Looks like an selinux denial:
type=AVC msg=audit(1542809260.000:1407): avc: denied { execute } for pid=25419 comm="sudo" name="unix_chkpwd" dev="vda1" ino=4535567 scontext=system_u:system_r:nova_t:s0 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file permissive=0
However sudo appears to be working for ironic-condutor.