This is happening in jammy nova-compute version 3:25.2.0-0ubuntu1
When attaching multiattach volumes the following warnings are logged:
2023-10-12 09:45:25.723 3906368 WARNING os_brick.initiator.connectors.nvmeof [req-9bfe2fce-9a78-4df3-8200-0e5901016e72 db682b8df0304e36b91345b7ce594aff 12b52497ff32492f888ae0ba837c2ae6 - 16b5db126dbb42fd804296790a3f9f6a 16b5db126dbb42fd804296790a3f9f6a] Process execution error in _get_host_uuid: [Errno 13] Permission denied Command: blkid /dev/mapper/vg0-lvroot -s UUID -o value Exit code: - Stdout: None Stderr: None: oslo_concurrency.processutils.ProcessExecutionError: [Errno 13] Permission denied 2023-10-12 09:45:25.800 3906368 WARNING os_brick.initiator.connectors.nvmeof [req-9bfe2fce-9a78-4df3-8200-0e5901016e72 db682b8df0304e36b91345b7ce594aff 12b52497ff32492f888ae0ba837c2ae6 - 16b5db126dbb42fd804296790a3f9f6a 16b5db126dbb42fd804296790a3f9f6a] Unknown error when checking presence of nvme: [Errno 13] Permission denied: 'nvme': PermissionError: [Errno 13] Permission denied: 'nvme' 2023-10-12 09:45:25.806 958579 WARNING os_brick.privileged.nvmeof [-] Could not generate host nqn: [Errno 13] Permission denied: 'nvme'
and in syslog I can see:
Oct 12 09:13:59 machine1 kernel: [18324599.319817] audit: type=1400 audit(1697102039.363:696303): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/blkid" pid=4085668 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.319844] audit: type=1400 audit(1697102039.363:696304): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/blkid" pid=4085668 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.346662] audit: type=1400 audit(1697102039.387:696305): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.346745] audit: type=1400 audit(1697102039.387:696306): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.364823] audit: type=1400 audit(1697102039.407:696307): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/nova-compute" name="/etc/nvme/hostnqn" pid=1343874 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.369262] audit: type=1400 audit(1697102039.411:696308): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085672 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Oct 12 09:13:59 machine1 kernel: [18324599.369299] audit: type=1400 audit(1697102039.411:696309): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/nova-compute" name="/usr/sbin/nvme" pid=4085672 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Warning are gone if I see the apparmor profile to complain with:
aa-complain /etc/apparmor.d/usr.bin.nova-compute
This is happening in jammy nova-compute version 3:25.2.0-0ubuntu1
When attaching multiattach volumes the following warnings are logged:
2023-10-12 09:45:25.723 3906368 WARNING os_brick. initiator. connectors. nvmeof [req-9bfe2fce- 9a78-4df3- 8200-0e5901016e 72 db682b8df0304e3 6b91345b7ce594a ff 12b52497ff32492 f888ae0ba837c2a e6 - 16b5db126dbb42f d804296790a3f9f 6a 16b5db126dbb42f d804296790a3f9f 6a] Process execution error in _get_host_uuid: [Errno 13] Permission denied vg0-lvroot -s UUID -o value y.processutils. ProcessExecutio nError: [Errno 13] Permission denied initiator. connectors. nvmeof [req-9bfe2fce- 9a78-4df3- 8200-0e5901016e 72 db682b8df0304e3 6b91345b7ce594a ff 12b52497ff32492 f888ae0ba837c2a e6 - 16b5db126dbb42f d804296790a3f9f 6a 16b5db126dbb42f d804296790a3f9f 6a] Unknown error when checking presence of nvme: [Errno 13] Permission denied: 'nvme': PermissionError: [Errno 13] Permission denied: 'nvme' privileged. nvmeof [-] Could not generate host nqn: [Errno 13] Permission denied: 'nvme'
Command: blkid /dev/mapper/
Exit code: -
Stdout: None
Stderr: None: oslo_concurrenc
2023-10-12 09:45:25.800 3906368 WARNING os_brick.
2023-10-12 09:45:25.806 958579 WARNING os_brick.
and in syslog I can see:
Oct 12 09:13:59 machine1 kernel: [18324599.319817] audit: type=1400 audit(169710203 9.363:696303) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ blkid" pid=4085668 comm="privsep- helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 9.363:696304) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ blkid" pid=4085668 comm="privsep- helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 9.387:696305) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0 9.387:696306) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ nvme" pid=4085671 comm="nova-compute" requested_mask="x" denied_mask="x" fsuid=64060 ouid=0 9.407:696307) : apparmor="DENIED" operation="open" class="file" profile= "/usr/bin/ nova-compute" name="/ etc/nvme/ hostnqn" pid=1343874 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0 9.411:696308) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ nvme" pid=4085672 comm="privsep- helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 9.411:696309) : apparmor="DENIED" operation="exec" class="file" profile= "/usr/bin/ nova-compute" name="/ usr/sbin/ nvme" pid=4085672 comm="privsep- helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Oct 12 09:13:59 machine1 kernel: [18324599.319844] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.346662] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.346745] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.364823] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.369262] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.369299] audit: type=1400 audit(169710203
Warning are gone if I see the apparmor profile to complain with:
aa-complain /etc/apparmor. d/usr.bin. nova-compute