Virtual machine deployment fails for Permission denied of deleting the file console.log

Problem

A virtual machine deployment fails with error message like: "Build of instance ed91bbe2-7c75-467e-b458-e0861303410c was re-scheduled: Unable to delete file /var/lib/libvirt/images/nova/instances/ed91bbe2-7c75-467e-b458-e0861303410c/console.log: Permission denied".

On the compute node that the VM is scheduled to build on, you can see the logs in /var/log/nova/nova-compute.log,

2022-11-03 03:53:04.417 717354 ERROR nova.virt.libvirt.driver [req-0c5d4450-1682-49b6-a775-35dd6a41efb0 0688b01e6439ca32d698d20789d52169126fb41fb1a4ddafcebb97d854e836c9 b022f1824e99445a8314a8eda7f69f34 - default default] [instance: ed91bbe2-7c75-467e-b458-e0861303410c] Failed to start libvirt guest: libvirt.libvirtError: Unable to delete file /var/lib/libvirt/images/nova/instances/ed91bbe2-7c75-467e-b458-e0861303410c/console.log: Permission denied

Reason

It can result from the improper selinux context type of the directory /var/lib/libvirt/images/nova/instances, the selinux does not allow the nova compute service to access the directory instances.

Resolution

You can check the selinux context type of the directory /var/lib/libvirt/images/nova/instances:

ll -Z /var/lib/libvirt/images/nova/instances

Its selinux context type might not be virt_image_t:

[root@kvmt4608 nova]# ll -Z /var/lib/libvirt/images/nova/instances
total 4
drwxr-xr-x. 2 nova nova system_u:object_r:boot_t:s0 54 Nov  3 01:11 _base
-rw-r--r--. 1 nova nova system_u:object_r:boot_t:s0 41 Nov  3 03:42 compute_nodes
drwxr-xr-x. 2 nova nova system_u:object_r:boot_t:s0 93 Nov  3 01:38 locks

You can change its selinux context type to virt_image_t:

chcon -Rt virt_image_t /var/lib/libvirt/images/nova/instances

such as:

[root@kvmt4608 nova]# chcon -Rt virt_image_t /var/lib/libvirt/images/nova/instances
[root@kvmt4608 nova]# ll -Z /var/lib/libvirt/images/nova/instances
total 4
drwxr-xr-x. 2 nova nova system_u:object_r:virt_image_t:s0 54 Nov  3 01:11 _base
-rw-r--r--. 1 nova nova system_u:object_r:virt_image_t:s0 41 Nov  3 04:24 compute_nodes
drwxr-xr-x. 2 nova nova system_u:object_r:virt_image_t:s0 93 Nov  3 01:38 locks