OpenStack Nova fails to connect to libvirt (not socket issue!)

Alex Vrublevskiy

1/12/23, 8:06 AM

We're trying to deploy OpenStack on hardened Debian-based Linux distro via Kolla-ansible and we seem to be almost done but facing the issue with the nova_compute container which complaints:

2021-09-12 08:56:34.365 7 INFO nova.virt.libvirt.driver [-] Connection event '0' reason. 
 'Failed to connect to libvirt: Unable to query peer security context: No data available

and restarts permanently.

Here are relevant config snippets:

(venv) root@server11:~# grep nova /etc/kolla/globals.yml 
nova_backend_ceph                  : "yes"
nova_compute_virt_type             : "qemu"
(venv) root@server11:~# cat /etc/kolla/config/nova/nova-compute.conf 
[libvirt]
virt_type=qemu
cpu_mode = none
(venv) root@server11:~#

Tried to figure out the root cause myself, read the docs, googled but to no avail, so any suggestions on how to fix the issue will be highly appreciated.

155

0 + 0

libvirt

openstack

kolla-ansible

nova

Score:0

Server

DanielB

1/13/23, 9:20 AM

This error message means that the getpeercon() method failed. This method is only run it libvirt is built with SELinux support. The "No data available" return value suggests perhaps SELinux is turned off, but that should already have been caught by the "ENOSYS" / "NOPROTOOPT" checks.

0 + 0

Alex Vrublevskiy

1/13/23, 10:43 AM

Thanks, DanielB! Neither host distro (Astra Linux, hardened Debian 9 derivative) nor containers' base image (Ubuntu) have nothing to do with SELinux. Bearing in this in mind, did I understand correctly according to your answer the way to work around the issue is to customize Kolla-ansible in nova_libvirt part to use libvirt built without SELinux support?

Michael Hampton

1/13/23, 4:14 PM

Astra Linux has replaced SELinux with its own unique mandatory access control system. That may be why libvirt has gotten confused? In any case, a build of libvirt and its related packages without SELinux support seems like the way to go.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: OpenStack Nova fails to connect to libvirt (not socket issue!)

TH: OpenStack Nova ไม่สามารถเชื่อมต่อกับ libvirt (ไม่ใช่ปัญหาซ็อกเก็ต!)

RO: OpenStack Nova nu reușește să se conecteze la libvirt (nu o problemă cu socket!)

RU: OpenStack Nova не может подключиться к libvirt (это не проблема сокета!)

VI: OpenStack Nova không kết nối được với libvirt (không phải sự cố ổ cắm!)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.