913345 – libguestfs (could not connect to libvirt (URI = NULL) with OpenStack Nova

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 913345 - libguestfs (could not connect to libvirt (URI = NULL) with OpenStack Nova

Summary: libguestfs (could not connect to libvirt (URI = NULL) with OpenStack Nova

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	18
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-21 03:00 UTC by Dan Prince
Modified:	2013-07-15 11:35 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-25 09:37:28 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dan Prince 2013-02-21 03:00:52 UTC

Description of problem:

Using OpenStack Nova w/ libvirt on Fedora 18:

When I boot an instance and inject files (with libguestfs) I get the following stack trace in Nova's compute.log file:

2013-02-20 21:14:55.706 ERROR nova.virt.libvirt.driver [req-0834ec7c-d875-469f-9277-00e4fbfd20e8 696e681d17df4f8eb3f20c26dec5f093 3efc0abe163f44b9a890f66242dfcf73] [instance: 2e8e19f1-137d-496b-b206-abc8919f5856] Error injecting data into image 93e67150-0f43-43d1-9ac6-6ff1777fdc69 (Error mounting /var/lib/nova/instances/2e8e19f1-137d-496b-b206-abc8919f5856/disk with libguestfs (could not connect to libvirt (URI = NULL): Failed to connect socket to '/home/nova/.cache/libvirt/libvirt-sock': No such file or directory [code=38 domain=7]))
2013-02-20 21:14:55.711 ERROR nova.compute.manager [req-0834ec7c-d875-469f-9277-00e4fbfd20e8 696e681d17df4f8eb3f20c26dec5f093 3efc0abe163f44b9a890f66242dfcf73] [instance: 2e8e19f1-137d-496b-b206-abc8919f5856] Instance failed to spawn
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856] Traceback (most recent call last):
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1028, in _spawn
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]     block_device_info)
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]   File "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1438, in spawn
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]     admin_pass=admin_password)
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]   File "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1815, in _create_image
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]     mandatory=('files',))
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]   File "/usr/lib/python2.7/site-packages/nova/virt/disk/api.py", line 304, in inject_data
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]     fs.setup()
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]   File "/usr/lib/python2.7/site-packages/nova/virt/disk/vfs/guestfs.py", line 108, in setup
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856]     {'imgfile': self.imgfile, 'e': e})
2013-02-20 21:14:55.711 18959 TRACE nova.compute.manager [instance: 2e8e19f1-137d-496b-b206-abc8919f5856] NovaException: Error mounting /var/lib/nova/instances/2e8e19f1-137d-496b-b206-abc8919f5856/disk with libguestfs (could not connect to libvirt (URI = NULL): Failed to connect socket to '/home/nova/.cache/libvirt/libvirt-sock': No such file or directory [code=38 domain=7])

----

When I don't inject files instances seem to boot fine (no guestfs is used, etc.)

SELinux is permissive: [root@nova1 ~]# getenforce Permissive

It is also worth mentioning that there is no '/home/nova' directory (we don't create this as part of our OpenStack nova RPMs.

Additionally, this same test (booting an instance w/ files being injected) works fine on Fedora 17 w/ libguestfs.

---

Version-Release numbers:

 libvirt RPMs are all versioned 0.10.2.3-1.fc18.x86_64

 libguestfs is version 1.20.1-3.fc18.x86_64

 ** I am using upstream OpenStack RPMs for testing (latest grizzly codebase)

How reproducible:

  On Fedora 18: Always. (for me)

Steps to Reproduce:

Run the following command OpenStack command on Fedora 18:

 nova boot --image 93e67150-0f43-43d1-9ac6-6ff1777fdc69 --flavor 1 --file /root/.ssh/authorized_keys=/root/.ssh/id_rsa.pub test

Comment 1 Richard W.M. Jones 2013-02-21 09:42:45 UTC

The fundamental problem seems to be that libvirt needs the
home directory to exist in order to create directories
and files under $HOME/.cache/libvirt.

