Virtual machine deployment fails for Permission denied of deleting the file console.log
Problem
A virtual machine deployment fails with error message like: "Build of instance ed91bbe2-7c75-467e-b458-e0861303410c was re-scheduled: Unable to delete file /var/lib/libvirt/images/nova/instances/ed91bbe2-7c75-467e-b458-e0861303410c/console.log: Permission denied".
On the compute node that the VM is scheduled to build on, you can see the logs in /var/log/nova/nova-compute.log,
2022-11-03 03:53:04.417 717354 ERROR nova.virt.libvirt.driver [req-0c5d4450-1682-49b6-a775-35dd6a41efb0 0688b01e6439ca32d698d20789d52169126fb41fb1a4ddafcebb97d854e836c9 b022f1824e99445a8314a8eda7f69f34 - default default] [instance: ed91bbe2-7c75-467e-b458-e0861303410c] Failed to start libvirt guest: libvirt.libvirtError: Unable to delete file /var/lib/libvirt/images/nova/instances/ed91bbe2-7c75-467e-b458-e0861303410c/console.log: Permission denied
Reason
It can result from the improper selinux context type of the
directory
/var/lib/libvirt/images/nova/instances
,
the selinux does not allow the nova compute service to access the
directory
instances
.
Resolution
You can check the selinux context type of the directory
/var/lib/libvirt/images/nova/instances
:
ll -Z /var/lib/libvirt/images/nova/instances
Its selinux context type might not be
virt_image_t
:
[root@kvmt4608 nova]# ll -Z /var/lib/libvirt/images/nova/instances
total 4
drwxr-xr-x. 2 nova nova system_u:object_r:boot_t:s0 54 Nov 3 01:11 _base
-rw-r--r--. 1 nova nova system_u:object_r:boot_t:s0 41 Nov 3 03:42 compute_nodes
drwxr-xr-x. 2 nova nova system_u:object_r:boot_t:s0 93 Nov 3 01:38 locks
You can change its selinux context type to
virt_image_t
:
chcon -Rt virt_image_t /var/lib/libvirt/images/nova/instances
such as:
[root@kvmt4608 nova]# chcon -Rt virt_image_t /var/lib/libvirt/images/nova/instances
[root@kvmt4608 nova]# ll -Z /var/lib/libvirt/images/nova/instances
total 4
drwxr-xr-x. 2 nova nova system_u:object_r:virt_image_t:s0 54 Nov 3 01:11 _base
-rw-r--r--. 1 nova nova system_u:object_r:virt_image_t:s0 41 Nov 3 04:24 compute_nodes
drwxr-xr-x. 2 nova nova system_u:object_r:virt_image_t:s0 93 Nov 3 01:38 locks