Bug 1105850 - VMs failed to get metadata info
Summary: VMs failed to get metadata info
Keywords:
Status: CLOSED DUPLICATE of bug 1110263
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 5.0 (RHEL 7)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 5.0 (RHEL 7)
Assignee: Lon Hohberger
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-08 08:00 UTC by Ofer Blaut
Modified: 2016-04-26 15:23 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-17 16:57:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
metadata-agent.log (12.45 KB, text/plain)
2014-06-08 08:00 UTC, Ofer Blaut 		no flags Details
file 1 (18.97 KB, text/x-log)
2014-06-10 20:39 UTC, Ofer Blaut 		no flags Details
View All

Description Ofer Blaut 2014-06-08 08:00:22 UTC 
Created attachment 903232 [details]
metadata-agent.log

Description of problem:

I have installed setup with 1 controller ( including network node ) and  computes

Via VM console i see VM can not reach 169.254.169.254 ( attached logs )

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.install setup 
2.Check VMs console while booting
3.Check /var/log/neutron/ns-... logs

Actual results:


Expected results:


Additional info:
Comment 1 Jakub Libosvar 2014-06-09 13:34:54 UTC 
EACCES means write permission is not granted to given process accessing UNIX domain socket.
Can you confirm it's not a selinux issue (grep AVC /var/log/audit/audit.log) and that socket exists (lsof -U) and eventually show permissions (ls -l <path_to_socket_from_lsof>)?
Comment 2 Ofer Blaut 2014-06-10 20:39:23 UTC 
Created attachment 907416 [details]
file 1
Comment 5 Miroslav Grepl 2014-06-11 13:13:14 UTC 
What does

# ps -efZ |grep init_t
Comment 7 Lon Hohberger 2014-06-13 09:04:43 UTC 
/var/lib/neutron(/.*)?  gen_context(system_u:object_r:neutron_var_lib_t,s0)

Something's amiss; if this happens again, we need to figure out what created the file as initrc_t.

As a workaround, you can: restorecon -Rv /var/lib/neutron
Comment 8 Richard Su 2014-06-13 20:49:13 UTC 
Ofer, what type of image did you launch? cirros/rhel-cloud?

I was able to launch a cirros image. It had trouble contacting the metadata server. I did not see any selinux errors related to /var/lib/neutron.

cirros-ds 'net' up at 4.64
checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 4.83. request failed
failed 2/20: up 10.12. request failed
failed 3/20: up 13.10. request failed
failed 4/20: up 18.41. request failed
failed 5/20: up 21.39. request failed
failed 6/20: up 26.73. request failed
failed 7/20: up 29.69. request failed
failed 8/20: up 34.90. request failed
failed 9/20: up 37.91. request failed
failed 10/20: up 43.15. request failed
failed 11/20: up 46.21. request failed
failed 12/20: up 51.47. request failed
failed 13/20: up 54.44. request failed
failed 14/20: up 59.88. request failed
failed 15/20: up 62.94. request failed
failed 16/20: up 68.12. request failed
failed 17/20: up 71.15. request failed
failed 18/20: up 76.45. request failed
failed 19/20: up 79.38. request failed
failed 20/20: up 84.72. request failed
failed to read iid from metadata. tried 20
no results found for mode=net. up 87.80. searched: nocloud configdrive ec2
failed to get instance-id of datasource

[root@localhost audit]# ls -Z /var/lib/neutron/
drwxr-xr-x. neutron neutron system_u:object_r:neutron_var_lib_t:s0 dhcp
drwxr-xr-x. neutron neutron system_u:object_r:neutron_var_lib_t:s0 lock
srwxr-xr-x. neutron neutron system_u:object_r:neutron_var_lib_t:s0 metadata_proxy

fedora/rhel-cloud images failed for me with:

Error during following call to agent: ['ovs-vsctl', '--timeout=120', 'del-port', 'br-int', u'qvo06e1b822-43']
Comment 9 Lon Hohberger 2014-06-17 16:57:04 UTC 

*** This bug has been marked as a duplicate of bug 1110263 ***
Note You need to log in before you can comment on or make changes to this bug.