tripleo

[Wallaby] subscription-manager command doesn't work on a Controller node running cinder-volume container

Bug #1995237 reported by Yamato Tanaka
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
Critical
Yamato Tanaka
tripleo antelope-1

Bug Description

*** Wallaby only ***

Description
===========

subscription-manager command doesn't work on a Controller node running openstack-cinder-volume-podman-X container.
~~~
[root@overcloud-controller-1 ~]# podman ps |grep cinder-volume
e7c8cee2afde undercloud.ctlplane.yatanaka.example.com:8787/rhosp-rhel9/openstack-cinder-volume:pcmklatest /bin/bash /usr/lo... 26 minutes ago Up 26 minutes ago openstack-cinder-volume-podman-0

[root@overcloud-controller-1 ~]# subscription-manager list
subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.
~~~

The reason subscription-manager doesn't work is existence of /run/.containerenv .
~~~
[root@overcloud-controller-1 ~]# file /run/.containerenv
/run/.containerenv: empty
~~~

There was a similar discussion in the past, and the following change was merged in order to prevent creating /run/.containerenv if '/run' is bind-mounted into containers.
  - https://github.com/containers/podman/issues/14577
  - https://github.com/gbraad/podman/commit/3d4e9d73d25edc3287263e80ab379f7e3d10e799#diff-3c7c02f50259200df7913b0f622513cd28e3a9488796f89ad2dc7afbb9743663

However, only openstack-cinder-volume-podman-X container bind-mounts '/run/', not '/run'.
That's why /run/.containerenv is created only on a Controller node running openstack-cinder-volume-podman-X container, and subscription-manager command doesn't work.
~~~
[root@overcloud-controller-1 ~]# podman inspect openstack-cinder-volume-podman-0|less

  :

                {
                    "Type": "bind",
                    "Source": "/run",
                    "Destination": "/run/", <=====================(*)
                    "Driver": "",
                    "Mode": "",
                    "Options": [
                         "nosuid",
                         "nodev",
                         "rbind"
                    ],
                    "RW": true,
                    "Propagation": "rprivate"
               },

  :
~~~

This issue has been resolved on master branch by the following change:
  - https://github.com/openstack/tripleo-heat-templates/commit/d0ca9fe631cbdeb9e8857b4e64ad81f2260c7dae#

But it has not backported into Wallaby yet.
  - https://github.com/openstack/tripleo-heat-templates/blob/36d0e1803311d32452cebe641f66bba9f880b666/deployment/cinder/cinder-common-container-puppet.yaml#L361

Steps to reproduce
==================
Run 'subscription-manager' command on a node running cinder-volume container.

Expected result
===============
subscription-manager works on all nodes.

Actual result
=============
subscription-manager fails with the following error message.
  'subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.'

Environment
===========
Wallaby base environment (Red Hat OpenStack Platform 17.0)

Yamato Tanaka (yatanaka-1007)
Changed in tripleo:
assignee: nobody → Yamato Tanaka (yatanaka-1007)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/863024

Takashi Kajinami (kajinamit)
Changed in tripleo:
importance: Undecided → Critical
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/863024
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/3f5b8f525e607c3a17a92abe9de2c0e056f67c50
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 3f5b8f525e607c3a17a92abe9de2c0e056f67c50
Author: Bogdan Dobrelya <email address hidden>
Date: Thu Mar 3 17:32:58 2022 +0100

    Fix trailing slashes in bind-mounts and linting

    Podman is not always happy with bind-mounts ending
    with / (See I094120f7f2f6bfcfc0cc5843aa1b23629cd90a23)

    Follow up If951f9643d67574c1225301aab7c9e4b0d316b7f
    with that YAML linter couldn't catch.

    Improve linter to process all volumes in templates, including
    common/logging services templates, and neither puppet, not ansible
    ones, like deployment/deprecated/multipathd-container.yaml.

    During this backport, an additional change is made to
    deployment/neutron/neutron-ovs-agent-container-puppet.yaml
    in order to pass tools/yaml-validate.py check.
    Additionally, the change of
    deployment/etcd/etcd-container-puppet.yaml is not backported because
    there is not etcd_init_tasks in Wallaby.

    Conflicts:
            deployment/etcd/etcd-container-puppet.yaml
            deployment/unbound/unbound-container-ansible.yaml

    Closes-Bug: #1995237
    Change-Id: Ia517b34c9d633101502bd8788e7b8764e75bbe64
    Signed-off-by: Bogdan Dobrelya <email address hidden>
    (cherry picked from commit d0ca9fe631cbdeb9e8857b4e64ad81f2260c7dae)

tags: added: in-stable-wallaby
Takashi Kajinami (kajinamit)
Changed in tripleo:
milestone: none → antelope-1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.