I will note there are two things you can do on the libguestfs side:

(1) Set LIBGUESTFS_ATTACH_METHOD=libvirt:[URI...] which changes
the URI used to connect to libvirt.

(2) Set LIBGUESTFS_ATTACH_METHOD=appliance to go back to running
qemu directly, without involving libvirt.

Note that calling g.set_attach_method is equivalent to setting
these environment variables.  You have to do it before calling
g.launch.

Environment variables are described here:
http://libguestfs.org/guestfs.3.html#environment-variables

Attach methods are described here:
http://libguestfs.org/guestfs.3.html#attach-method

g.set_attach_method is described here:
http://libguestfs.org/guestfs.3.html#guestfs_set_attach_method

Comment 2 Dan Prince 2013-02-21 15:50:27 UTC

Okay. That makes sense. I just confirmed the following patch to Nova would fix the issue:

--- a/nova/virt/disk/vfs/guestfs.py
+++ b/nova/virt/disk/vfs/guestfs.py
@@ -94,6 +94,7 @@ class VFSGuestFS(vfs.VFS):
         self.handle = guestfs.GuestFS()
 
         try:
+            self.handle.set_attach_method('appliance')
             self.handle.add_drive_opts(self.imgfile, format=self.imgfmt)
             self.handle.launch()

----

This also makes sense because the default guestfs attach_method was 'appliance' on Fedora 17. The default is now 'libvirt' on Fedora 18 (which clearly breaks things a bit..)

-----

I tried a slightly different fix as well which was to call this instead:

  self.handle.set_attach_method('libvirt:qemu:///system')

This seems to cause a slightly different issue related to file permissions on the disk image:

2013-02-21 10:31:27.448 ERROR nova.compute.manager [req-35a2cd70-bd93-43bf-ba82-f1168d82346e 6dcaa7505f9340268bcc7b0f1f11f651 d0c6d5dec6474bd68c880061060199bc] [instance: c377092d-7b82-4a1f-ac53-e4cbd127bdfe] Error: ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 771, in _run_instance\n    injected_files, admin_password)\n', '  File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1040, in _spawn\n    block_device_info)\n', '  File "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1480, in spawn\n    admin_pass=admin_password)\n', '  File "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1857, in _create_image\n    mandatory=(\'files\',))\n', '  File "/usr/lib/python2.7/site-packages/nova/virt/disk/api.py", line 304, in inject_data\n    fs.setup()\n', '  File "/usr/lib/python2.7/site-packages/nova/virt/disk/vfs/guestfs.py", line 111, in setup\n    {\'imgfile\': self.imgfile, \'e\': e})\n', 'NovaException: Error mounting /var/lib/nova/instances/c377092d-7b82-4a1f-ac53-e4cbd127bdfe/disk with libguestfs (could not create appliance through libvirt: internal error process exited while connecting to monitor: connect(unix:/tmp/libguestfstPXW8g/console.sock): Permission denied\nchardev: opening backend "socket" failed\n [code=1 domain=10])\n']

When this happens the 'disk' being injected was actually owned as root:root:

[root@nova1 instances]# ll c377092d-7b82-4a1f-ac53-e4cbd127bdfe/
total 10252
-rw-rw----. 1 nova nova       0 Feb 21 10:31 console.log
-rw-r--r--. 1 root root  197120 Feb 21 10:31 disk
-rw-r--r--. 1 nova nova 4404752 Feb 21 10:31 kernel
-rw-r--r--. 1 nova nova    1732 Feb 21 10:31 libvirt.xml
-rw-r--r--. 1 nova nova 5882349 Feb 21 10:31 ramdisk

** thus libvirt (qemu) was prevented access.

So I suppose the question here is should we make Nova default the guestfs attach_method to 'appliance'... or perhaps add a config option in Nova to explicitly set this (I would like to avoid new config options if possible).

