From 9212c7c07ac39d5cf397598348e89298bcf6f8b2 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Fri, 13 Dec 2019 12:01:57 +0000 Subject: [PATCH] Mount /boot from the host within the nova-compute container libguestfs expects to find /boot/vmlinuz-* for the running version of the kernel. This check is duplicated in nova-compute when libguestfs has failed to launch, providing a useful bread crumb for operators [1]. Obviously when this is called from within the nova-compute container in the context of a TripleO deployment this can easily fail after a minor update that has pulled in a newer container containing a newer kernel. This check could also fail in the opposite case if the host kernel is updated past the version present in the container. This change works around this by simply passing /boot as read-only through to the nova-compute container ensure libguestfs is able to always find the correct version of vmlinuz. This should also allow us to eventually drop the kernel RPM from the nova-compute container that has been a constant source of maintenance overhead in terms of CVEs etc. [1] https://github.com/openstack/nova/blob/aa096fd18352fb9da94069ec2cab478eed5c6cca/nova/virt/disk/vfs/guestfs.py#L75-L97 Conflicts: deployment/nova/nova-compute-container-puppet.yaml Change-Id: Iadef8f3300bb1b5b995052c1a35a1becbfd5730c (cherry picked from commit 9c5c36632d23a693a60e490b3046b07b126b9154) (cherry picked from commit 02faf53ea8bb672060c7cfedbc093d5cff809307) (cherry picked from commit 1f5c51d5d0f65f4a3da3666813f23b383ec0fd2a) (cherry picked from commit bb277211658103484313746d749844a01f1a11e4) --- docker/services/nova-compute.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index cdaa50b19e..fb54ee77cc 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -250,6 +250,7 @@ outputs: - /var/lib/libvirt:/var/lib/libvirt - /sys/class/net:/sys/class/net - /sys/bus/pci:/sys/bus/pci + - /boot:/boot:ro environment: list_concat: - {get_param: NovaComputeOptEnvVars}