

  ==> nova/nova-compute.log <==
  2017-03-13 09:18:37.772 780 CRITICAL oslo.privsep.daemon [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] privsep helper command exited non-zero (1)
  2017-03-13 09:18:37.777 780 WARNING oslo.privsep.daemon [-] privsep log: sudo: no tty present and no askpass program specified
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [req-ad1726ad-ce87-4bda-a359-25f68d7aa0be - - - - -] [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Instance failed block device setup
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12] Traceback (most recent call last):
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]   File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1582, in _prep_block_device
  2017-03-13 09:18:37.794 780 ERROR nova.compute.manager [instance: 7842db94-82bb-4b48-8dbe-6e7b33ee4b12]     wait_func=self._await_block_device_map_created)

  
  After some investigation I had to change a couple of thing to get it to work.

  1.) Add the following line to sudoer
  nova ALL = (root) NOPASSWD: /usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf *
  According to the manual, it should be /usr/bin/nova-rootwrap. But that didn't work either.

  2.) Change owner on directory /var/lib/nova/instance to nova:nova. For some reason it is registered as root:root. 
  For some reason most directory in /var/lib/nova has owner root:root.

  I have follow the installation manual for Openstack newton.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1672357/+subscriptions


References