2014-11-25 23:54:42.445 16907 TRACE nova Traceback (most recent call last):
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/venv/bin/nova-api", line 10, in <module>
2014-11-25 23:54:42.445 16907 TRACE nova sys.exit(main())
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/cmd/api.py", line 53, in main
2014-11-25 23:54:42.445 16907 TRACE nova server = service.WSGIService(api, use_ssl=should_use_ssl)
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/service.py", line 330, in __init__
2014-11-25 23:54:42.445 16907 TRACE nova self.manager = self._get_manager()
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/service.py", line 374, in _get_manager
2014-11-25 23:54:42.445 16907 TRACE nova return manager_class()
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/api/manager.py", line 30, in __init__
2014-11-25 23:54:42.445 16907 TRACE nova self.network_driver.metadata_accept()
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/network/linux_net.py", line 666, in metadata_accept
2014-11-25 23:54:42.445 16907 TRACE nova iptables_manager.apply()
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/network/linux_net.py", line 434, in apply
2014-11-25 23:54:42.445 16907 TRACE nova self._apply()
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/openstack/common/lockutils.py", line 249, in inner
2014-11-25 23:54:42.445 16907 TRACE nova return f(*args, **kwargs)
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/network/linux_net.py", line 454, in _apply
2014-11-25 23:54:42.445 16907 TRACE nova attempts=5)
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/network/linux_net.py", line 1211, in _execute
2014-11-25 23:54:42.445 16907 TRACE nova return utils.execute(*cmd, **kwargs)
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/utils.py", line 165, in execute
2014-11-25 23:54:42.445 16907 TRACE nova return processutils.execute(*cmd, **kwargs)
2014-11-25 23:54:42.445 16907 TRACE nova File "/opt/openstack/src/nova/nova/openstack/common/processutils.py", line 195, in execute
2014-11-25 23:54:42.445 16907 TRACE nova cmd=sanitized_cmd)
2014-11-25 23:54:42.445 16907 TRACE nova ProcessExecutionError: Unexpected error while running command.
2014-11-25 23:54:42.445 16907 TRACE nova Command: sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c
2014-11-25 23:54:42.445 16907 TRACE nova Exit code: 1
2014-11-25 23:54:42.445 16907 TRACE nova Stdout: u''
2014-11-25 23:54:42.445 16907 TRACE nova Stderr: u'sudo: no tty present and no askpass program specified\n'
이유인 즉슨 /opt/openstack/src/nova/nova/utils.py 소스에 아래와 같이 컨피그 불가능한 커맨드(nova-rootwrap)가 밖혀 있다..
156
157 def _get_root_helper():
158 return 'sudo nova-rootwrap %s' % CONF.rootwrap_config
159
결국 /etc/environment의 PATH를 수정해도 사실 전혀 연관이 없었고
/etc/login.defs 의 ENV_PATH와 ENV_SUPATH 값을 수정해서 실제 유저의 PATH값을 수정했으나 이게 작동하지는 않았다..
이유인 즉슨.. /etc/sudoers.d/nova_sudoers 를 이용해서 사용하기 때문에 sudo시 저 PATH값을 이용하지 않는 문제가.. 그래서 저 /etc/sudoers.d/nova_sudoers 파일안에 추가적인 옵션이 필요하다..
결국 아래와 같이 secure_path 옵션으로 PATH를 추가해서 해결 했다..
root@control0:~# cat /etc/sudoers.d/nova_sudoers
Defaults:nova !requiretty
Defaults:nova secure_path="/opt/openstack/venv/bin:/usr/local/bin:/usr/bin:/bin"
nova ALL = (root) NOPASSWD: /opt/openstack/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *
secure_path 의 설명은 다음과 같다.
Path used for every command run from sudo. If you don't trust the people running sudo to have a sane PATH environment variable you may want to use this. Another use is if you want to have the “root path” be separate from the “user path”. Users in the group specified by the exempt_group option are not affected by secure_path. This option is not set by default.
Path used for every command run from sudo. If you don't trust the people running sudo to have a sane PATH environment variable you may want to use this. Another use is if you want to have the “root path” be separate from the “user path”. Users in the group specified by the exempt_group option are not affected by secure_path. This option is not set by default.
댓글 없음:
댓글 쓰기