openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Don't use the z flag in case NovaNfsEnabled is true 

Deployment with enabled NFS share for nova ephemeral storage fails. Podman
fails to relable with mounted nfs in /var/lib/nova/instances and container
fail to start with "operation not supported".
This change only sets the z flag for the /var/lib/nova in case nfs is not
enabled for the compute.

Change-Id: I732c0c3e0b3eb1b52f0df58568ec3a42f3d6d1a1
Closes-Bug: #1835503
This commit is contained in:
Martin Schuppert 2019-07-05 12:15:03 +02:00
parent 2fd958eb64
commit b56c521e01
5 changed files with 112 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
deployment/nova/nova-compute-container-puppet.yaml
View File

@ -433,6 +433,13 @@ conditions:
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
outputs:
role_data:
description: Role data for the Nova Compute service.
@ -599,8 +606,16 @@ outputs:
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/container-config-scripts/:/container-config-scripts/:z
list_concat:
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
- /var/lib/container-config-scripts/:/container-config-scripts/:z
command: "/container-config-scripts/pyshim.sh /container-config-scripts/nova_statedir_ownership.py"
environment:
# NOTE: this should force this container to re-run on each
@ -663,10 +678,16 @@ outputs:
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
-
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
if:
- {equals: [{get_param: MultipathdEnable}, true]}

35
deployment/nova/nova-ironic-container-puppet.yaml
View File

@ -44,6 +44,21 @@ parameters:
default: false
description: Whether to enable the multipath daemon
type: boolean
NovaNfsEnabled:
default: false
description: Whether to enable or not the NFS backend for Nova
type: boolean
tags:
- role_specific
conditions:
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
resources:
@ -127,8 +142,16 @@ outputs:
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/container-config-scripts/:/container-config-scripts/
list_concat:
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
- /var/lib/container-config-scripts/:/container-config-scripts/
command: "/container-config-scripts/pyshim.sh /container-config-scripts/nova_statedir_ownership.py"
step_4:
nova_compute:
@ -149,8 +172,14 @@ outputs:
- /run:/run
- /dev:/dev
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/nova/:/var/lib/nova:shared,z
- /var/log/containers/nova:/var/log/nova:z
-
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
if:
- {equals: [{get_param: MultipathdEnable}, true]}

29
deployment/nova/nova-libvirt-container-puppet.yaml
View File

@ -206,6 +206,12 @@ parameters:
description: The password for the libvirt service when TLS is enabled
type: string
hidden: true
NovaNfsEnabled:
default: false
description: Whether to enable or not the NFS backend for Nova
type: boolean
tags:
- role_specific
conditions:
@ -287,6 +293,13 @@ conditions:
- {get_param: ContainerCli}
- 'docker'
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
resources:
RoleParametersValue:
type: OS::Heat::Value
@ -629,11 +642,17 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova:shared,z
- /var/run/libvirt:/var/run/libvirt:shared,z
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu:ro
- /var/log/libvirt/qemu:/var/log/libvirt/qemu
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_libvirt:
@ -660,13 +679,19 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova:shared,z
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /var/log/containers/libvirt:/var/log/libvirt:z
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/lib/vhost_sockets:/var/lib/vhost_sockets:z
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
if:
- docker_enabled

22
deployment/nova/nova-migration-target-container-puppet.yaml
View File

@ -54,6 +54,12 @@ parameters:
default: 2022
description: Target port for migration over ssh
type: number
NovaNfsEnabled:
default: false
description: Whether to enable or not the NFS backend for Nova
type: boolean
tags:
- role_specific
resources:
@ -69,6 +75,14 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
outputs:
role_data:
description: Role data for the Nova Migration Target service.
@ -148,7 +162,13 @@ outputs:
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ssh/:/host-ssh/:ro
- /run/libvirt:/run/libvirt
- /var/lib/nova:/var/lib/nova:shared
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
post_upgrade_tasks:

8
releasenotes/notes/nova_nfs_enabled_podman-a92ea12cd4cd92c8.yaml Normal file
View File

@ -0,0 +1,8 @@
---
fixes:
- |
Deployment with enabled NFS share for nova ephemeral storage fails. Podman
fails to relable with mounted nfs in /var/lib/nova/instances and container
fail to start with "operation not supported".
This change only sets the z flag for the /var/lib/nova in case nfs is not
enabled for the compute.