From 1f0d31e5d5ea5f4423ee12df56c42ef6ddf8a7b5 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Wed, 22 Jan 2020 14:24:41 -0700 Subject: [PATCH] Update ro excludes When container-puppet.sh (or docker-puppet.sh) runs, we always bind mount in certain directories and files. However if these files change while we're running the puppet execution externally on the host, they end up being copied to our puppet-generated path. This path is copied into the container when kolla starts up. Because we re-mount these same paths in the end container as read-only, kolla will try and update the read-only mount which errors. This change updates our rsync excludes to include: * /etc/pki/ca-trust/extracted * /etc/pki/ca-trust/source/anchors * /etc/pki/tls/certs/ca-bundle.crt * /etc/pki/tls/certs/ca-bundle.trust.crt * /etc/pki/tls/cert.pem * /etc/hosts * /etc/localtime Conflicts: common/container-puppet.sh Change-Id: I858a7b8745688c6271b01795460ab4adbf3f2be5 Closes-Bug: #1860607 (cherry picked from commit 36ea0148e8b2ed30fb0a03fe6f812fd00657924b) --- docker/docker-puppet.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 219dbee07a..c58972eabd 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -266,7 +266,10 @@ with open(sh_script, 'w') as script_file: # Exclude read-only mounted directories/files which we do not want # to copy or delete. - ro_files="/etc/puppetlabs/ /opt/puppetlabs/" + ro_files="/etc/puppetlabs/ /opt/puppetlabs/ /etc/pki/ca-trust/extracted " + ro_files+="/etc/pki/ca-trust/source/anchors /etc/pki/tls/certs/ca-bundle.crt " + ro_files+="/etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/cert.pem " + ro_files+="/etc/hosts /etc/localtime" for ro in $ro_files; do if [ -e "$ro" ]; then exclude_files+=" --exclude=$ro"