Hide Forgot
Description of problem: When restarting a openstack-nova-compute service on a OSP12 overcloud compute node the service does not come back up. Version-Release number of selected component (if applicable): openstack-nova-api.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-common.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-compute.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-conductor.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-console.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-migration.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-novncproxy.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-placement-api.noarch 1:16.0.0-0.20170715065420.be20530.el7ost openstack-nova-scheduler.noarch 1:16.0.0-0.20170715065420.be20530.el7ost How reproducible: always Steps to Reproduce: 1. run on compute node: systemctl restart openstack-nova-compute 2. 3. Actual results: systemctl status openstack-nova-compute returns status: "Active: activating " Expected results: status: active (running) Additional info: [root@compute-1 nova]# systemctl status libvirtd ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2017-07-23 00:46:49 UTC; 1 day 14h ago Docs: man:libvirtd(8) http://libvirt.org Main PID: 19015 (libvirtd) CGroup: /system.slice/libvirtd.service └─19015 /usr/sbin/libvirtd Jul 24 15:36:53 compute-1.redhat.local libvirtd[19015]: 2017-07-24 15:36:53.303+0000: 19022: error : virDBusCall:1570 : error from service: CheckAuthorization: Did not receive a reply. Possible causes include: the remote application di... Jul 24 15:36:53 compute-1.redhat.local libvirtd[19015]: 2017-07-24 15:36:53.307+0000: 19015: error : virNetSocketReadWire:1808 : End of file while reading data: Input/output error audit.log doesn't show any information regarding libvirt(d) allowed nor denied
I've reproduced this: [root@overcloud-novacompute-1 heat-admin]# sudo -u nova virsh -c qemu:///system error: failed to connect to the hypervisor error: error from service: CheckAuthorization: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. It seems that the change in https://review.rdoproject.org/r/7580 breaks polkit auth in libvirt until the service is restarted: [root@overcloud-novacompute-1 heat-admin]# systemctl restart libvirtd [root@overcloud-novacompute-1 heat-admin]# sudo -u nova virsh -c qemu:///system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # This will no longer be an issue when https://review.openstack.org/479816 merges, as polkit auth will no longer be used.
https://review.openstack.org/479816 merged upstream
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462