Ok thanks for the data.
That looks like the "normal" openstack double console entry to have an
attachable console that logs to a file at the same time.
I made a new dir:
$ mkdir -p /var/lib/nova/instances/testlp1762769
And added the following to a libvirt 3.6 guest
<serial type='pty'>
<log file='/var/lib/nova/instances/testlp1762769/console.log'
append='off'/>
<target port='0'/>
</serial>
<console type='pty'>
<log file='/var/lib/nova/instances/testlp1762769/console.log'
append='off'/>
<target type='serial' port='0'/>
</console>
But the log is working fine at that path and the guest starts without
issues.
Three are two important details on this now:
1. the guest has no individual rule for the console (I implemented that later
in libvirt >=4.0 as In Ubuntu 18.04) - so for the initial report of "the entry
is missing" I have to say "it is working still and only latter releases have
the individual entry.
2. Lets check why it actually works for me to then check this for your case.
This is how the console is specified at the guest:
-add-fd set=1,fd=28 -chardev
pty,id=charserial0,logfile=/dev/fdset/1,logappend=on -device
isa-serial,chardev=charserial0,id=serial0
Now this works by libvirt opening the files and passing the file descriptors.
Libvirt itself has a very open apparmor profile and can do so, and this is a
common pattern for non-privileged guests.
I'd assume if anything in your case it either follows completely
different code paths (we have to find why) or your setup is broken in
regard to the rules for libvirtd.
Could you please:
1. check on a running guest if the arguments for the console on qemu are
similar to my examples above?
2. while triggering the issue catch more logs what fails for you. It is
important to minimize this to just the action that triggers the issue. So not a
full create, deploy, kill guest - but instead do all you need to do in
openstack so that the failing guest is defined on the node and just not
starting. Then just run "virsh start <instanc....>". If that is not possible
try to minimize on your own as much as you can.
2a. check dmesg -w while doing so and report the exact apparmor DENY line?
2b. check the libvirtd logfile that you can run with debug enabled per [1]
(right at the end)
Attach both logs, so that we might spot something together why it fails
in your case.
[1]: https://libvirt.org/logging.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1762769
Title:
missing entry at apparmor profile for nova instances
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1762769/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
