openstack
/
kolla-ansible
Code Issues Proposed changes

Change /run bind mount for neutron/openvswitch 

Currently we have a very wide /run mount for all Neutron/OVS services,
which allows sudo/rootwrap to contact with the hosts dbus - all symptoms
are documented in the related bug.

Since we use tcp connections to OVS from Neutron agents - removing
bind mounts.

Closes-Bug: #1861792

Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
(cherry picked from commit 227008cf68)
This commit is contained in:
Michal Nasiadka 2020-02-12 13:39:33 +01:00
parent fe7f8ce320
commit 4d856317e3
4 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/roles/neutron/defaults/main.yml
View File

@ -37,7 +37,6 @@ neutron_services:
- "{{ node_config_directory }}/neutron-openvswitch-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_openvswitch_agent_dimensions }}"
neutron-openvswitch-agent-xenapi:
@ -53,7 +52,6 @@ neutron_services:
- "{{ node_config_directory }}/neutron-openvswitch-agent-xenapi/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_openvswitch_agent_xenapi_dimensions }}"
neutron-linuxbridge-agent:
@ -77,7 +75,6 @@ neutron_services:
- "{{ node_config_directory }}/neutron-linuxbridge-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_linuxbridge_agent_dimensions }}"
neutron-dhcp-agent:
@ -90,7 +87,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run/:/run/:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_dhcp_agent_dimensions }}"
@ -108,7 +104,6 @@ neutron_services:
- "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_l3_agent_dimensions }}"
@ -122,7 +117,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-lbaas-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_lbaas_agent_dimensions }}"
neutron-sriov-agent:
@ -134,7 +128,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_sriov_agent_dimensions }}"
neutron-metadata-agent:
@ -150,7 +143,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run/:/run/:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_metadata_agent_dimensions }}"
@ -164,7 +156,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-bgp-dragent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_bgp_dragent_dimensions }}"
neutron-infoblox-ipam-agent:
@ -177,7 +168,6 @@ neutron_services:
volumes:
- "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_infoblox_ipam_agent_dimensions }}"
ironic-neutron-agent:
@ -264,7 +254,6 @@ neutron_infoblox_ipam_agent_dimensions: "{{ default_container_dimensions }}"
neutron_openvswitch_agent_xenapi_dimensions: "{{ default_container_dimensions }}"
ironic_neutron_agent_dimensions: "{{ default_container_dimensions }}"
####################
# OpenStack
####################

4
ansible/roles/openvswitch/defaults/main.yml
View File

@ -19,7 +19,7 @@ openvswitch_services:
- "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "/run/openvswitch:/run/openvswitch:shared"
- "kolla_logs:/var/log/kolla/"
- "openvswitch_db:/var/lib/openvswitch/"
dimensions: "{{ openvswitch_db_dimensions }}"
@ -41,7 +41,7 @@ openvswitch_services:
- "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "/run/openvswitch:/run/openvswitch:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ openvswitch_vswitchd_dimensions }}"

4
ansible/roles/ovs-dpdk/defaults/main.yml
View File

@ -19,7 +19,7 @@ ovsdpdk_services:
volumes:
- "{{ node_config_directory }}/ovsdpdk-db/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "/run/openvswitch:/run/openvswitch:shared"
- "kolla_logs:/var/log/kolla/"
- "ovsdpdk_db:/var/lib/openvswitch/"
dimensions: "{{ ovsdpdk_db_dimensions }}"
@ -40,7 +40,7 @@ ovsdpdk_services:
- "{{ node_config_directory }}/ovsdpdk-vswitchd/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "/run/openvswitch:/run/openvswitch:shared"
- "/dev:/dev:shared"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ ovsdpdk_vswitchd_dimensions }}"

5
releasenotes/notes/bug-1861792-a44a31693b0c786f.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Remove /run bind mounts in Neutron services causing dbus host-level
errors `LP# 1861792 <https://launchpad.net/bugs/1861792>`.