yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2003848] Re: Error by Live Snapshot and not Live Snapshot

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2003848@xxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Apr 2023 04:17:31 -0000
Reply-to: Bug 2003848 <2003848@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]

** Changed in: nova
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2003848

Title:
  Error by  Live Snapshot and not Live Snapshot

Status in OpenStack Compute (nova):
  Expired

Bug description:
  Hi,
  I want to take a snapshot.
  Both live and when the instances are switched off.

  Ubuntu 20.04

  # Ansible managed

  DISTRIB_ID="OSA"
  DISTRIB_RELEASE="25.2.0"
  DISTRIB_CODENAME="Yoga"
  DISTRIB_DESCRIPTION="OpenStack-Ansible"

  nova-25.0.2.dev8.dist-info

  Compiled against library: libvirt 8.0.0
  Using library: libvirt 8.0.0
  Using API: QEMU 8.0.0
  Running hypervisor: QEMU 4.2.1

  ii  apparmor       2.13.3-7ubuntu5.1 amd64        user-space parser
  utility for AppArmor


  I've also
  Adjusted virt-aa-helper:

  #include <tunables/global>

  profile virt-aa-helper /usr/lib/libvirt/virt-aa-helper flags=(complain) {
    #include <abstractions/base>
    #include <abstractions/openssl>

    # needed for searching directories
    capability dac_override,
    capability dac_read_search,

    # needed for when disk is on a network filesystem
    network inet,
    network inet6,

    deny @{PROC}/[0-9]*/mounts r,
    @{PROC}/[0-9]*/net/psched r,
    owner @{PROC}/[0-9]*/status r,
    @{PROC}/filesystems r,

    # Used when internally running another command (namely apparmor_parser)
    @{PROC}/@{pid}/fd/ r,

    # allow reading libnl's classid file
    /etc/libnl{,-3}/classid r,

    # for gl enabled graphics
    /dev/dri/{,*} r,

    # for hostdev
    /sys/devices/ r,
    /sys/devices/** r,
    /sys/bus/usb/devices/ r,
    deny /dev/sd* r,
    deny /dev/vd* r,
    deny /dev/dm-* r,
    deny /dev/drbd[0-9]* r,
    deny /dev/dasd* r,
    deny /dev/nvme* r,
    deny /dev/zd[0-9]* r,
    deny /dev/mapper/ r,
    deny /dev/mapper/* r,

    /usr/lib/libvirt/virt-aa-helper mr,
    /{usr/,}sbin/apparmor_parser Ux,

    /etc/apparmor.d/libvirt/* r,
    /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,

    # for backingstore -- allow access to non-hidden files in @{HOME} as well
    # as storage pools
    audit deny @{HOME}/.* mrwkl,
    audit deny @{HOME}/.*/ rw,
    audit deny @{HOME}/.*/** mrwkl,
    audit deny @{HOME}/bin/ rw,
    audit deny @{HOME}/bin/** mrwkl,
    @{HOME}/ r,
    @{HOME}/** r,
    /var/lib/libvirt/images/ rw,
    /var/lib/libvirt/images/** rw,
    # nova base images (LP: #907269)
    /var/lib/nova/images/** rw,
    /var/lib/nova/instances/_base/** rw,
    # nova snapshots (LP: #1244694)
    /var/lib/nova/instances/snapshots/** rw,

  }

  
  Filesystem: OCFS2

  
  [keystone_authtoken]
  insecure = False
  auth_type = password
  auth_url = 
  www_authenticate_uri = 
  project_domain_id = default
  user_domain_id = default
  project_name = service
  username = nova
  password = 
  region_name = RegionOne
  service_token_roles_required = False
  service_token_roles = service
  service_type = compute
  memcached_servers = 
  token_cache_time = 300

  
  [libvirt]
  inject_partition = -2
  inject_password = False
  inject_key = False
  virt_type = kvm
  live_migration_with_native_tls = true
  live_migration_scheme = tls
  live_migration_inbound_addr = xxx.xxx.xxx.xxx
  hw_disk_discard = ignore
  disk_cachemodes = 
  iscsi_use_multipath = True

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2003848/+subscriptions

References

[Bug 2003848] [NEW] Error by Live Snapshot and not Live Snapshot
From: Wassilij Kaiser, 2023-01-25