openstack
/
tripleo-heat-templates
Code Issues Proposed changes
tripleo-heat-templates/docker
History
Nate Johnston cbfbeb3430 Add setfacl statements for neutron metadata proxy 
Statements to setfacl on fast forward upgrade were added for the l3
agent container and the neutron dhcp container.  But they are missing
from the metadata proxy container, which can lead to this sort of thing
after an FFU upgrade - but not immediately, waiting for the metadata
container to restart.  After restarting neutron_metadata_agent, the permission will be changed as follows.

  [root@overcloud-controller-0 neutron]# ll
  total 24
  drwxrwxr-x+ 2 42435 42435    6 Jun 18 08:57 dhcp
  -rwxrwxr-x+ 1 42435 42435  998 Jun 18 08:43 dhcp_haproxy_wrapper
  -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper
  -rwxrwxr-x+ 1 42435 42435  995 Jun 18 08:43 dnsmasq_wrapper
  drwxrwxr-x+ 2 42435 42435    6 Jun 18 08:59 ha_confs
  srwxrwxr-x+ 1 42435 42435    0 Jun 20 02:23 keepalived-state-change
  -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper
  -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper
  -rwxrwxr-x+ 1 42435 42435  996 Jun 18 08:43 l3_haproxy_wrapper
  srw-rwxr--+ 1 42435 42435    0 Jun 20 02:24 metadata_proxy
  [root@overcloud-controller-0 neutron]# getfacl metadata_proxy
  # file: metadata_proxy
  # owner: 42435
  # group: 42435
  user::rw-
  user:neutron:rwx
  group::r-x
  mask::rwx
  other::r--

  [root@overcloud-controller-0 neutron]# docker restart neutron_metadata_agent
  neutron_metadata_agent
  [root@overcloud-controller-0 neutron]# ll
  total 24
  drwxrwxr-x+ 2 42435 42435    6 Jun 18 08:57 dhcp
  -rwxrwxr-x+ 1 42435 42435  998 Jun 18 08:43 dhcp_haproxy_wrapper
  -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper
  -rwxrwxr-x+ 1 42435 42435  995 Jun 18 08:43 dnsmasq_wrapper
  drwxrwxr-x+ 2 42435 42435    6 Jun 18 08:59 ha_confs
  srwxrwxr-x+ 1 42435 42435    0 Jun 20 02:23 keepalived-state-change
  -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper
  -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper
  -rwxrwxr-x+ 1 42435 42435  996 Jun 18 08:43 l3_haproxy_wrapper
  srw-r--r--+ 1 42435 42435    0 Jun 20 02:29 metadata_proxy
  [root@overcloud-controller-0 neutron]# getfacl metadata_proxy
  # file: metadata_proxy
  # owner: 42435
  # group: 42435
  user::rw-
  user:neutron:rwx                #effective:r--
  group::r-x                      #effective:r--
  mask::r--
  other::r--

Change-Id: Idec372ae008cab9b27bd1ddc79b6b50c1de98563
(cherry picked from commit 107efc1f5e)
 		2020-02-27 16:48:11 +00:00
..
services Add setfacl statements for neutron metadata proxy 2020-02-27 16:48:11 +00:00
README-containers.md Replace outdated instruction with link to upstream doc 2017-07-10 16:32:58 +02:00
docker-puppet.py Update ro excludes 2020-02-07 14:50:23 +00:00
docker-toool Set ulimit for neutron agent containers 2018-04-09 05:37:30 +00:00