Set PrivateDevices=false for MemcacheD

This patch sets the `memcached_disable_privatedevices` variable in the
memcached_server role. If memcached is deployed with a container, the
PrivateDevices configuration will be disabled in the systemd unit file.

Change-Id: Idc153c45f5da2ee44b49dbd5ef4577f749550556
Related-Bug: 1697531
(cherry picked from commit 14ae2dd534)
This commit is contained in:
Jesse Pretorius 2017-06-15 14:50:44 +01:00
parent 8cde3cada2
commit c66391662c
3 changed files with 19 additions and 1 deletions

View File

@ -37,7 +37,7 @@
- name: memcached_server
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
version: ddd1dc402b7c825265a9e59483272f2dfcd65a93
version: 5363432f58334823f7e6c6c88617bb908ca48359
- name: openstack-ansible-security
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-security

View File

@ -17,3 +17,7 @@ memcached_listen: "{{ ansible_host }}"
# Ensure that the package state matches the global setting
memcached_package_state: "{{ package_state }}"
# Disable PrivateDevices for MemcacheD on CentOS 7
# See https://bugs.launchpad.net/openstack-ansible/+bug/1697531 for details.
memcached_disable_privatedevices: "{{ ((properties.is_metal | default(false)) | bool) | ternary('false', 'true') }}"

View File

@ -0,0 +1,14 @@
---
issues:
- |
OpenStack-Ansible sets a new variable, `memcached_disable_privatedevices`,
that controls whether the `PrivateDevices` configuration in MemcacheD's
systemd unit file is enabled.
If the `memcached_server` role is deployed on a bare metal host, the
default is maintained (`PrivateDevices=true`). If the role is deployed
within a container, the `PrivateDevices` configuration is set to `true`
to work around a systemd bug with a bind mounted `/dev/ptmx`.
See `Launchpad Bug 1697531 <https://bugs.launchpad.net/openstack-ansible/+bug/1697531>`_
for more details.