Nate Johnston 107efc1f5e Add setfacl statements for neutron metadata proxy ... Statements to setfacl on fast forward upgrade were added for the l3 agent container and the neutron dhcp container. But they are missing from the metadata proxy container, which can lead to this sort of thing after an FFU upgrade - but not immediately, waiting for the metadata container to restart. After restarting neutron_metadata_agent, the permission will be changed as follows. [root@overcloud-controller-0 neutron]# ll total 24 drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:57 dhcp -rwxrwxr-x+ 1 42435 42435 998 Jun 18 08:43 dhcp_haproxy_wrapper -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper -rwxrwxr-x+ 1 42435 42435 995 Jun 18 08:43 dnsmasq_wrapper drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:59 ha_confs srwxrwxr-x+ 1 42435 42435 0 Jun 20 02:23 keepalived-state-change -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper -rwxrwxr-x+ 1 42435 42435 996 Jun 18 08:43 l3_haproxy_wrapper srw-rwxr--+ 1 42435 42435 0 Jun 20 02:24 metadata_proxy [root@overcloud-controller-0 neutron]# getfacl metadata_proxy # file: metadata_proxy # owner: 42435 # group: 42435 user::rw- user:neutron:rwx group::r-x mask::rwx other::r-- [root@overcloud-controller-0 neutron]# docker restart neutron_metadata_agent neutron_metadata_agent [root@overcloud-controller-0 neutron]# ll total 24 drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:57 dhcp -rwxrwxr-x+ 1 42435 42435 998 Jun 18 08:43 dhcp_haproxy_wrapper -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper -rwxrwxr-x+ 1 42435 42435 995 Jun 18 08:43 dnsmasq_wrapper drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:59 ha_confs srwxrwxr-x+ 1 42435 42435 0 Jun 20 02:23 keepalived-state-change -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper -rwxrwxr-x+ 1 42435 42435 996 Jun 18 08:43 l3_haproxy_wrapper srw-r--r--+ 1 42435 42435 0 Jun 20 02:29 metadata_proxy [root@overcloud-controller-0 neutron]# getfacl metadata_proxy # file: metadata_proxy # owner: 42435 # group: 42435 user::rw- user:neutron:rwx #effective:r-- group::r-x #effective:r-- mask::r-- other::r-- Change-Id: Idec372ae008cab9b27bd1ddc79b6b50c1de98563		2020-02-19 17:08:01 -05:00
..
derive_pci_passthrough_whitelist.py	Derives NovaPCIPassthrough per SR-IOV node	2019-10-22 16:40:07 +05:30
neutron-agents-ib-config-container-puppet.yaml	Add DeployIdentifier to extra config containers	2020-01-22 15:16:12 -03:30
neutron-api-container-puppet.yaml	Merge "Update ffwd-upgrade branch names"	2020-02-01 21:51:45 +00:00
neutron-base.yaml	Remove extraneous references to RpcXXX parameters	2019-06-14 08:12:32 -04:00
neutron-bgpvpn-api-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-bgpvpn-bagpipe-baremetal-puppet.yaml	step3: flatten the neutron service configurations	2019-02-27 15:17:32 -05:00
neutron-bigswitch-agent-baremetal-puppet.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-cleanup	step2: flatten the neutron service configurations	2019-02-04 07:56:02 -05:00
neutron-cleanup.service	step2: flatten the neutron service configurations	2019-02-04 07:56:02 -05:00
neutron-compute-plugin-nuage.yaml	Convert firewall rules to use TripleO-Ansible	2019-11-18 15:40:22 -06:00
neutron-controller-plugin-nuage.yaml	Fix nuage firewall rules	2019-12-23 11:31:44 -06:00
neutron-dhcp-container-puppet.yaml	Update ffwd-upgrade branch names	2020-01-27 19:42:40 +00:00
neutron-l2gw-agent-baremetal-puppet.yaml	Fix rsyslog issues	2019-12-03 18:53:31 +00:00
neutron-l2gw-api-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-l3-compute-dvr.yaml	Remove fluentd composable service	2019-08-29 13:52:55 +01:00
neutron-l3-container-puppet.yaml	Update ffwd-upgrade branch names	2020-01-27 19:42:40 +00:00
neutron-linuxbridge-agent-baremetal-puppet.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-metadata-container-puppet.yaml	Add setfacl statements for neutron metadata proxy	2020-02-19 17:08:01 -05:00
neutron-mlnx-agent-container-puppet.yaml	Add DeployIdentifier to extra config containers	2020-01-22 15:16:12 -03:30
neutron-ovn-dpdk-config-container-puppet.yaml	Move KernelArgs and OvS-DPDK deployment to ansible role	2019-10-23 10:12:42 +05:30
neutron-ovs-agent-container-puppet.yaml	Merge "Update ffwd-upgrade branch names"	2020-02-01 21:51:45 +00:00
neutron-ovs-dpdk-agent-container-puppet.yaml	Convert firewall rules to use TripleO-Ansible	2019-11-18 15:40:22 -06:00
neutron-plugin-ml2-ansible-container-puppet.yaml	Add redis password for ml2 ansible coordination	2019-09-11 19:07:32 +10:00
neutron-plugin-ml2-cisco-vts-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-plugin-ml2-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-plugin-ml2-fujitsu-cfab.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-plugin-ml2-fujitsu-fossw.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml	Added the ability to disable Mellanox SDN sync	2019-11-07 14:55:10 +02:00
neutron-plugin-ml2-nuage.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-plugin-ml2-ovn.yaml	OVN: Add ovn_emit_need_to_frag configuration option	2019-10-22 16:03:38 +01:00
neutron-plugin-ml2.yaml	Change default value for NeutronPluginExtensions	2019-12-11 10:49:41 +01:00
neutron-plugin-nsx-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-plugin-nuage.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00
neutron-sfc-api-container-puppet.yaml	Convert Docker*Image parameters	2019-06-05 14:33:44 -06:00
neutron-sriov-agent-container-puppet.yaml	Remove unnecessary slash volume maps	2019-12-04 20:32:14 +02:00
neutron-vpp-agent-baremetal-puppet.yaml	Move neutron base, plugins to deployment	2019-05-13 10:05:46 -04:00