This is happening in jammy nova-compute version 3:25.2.0-0ubuntu1
When attaching multiattach volumes the following warnings are logged:
2023-10-12 09:45:25.723 3906368 WARNING os_brick.initiator.connectors.nvmeof [req-9bfe2fce-9a78-4df3-8200-0e5901016e72 db682b8df0304e36b91345b7ce594aff 12b52497ff32492f888ae0ba837c2ae6 - 16b5db126dbb42fd804296790a3f9f6a 16b5db126dbb42fd804296790a3f9f6a] Process execution error in _get_host_uuid: [Errno 13] Permission denied
Command: blkid /dev/mapper/vg0-lvroot -s UUID -o value
Exit code: -
Stdout: None
Stderr: None: oslo_concurrency.processutils.ProcessExecutionError: [Errno 13] Permission denied
2023-10-12 09:45:25.800 3906368 WARNING os_brick.initiator.connectors.nvmeof [req-9bfe2fce-9a78-4df3-8200-0e5901016e72 db682b8df0304e36b91345b7ce594aff 12b52497ff32492f888ae0ba837c2ae6 - 16b5db126dbb42fd804296790a3f9f6a 16b5db126dbb42fd804296790a3f9f6a] Unknown error when checking presence of nvme: [Errno 13] Permission denied: 'nvme': PermissionError: [Errno 13] Permission denied: 'nvme'
2023-10-12 09:45:25.806 958579 WARNING os_brick.privileged.nvmeof [-] Could not generate host nqn: [Errno 13] Permission denied: 'nvme'
and in syslog I can see:
Oct 12 09:13:59 machine1 kernel: [18324599.319817] audit: type=1400 audit(1697102039.363:696303): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/blkid" pid=4085668 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.319844] audit: type=1400 audit(1697102039.363:696304): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/blkid" pid=4085668 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.346662] audit: type=1400 audit(1697102039.387:696305): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.346745] audit: type=1400 audit(1697102039.387:696306): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.364823] audit: type=1400 audit(1697102039.407:696307): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/nova-compute" name="/etc/nvme/hostnqn" pid=1343874 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.369262] audit: type=1400 audit(1697102039.411:696308): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085672 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.369299] audit: type=1400 audit(1697102039.411:696309): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085672 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Warnings are gone if I set the apparmor profile to complain with:
aa-complain /etc/apparmor.d/usr.bin.nova-compute
Fwiw, when the last time I looked into, access denial for blkid and nvme wasn't in the critical path although it was a valid issue for NVMEoF use case.
https:/