From 62ea11d84fbff86c98867b57d8d354f7f1e8a399 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 20 Sep 2019 16:10:32 +0200
Subject: [PATCH] Stop bindmounting /usr/bin

With the backport of dumb-init to rocky/queens via
I995477e1363fbf6cae2bdf1c146b841e8c84524b some HA containers
will fail because they bind mount /usr/bin in order to run
docker commands from a container. Let's just bind-mount the
docker binary (and its docker-current counterpard instead).

Change-Id: Icc4b6c0b4139ed80ae45be97a789176ca15520d5
Suggested-by: Alex Schultz <aschultz@redhat.com>
---
 docker/services/pacemaker/cinder-backup.yaml   | 3 ++-
 docker/services/pacemaker/cinder-volume.yaml   | 3 ++-
 docker/services/pacemaker/database/mysql.yaml  | 3 ++-
 docker/services/pacemaker/database/redis.yaml  | 3 ++-
 docker/services/pacemaker/haproxy.yaml         | 3 ++-
 docker/services/pacemaker/manila-share.yaml    | 3 ++-
 docker/services/pacemaker/notify-rabbitmq.yaml | 3 ++-
 docker/services/pacemaker/ovn-dbs.yaml         | 3 ++-
 docker/services/pacemaker/rabbitmq.yaml        | 3 ++-
 docker/services/pacemaker/rpc-rabbitmq.yaml    | 3 ++-
 10 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index dd303bf2b5..f31a157dc9 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -176,7 +176,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           cinder_backup_init_logs:
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index c9eddbb6f4..8e9084ae15 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -161,7 +161,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           cinder_volume_init_logs:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 91153d0fe7..8f9a0debf9 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -244,7 +244,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           mysql_restart_bundle:
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 88bc049307..41a651abe1 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -204,7 +204,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           map_merge:
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 65facc7ee8..bfefdecc1c 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -227,7 +227,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
             image: {get_param: DockerHAProxyImage}
         step_2:
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
index 52e91e2dc6..e24f9d901b 100644
--- a/docker/services/pacemaker/manila-share.yaml
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -143,7 +143,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           manila_share_init_logs:
diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml
index 4c86cf5b9e..795b6f1f77 100644
--- a/docker/services/pacemaker/notify-rabbitmq.yaml
+++ b/docker/services/pacemaker/notify-rabbitmq.yaml
@@ -193,7 +193,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           rabbitmq_restart_bundle:
diff --git a/docker/services/pacemaker/ovn-dbs.yaml b/docker/services/pacemaker/ovn-dbs.yaml
index e8e17774d0..c42ceb2e04 100644
--- a/docker/services/pacemaker/ovn-dbs.yaml
+++ b/docker/services/pacemaker/ovn-dbs.yaml
@@ -137,7 +137,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           ovn_dbs_restart_bundle:
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index 1318e85317..18041045f0 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -192,7 +192,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           rabbitmq_restart_bundle:
diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml
index 3bb5fdefd1..a4909fa12b 100644
--- a/docker/services/pacemaker/rpc-rabbitmq.yaml
+++ b/docker/services/pacemaker/rpc-rabbitmq.yaml
@@ -193,7 +193,8 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /dev/shm:/dev/shm:rw
               - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
-              - /usr/bin:/usr/bin:ro
+              - /usr/bin/docker:/usr/bin/docker:ro
+              - /usr/bin/docker-current:/usr/bin/docker-current:ro
               - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           rabbitmq_restart_bundle: