Problem: libvirt password/key injection uses libguestfs to mount the
guest filesystem. libguestfs uses a supermin appliance, and in order to
create this appliance, libguestfs (running as nova user) must read the
host's kernel. Unfortunately, Ubuntu sets file permissions which make
compressed kernels non-readable to non-root users, and this breaks
libvirt password/key injection on compute hosts running Ubuntu.
Solution: When compute hosts are running Ubuntu AND the deployer has
enabled libvirt password or SSH key injection, do the following:
- Run `dpkg-statoverride` to set file permissions on compressed
kernel (/boot/vmlinuz-*), readable to group 'nova'
- Install a script which does same for each new kernel installed via
system updates in the future
Related-Bug: #1507915
Change-Id: Ic96b69bb80ce11001b2ee5d63324a12b0f68456d
2bd15db036