Nova Compute Crashes while Starting due to Authorization requires authentication but no agent is available

Asked by nkaderfe@gmail.com on 2013-06-06

I am trying to setup a Multi Node Setup with Quantum. I used devstack.sh for my installation and everything went through on Control Node. But On my Compute Node I could see Nova Compute couldn't start with the following error

I saw similar https://bugs.launchpad.net/devstack/+bug/1086784 (issues on Fedora) being reported , but not on Ubuntu. I am using Ubuntu and running into the same issue

Can someone help me out to proceed further, Workaround should be good enough.

I am using Grizzly Version of Open Stack , with 0.10.2 libvirtd and 1.4.0 ovs

stack@ovs-3:~/devstack$ sudo libvirtd --version
libvirtd (libvirt) 0.10.2

stack@ovs-3:~/devstack$ sudo ovs-vsctl show
b95781a9-ed8e-4b06-bf4f-5e5b2ebc960e
    Bridge br-int
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-1"
            Interface "gre-1"
                type: gre
                options: {in_key=flow, out_key=flow, remote_ip="172.21.53.168"}
    ovs_version: "1.4.0+build0"

Error Log:

2013-06-05 16:39:09.091 DEBUG nova.service [-] network_topic : network from (pid=17191) wait /opt/stack/nova/nova/service.py:188
2013-06-05 16:39:09.092 AUDIT nova.service [-] Starting compute node (version 2012.2.5-LOCALBRANCH:LOCALREVISION)
2013-06-05 16:39:09.092 DEBUG nova.virt.libvirt.driver [-] Connecting to libvirt: qemu:///system from (pid=17191) _get_connection /opt/stack/nova/nova/virt/libvirt/driver.py:344
libvir: XML-RPC error : authentication failed: Authorization requires authentication but no agent is available.
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 346, in fire_timers
    timer()
  File "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/timer.py", line 56, in __call__
    cb(*args, **kw)
  File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 163, in _do_send
    waiter.switch(result)
  File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 194, in main
    result = function(*args, **kwargs)
  File "/opt/stack/nova/nova/service.py", line 132, in run_server
    server.start()
  File "/opt/stack/nova/nova/service.py", line 398, in start
    self.manager.init_host()
  File "/opt/stack/nova/nova/compute/manager.py", line 268, in init_host
    self.driver.init_host(host=self.host)
  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 334, in init_host
    if not self.has_min_version(MIN_LIBVIRT_VERSION):
  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 323, in has_min_version
    libvirt_version = self._conn.getLibVersion()
  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 351, in _get_connection
    self._connect, self.uri, self.read_only)
  File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 147, in proxy_call
    rv = execute(f,*args,**kwargs)
  File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 76, in tworker
    rv = meth(*args,**kwargs)
  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 405, in _connect
    return libvirt.openAuth(uri, auth, 0)
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 102, in openAuth
    if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed: Authorization requires authentication but no agent is available.

2013-06-05 16:39:09.119 CRITICAL nova [-] authentication failed: Authorization requires authentication but no agent is available.

2013-06-05 16:39:09.119 TRACE nova Traceback (most recent call last):
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/bin/nova-compute", line 48, in <module>
2013-06-05 16:39:09.119 TRACE nova service.wait()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/service.py", line 659, in wait
2013-06-05 16:39:09.119 TRACE nova _launcher.wait()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/service.py", line 192, in wait
2013-06-05 16:39:09.119 TRACE nova super(ServiceLauncher, self).wait()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/service.py", line 162, in wait
2013-06-05 16:39:09.119 TRACE nova service.wait()
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 168, in wait
2013-06-05 16:39:09.119 TRACE nova return self._exit_event.wait()
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 116, in wait
2013-06-05 16:39:09.119 TRACE nova return hubs.get_hub().switch()
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 187, in switch
2013-06-05 16:39:09.119 TRACE nova return self.greenlet.switch()
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 194, in main
2013-06-05 16:39:09.119 TRACE nova result = function(*args, **kwargs)
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/service.py", line 132, in run_server
2013-06-05 16:39:09.119 TRACE nova server.start()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/service.py", line 398, in start
2013-06-05 16:39:09.119 TRACE nova self.manager.init_host()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/compute/manager.py", line 268, in init_host
2013-06-05 16:39:09.119 TRACE nova self.driver.init_host(host=self.host)
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 334, in init_host
2013-06-05 16:39:09.119 TRACE nova if not self.has_min_version(MIN_LIBVIRT_VERSION):
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 323, in has_min_version
2013-06-05 16:39:09.119 TRACE nova libvirt_version = self._conn.getLibVersion()
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 351, in _get_connection
2013-06-05 16:39:09.119 TRACE nova self._connect, self.uri, self.read_only)
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 147, in proxy_call
2013-06-05 16:39:09.119 TRACE nova rv = execute(f,*args,**kwargs)
2013-06-05 16:39:09.119 TRACE nova File "/usr/local/lib/python2.7/dist-packages/eventlet/tpool.py", line 76, in tworker
2013-06-05 16:39:09.119 TRACE nova rv = meth(*args,**kwargs)
2013-06-05 16:39:09.119 TRACE nova File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 405, in _connect
2013-06-05 16:39:09.119 TRACE nova return libvirt.openAuth(uri, auth, 0)
2013-06-05 16:39:09.119 TRACE nova File "/usr/lib/python2.7/dist-packages/libvirt.py", line 102, in openAuth
2013-06-05 16:39:09.119 TRACE nova if ret is None:raise libvirtError('virConnectOpenAuth() failed')
2013-06-05 16:39:09.119 TRACE nova libvirtError: authentication failed: Authorization requires authentication but no agent is available.
2013-06-05 16:39:09.119 TRACE nova
2013-06-05 16:39:09.119 TRACE nova
stack@ovs-3:~/nova$

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
2013-06-06
Last reply:
2013-06-18
Patrick Vinas (patrickvinas) said : #1

Looks like the kind of error you'd get if there's no path from the compute node to the keystone service on the controller node. Check your nova configs on the compute node to ensure the keystone auth stuff is configured correctly, and double check that there's no problem with network communication between the nodes.

Keith Tobin (keith-tobin) said : #2

It seems that openstack is not authenticating properly with libvirt,

The libvirtd daemon can be configured with a number of different authentication schemes. Out of the box it will use PolicyKit to authenticate clients, and thus Nova packages on Fedora / RHEL / EPEL include a policykit configuration file which grants Nova the ability to connect to libvirt. Administrators may, however, decide to use a different configuration scheme, for example, SASL. If the scheme chosen required a username+password, there was no way for Nova’s libvirt driver to provide these authentication credentials. Fortunately the libvirt client has the ability to lookup credentials in a local file. Unfortunately the way Nova connected to libvirt prevented this from working. Thus the way the Nova libvirt driver used openAuth() was fixed to allow the default credential lookup logic to work. It is now possible to require authentication between Nova and libvirt thus:
# augtool -s set /files/etc/libvirt/libvirtd.conf/auth_unix_rw sasl
Saved 1 file(s)
# saslpasswd -a libvirt nova
Password: XYZ
Again (for verification): XYZ
# su – nova -s /bin/sh
$ mkdir -p $HOME/.config/libvirt
$ cat > $HOME/.config/libvirt/auth.conf <<EOF
[credentials-nova]
authname=nova
password=XYZ
[auth-libvirt-localhost]
credentials=nova
EOF

Can you help with this problem?

Provide an answer of your own, or ask nkaderfe@gmail.com for more information if necessary.

To post a message you must log in.