x/microstack
Code Issues Proposed changes
0ba5358865
microstack/patches/open-iscsi/0001-Use-a-snap-specific-abstract-socket-address.patch
Dmitrii Shcherbakov 780a4c4ead Use focal/core20/Ussuri/OVN & enable confinement 
Major changes:

* Plumbing necessary for strict confinement with
  the microstack-support interface
  https://github.com/snapcore/snapd/pull/8926
  * Until the interface is merged, devmode will be used and kernel
    modules will be loaded via an auxiliary service.
* upgraded OpenStack components to Focal (20.04) and OpenStack Ussuri;
  * reworked the old patches;
  * added the Placement service since it is now separate;
  * addressed various build issues due to changes in snapcraft and
    built dependencies:
    * e.g. libvirt requires the build directory to be separate from the
      source directory) and LP: #1882255;
    * LP: #1882535 and https://github.com/pypa/pip/issues/8414
    * LP: #1882839
    * LP: #1885294
    * https://storyboard.openstack.org/#!/story/2007806
    * LP: #1864589
    * LP: #1777121
    * LP: #1881590
* ML2/OVS replated with ML2/OVN;
  * dnsmasq is not used anymore;
  * neutron l3 and DHCP agents are not used anymore;
  * Linux network namespaces are only used for
    neutron-ovn-metadata-agent.
  * ML2 DNS support is done via native OVN mechanisms;
  * OVN-related database services (southbound and northbound dbs);
  * OVN-related control plane services (ovn-controller, ovn-northd);
* core20 base support (bionic hosts are supported);
* the removal procedure now relies on the "remove" hook since `snap
remove` cannot be used from the confined environment anymore;
* prerequisites to enabling AppArmor confinement for QEMU processes
  created by the confined libvirtd.
* Added the Spice html5 console proxy service to enable clients to
  retrieve and use it via
  `microstack.openstack console url show --spice <servername>`.
* Added missing Cinder templates and DB migrations for the Cinder DB.
* Added experimental support for a loop device-based LVM backend for
  Cinder. Due to LP: #1892895 this is not recommended to be used in
  production except for tempest testing with an applied workaround;
  * includes iscsid and iscsi-tcp kernel module loading;
  * includes LIO and loading of relevant kernel modules;
  * An LVM PV is created on top of a loop device with a backing file
  present in $SNAP_COMMON/cinder-lvm.img;
  * A VG is created on top of the PV;
  * LVs are created by Cinder and exported via LIO over iscsi to iscsid
  which hot-plugs new SCSI devices. Those SCSI devices are then
  propagated by Nova to libvirt and QEMU during volume attachment;
* Added post-deployment testing via rally and tempest (via the
  microstack-test snap). A set of tests included into Refstack 2018.02
  is executed (except for object storage tests due to the lack of object
  storage support).

Change-Id: Ic70770095860a57d5e0a55a8a9451f9db6be7448
2020-09-25 13:20:12 +00:00

57 lines
2.1 KiB
Diff
Raw Blame History

From 84e8c808d146ef7d4a716bf951875f85fd7020c9 Mon Sep 17 00:00:00 2001
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
Date: Tue, 18 Aug 2020 19:07:37 +0000
Subject: [PATCH] Use a snap-specific abstract socket address
* open-iscsi is included into Ubuntu cloud images and, as a result,
sockets with names hard-coded in the source get created and owned by
systemd at the host level;
* iscsid checks for the LISTEN_FDS environment variable to determine
whether systemd passes the necessary socket file descriptors to it -
this does not happen since iscsid.socket service name differs from the
actual service name: snap.microstack.iscsid.service;
* snapd's support for the systemd socket activation feature is present
but abstract socket names are restricted to be prefixed with
snap.<snap-name>.<your-socket-name> - this means that open-scsi needs to
be patched since the abstract domain socket name isn't configurable and
is hard-coded at the compile time.
This patch alters the hard-coded abstract socket names in order to use
systemd socket activation via the means supported by snapd and to avoid
conflicts with an iscsid instance that might be used at the host where
this snap is installed.
---
usr/mgmt_ipc.h | 2 +-
usr/uip_mgmt_ipc.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/usr/mgmt_ipc.h b/usr/mgmt_ipc.h
index 55972ed..aa66419 100644
--- a/usr/mgmt_ipc.h
+++ b/usr/mgmt_ipc.h
@@ -23,7 +23,7 @@
#include "iscsi_if.h"
#include "config.h"
-#define ISCSIADM_NAMESPACE "ISCSIADM_ABSTRACT_NAMESPACE"
+#define ISCSIADM_NAMESPACE "snap.microstack.ISCSIADM_ABSTRACT_NAMESPACE"
#define PEERUSER_MAX 64
typedef enum iscsiadm_cmd {
diff --git a/usr/uip_mgmt_ipc.h b/usr/uip_mgmt_ipc.h
index 916113d..484e9f5 100644
--- a/usr/uip_mgmt_ipc.h
+++ b/usr/uip_mgmt_ipc.h
@@ -24,7 +24,7 @@
#include "initiator.h"
#include "transport.h"
-#define ISCSID_UIP_NAMESPACE "ISCSID_UIP_ABSTRACT_NAMESPACE"
+#define ISCSID_UIP_NAMESPACE "snap.microstack.ISCSID_UIP_ABSTRACT_NAMESPACE"
typedef enum iscsid_uip_cmd {
ISCSID_UIP_IPC_UNKNOWN = 0,
--
2.17.1
View Git Blame Copy Permalink