This is in the domain xml:
<auth username='nova-compute'>
<secret type='ceph' uuid='514c9fca-8cbe-11e2-9c52-3bc8c7819472'/>
</auth>
there is nothing else in it regarding ceph. I looked at
https://libvirt.org/storage.html and don't see where you would tell qemu to
look at /var/lib/charm/ceph/ceph.conf. The way forward:
1. adjust the charm to not have qemu need to access ceph.conf
2. add the following to /etc/apparmor.d/abstractions/libvirt-qemu (assuming
there is nothing sensitive in there):
/var/lib/charm/ceph/ceph.conf r,
3. if /var/lib/charm/ceph/ceph.conf is set via some libvirt directive, adjust
virt-aa-helper and/or libvirt to add this setting to the VM-specific .files
file in /etc/apparmor.d/libvirt
I'm not well-versed with ceph and how OpenStack is using it to make a
recommendation on which is best (but am happy to discuss the correct
path forward if someone can discuss how /var/lib/charm/ceph/ceph.conf is
being set).
** Changed in: libvirt (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1403648
Title:
Apparmor denies qemu access to a number of important directories.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1403648/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