Using the default setting for attach_method if at all possible would be nice though. Something like:


--- a/nova/virt/disk/vfs/guestfs.py
+++ b/nova/virt/disk/vfs/guestfs.py
@@ -94,6 +94,8 @@ class VFSGuestFS(vfs.VFS):
         self.handle = guestfs.GuestFS()
 
         try:
+            if self.handle.get_attach_method() == 'libvirt':
+                self.handle.set_attach_method('libvirt:' + CONF.libvirt_uri)
             self.handle.add_drive_opts(self.imgfile, format=self.imgfmt)
             self.handle.launch()

Comment 3 Daniel Berrangé 2013-02-21 16:02:51 UTC

(In reply to comment #2)

> -----
> 
> I tried a slightly different fix as well which was to call this instead:
> 
>   self.handle.set_attach_method('libvirt:qemu:///system')
> 
> This seems to cause a slightly different issue related to file permissions
> on the disk image:
> 
> 2013-02-21 10:31:27.448 ERROR nova.compute.manager
> [req-35a2cd70-bd93-43bf-ba82-f1168d82346e 6dcaa7505f9340268bcc7b0f1f11f651
> d0c6d5dec6474bd68c880061060199bc] [instance:
> c377092d-7b82-4a1f-ac53-e4cbd127bdfe] Error: ['Traceback (most recent call
> last):\n', '  File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 771, in
> _run_instance\n    injected_files, admin_password)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1040, in
> _spawn\n    block_device_info)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1480,
> in spawn\n    admin_pass=admin_password)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1857,
> in _create_image\n    mandatory=(\'files\',))\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/disk/api.py", line 304, in
> inject_data\n    fs.setup()\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/disk/vfs/guestfs.py", line 111,
> in setup\n    {\'imgfile\': self.imgfile, \'e\': e})\n', 'NovaException:
> Error mounting
> /var/lib/nova/instances/c377092d-7b82-4a1f-ac53-e4cbd127bdfe/disk with
> libguestfs (could not create appliance through libvirt: internal error
> process exited while connecting to monitor:
> connect(unix:/tmp/libguestfstPXW8g/console.sock): Permission
> denied\nchardev: opening backend "socket" failed\n [code=1 domain=10])\n']

This is a bug Rich has seen with libguestfs + libvirt but so far we've not diagnosed it. We need to investigate this and figure out what is failing, because this is the desired configuration for libguestfs going forward.

> 
> When this happens the 'disk' being injected was actually owned as root:root:

Actually libvirt will change permissions dynamically on startup / shutdown of QEMU, so since QEMU is no longer running, what you're seeing here is not accurate.

> 
> [root@nova1 instances]# ll c377092d-7b82-4a1f-ac53-e4cbd127bdfe/
> total 10252
> -rw-rw----. 1 nova nova       0 Feb 21 10:31 console.log
> -rw-r--r--. 1 root root  197120 Feb 21 10:31 disk
> -rw-r--r--. 1 nova nova 4404752 Feb 21 10:31 kernel
> -rw-r--r--. 1 nova nova    1732 Feb 21 10:31 libvirt.xml
> -rw-r--r--. 1 nova nova 5882349 Feb 21 10:31 ramdisk
> 
> ** thus libvirt (qemu) was prevented access.
> 
> So I suppose the question here is should we make Nova default the guestfs
> attach_method to 'appliance'... or perhaps add a config option in Nova to
> explicitly set this (I would like to avoid new config options if possible).
> 
> Using the default setting for attach_method if at all possible would be nice
> though. Something like:
> 
> 
> --- a/nova/virt/disk/vfs/guestfs.py
> +++ b/nova/virt/disk/vfs/guestfs.py
> @@ -94,6 +94,8 @@ class VFSGuestFS(vfs.VFS):
>          self.handle = guestfs.GuestFS()
>  
>          try:
> +            if self.handle.get_attach_method() == 'libvirt':
> +                self.handle.set_attach_method('libvirt:' + CONF.libvirt_uri)

