Change /run bind mount for neutron/openvswitch
Currently we have a very wide /run mount for all Neutron/OVS services, which allows sudo/rootwrap to contact with the hosts dbus - all symptoms are documented in the related bug. Since we use tcp connections to OVS from Neutron agents - removing bind mounts. Closes-Bug: #1861792 Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
This commit is contained in:
Michal Nasiadka
@@ -247,7 +247,6 @@ ironic_neutron_agent_dimensions: "{{ default_container_dimensions }}"
|
|||||||
neutron_dhcp_agent_default_volumes:
|
neutron_dhcp_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run/:/run/:shared"
|
|
||||||
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
@@ -255,27 +254,23 @@ neutron_l3_agent_default_volumes:
|
|||||||
- "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
neutron_sriov_agent_default_volumes:
|
neutron_sriov_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
neutron_linuxbridge_agent_default_volumes:
|
neutron_linuxbridge_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-linuxbridge-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-linuxbridge-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
neutron_metadata_agent_default_volumes:
|
neutron_metadata_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run/:/run/:shared"
|
|
||||||
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
@@ -283,7 +278,6 @@ neutron_openvswitch_agent_default_volumes:
|
|||||||
- "{{ node_config_directory }}/neutron-openvswitch-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-openvswitch-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
neutron_server_default_volumes:
|
neutron_server_default_volumes:
|
||||||
@@ -294,24 +288,20 @@ neutron_server_default_volumes:
|
|||||||
neutron_bgp_dragent_default_volumes:
|
neutron_bgp_dragent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-bgp-dragent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-bgp-dragent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
neutron_infoblox_ipam_agent_default_volumes:
|
neutron_infoblox_ipam_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
neutron_openvswitch_agent_xenapi_default_volumes:
|
neutron_openvswitch_agent_xenapi_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-openvswitch-agent-xenapi/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-openvswitch-agent-xenapi/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
neutron_metering_agent_default_volumes:
|
neutron_metering_agent_default_volumes:
|
||||||
- "{{ node_config_directory }}/neutron-metering-agent/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/neutron-metering-agent/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run:/run:shared"
|
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
||||||
ironic_neutron_agent_default_volumes:
|
ironic_neutron_agent_default_volumes:
|
||||||
|
|||||||
@@ -55,14 +55,14 @@ openvswitch_db_default_volumes:
|
|||||||
- "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
- "/run/openvswitch:/run/openvswitch:shared"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "openvswitch_db:/var/lib/openvswitch/"
|
- "openvswitch_db:/var/lib/openvswitch/"
|
||||||
openvswitch_vswitchd_default_volumes:
|
openvswitch_vswitchd_default_volumes:
|
||||||
- "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
- "/run/openvswitch:/run/openvswitch:shared"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
|
||||||
openvswitch_extra_volumes: "{{ default_extra_volumes }}"
|
openvswitch_extra_volumes: "{{ default_extra_volumes }}"
|
||||||
|
|||||||
@@ -78,14 +78,14 @@ ovsdpdk_vswitchd_dimensions: "{{ default_container_dimensions }}"
|
|||||||
ovsdpdk_db_default_volumes:
|
ovsdpdk_db_default_volumes:
|
||||||
- "{{ node_config_directory }}/ovsdpdk-db/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/ovsdpdk-db/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/run:/run:shared"
|
- "/run/openvswitch:/run/openvswitch:shared"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "ovsdpdk_db:/var/lib/openvswitch/"
|
- "ovsdpdk_db:/var/lib/openvswitch/"
|
||||||
ovsdpdk_vswitchd_default_volumes:
|
ovsdpdk_vswitchd_default_volumes:
|
||||||
- "{{ node_config_directory }}/ovsdpdk-vswitchd/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/ovsdpdk-vswitchd/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/lib/modules:/lib/modules:ro"
|
- "/lib/modules:/lib/modules:ro"
|
||||||
- "/run:/run:shared"
|
- "/run/openvswitch:/run/openvswitch:shared"
|
||||||
- "/dev:/dev:shared"
|
- "/dev:/dev:shared"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
|
||||||
|
|||||||
5
releasenotes/notes/bug-1861792-a44a31693b0c786f.yaml
Normal file
5
releasenotes/notes/bug-1861792-a44a31693b0c786f.yaml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Remove /run bind mounts in Neutron services causing dbus host-level
|
||||||
|
errors `LP# 1861792 <https://launchpad.net/bugs/1861792>`.
|
||||||
Reference in New Issue
Block a user