Yep, this is what we ought to aim for

Comment 4 Richard W.M. Jones 2013-02-21 16:30:51 UTC

(In reply to comment #2)
> Okay. That makes sense. I just confirmed the following patch to Nova would
> fix the issue:
> 
> --- a/nova/virt/disk/vfs/guestfs.py
> +++ b/nova/virt/disk/vfs/guestfs.py
> @@ -94,6 +94,7 @@ class VFSGuestFS(vfs.VFS):
>          self.handle = guestfs.GuestFS()
>  
>          try:
> +            self.handle.set_attach_method('appliance')
>              self.handle.add_drive_opts(self.imgfile, format=self.imgfmt)
>              self.handle.launch()
> 
> ----
> 
> This also makes sense because the default guestfs attach_method was
> 'appliance' on Fedora 17. The default is now 'libvirt' on Fedora 18 (which
> clearly breaks things a bit..)

This analysis and preliminary fix is correct, as long as you
understand the limitations of using direct launch ('appliance')
instead of libvirt.  It's possible that none of these apply to
OpenStack, but by using direct launch, you *lose* the following:

 - sVirt confinement of the appliance
   (see the diagram here: http://libguestfs.org/guestfs.3.html#security)

 - ability to hotplug disks
   (http://libguestfs.org/guestfs.3.html#hotplugging)

 - ability to list and manage libguestfs appliances using libvirt
   (eg. virsh list or equivalent libvirt APIs)

> -----
> 
> I tried a slightly different fix as well which was to call this instead:
> 
>   self.handle.set_attach_method('libvirt:qemu:///system')
> 
> This seems to cause a slightly different issue related to file permissions
> on the disk image:
> 
> 2013-02-21 10:31:27.448 ERROR nova.compute.manager
> [req-35a2cd70-bd93-43bf-ba82-f1168d82346e 6dcaa7505f9340268bcc7b0f1f11f651
> d0c6d5dec6474bd68c880061060199bc] [instance:
> c377092d-7b82-4a1f-ac53-e4cbd127bdfe] Error: ['Traceback (most recent call
> last):\n', '  File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 771, in
> _run_instance\n    injected_files, admin_password)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1040, in
> _spawn\n    block_device_info)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1480,
> in spawn\n    admin_pass=admin_password)\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line 1857,
> in _create_image\n    mandatory=(\'files\',))\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/disk/api.py", line 304, in
> inject_data\n    fs.setup()\n', '  File
> "/usr/lib/python2.7/site-packages/nova/virt/disk/vfs/guestfs.py", line 111,
> in setup\n    {\'imgfile\': self.imgfile, \'e\': e})\n', 'NovaException:
> Error mounting
> /var/lib/nova/instances/c377092d-7b82-4a1f-ac53-e4cbd127bdfe/disk with
> libguestfs (could not create appliance through libvirt: internal error
> process exited while connecting to monitor:
> connect(unix:/tmp/libguestfstPXW8g/console.sock): Permission
> denied\nchardev: opening backend "socket" failed\n [code=1 domain=10])\n']
[...]

As Dan [B] says, please file a separate bug about this.  This isn't
a configuration we've spent any time on, but it needs to be supported
and working.

Comment 5 Dan Prince 2013-02-23 13:42:25 UTC

Okay. A fix for this has gone into upstream here (for Grizzly):

https://github.com/openstack/nova/commit/014499acf5d6d6a557c9415aa49c536817a02a0a

This will make it so that guestfs uses the same libvirt URI as Nova when the attach mode is 'libvirt'.

Comment 6 Daniel Berrangé 2013-02-25 09:37:28 UTC

Closing, since this was not a libvirt bug in the end - instead it was an upstream OpenStack bug for code not in Fedora.

Comment 7 Richard W.M. Jones 2013-07-15 11:35:35 UTC

I suspect this fix has cause a regression, see:
https://bugzilla.redhat.com/show_bug.cgi?id=984409#c2

Note You need to log in before you can comment on or make changes to this bug.