From 50685234fb722dafcaf1daa57716b2557c2ac74d Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Tue, 19 Sep 2017 08:23:50 +0100 Subject: [PATCH] Fix ci gate failure This patch includes three unrelated fixes. Make qemu use nova user in centos Libvirt 3.2.0 (latest version in centos) seems to have changed behavior of dynamic_ownership. Pin ansible to <2.4 to make ara work in gates ARA does not work yet with ansible 2.4, this change pins to lower version to make gates work. Revert once ara works with 2.4 Disable selinux for oraclelinux and centos. Co-Authored-By: wanghongxu Co-Authored-By: Jeffrey Zhang Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820 Closes-bug: #1718541 (cherry picked from commit fa06dcd37b88822eda11346ed280c5c5b221bdb3) --- ansible/roles/baremetal/defaults/main.yml | 2 ++ ansible/roles/baremetal/tasks/post-install.yml | 9 +++++++++ ansible/roles/nova/templates/qemu.conf.j2 | 9 +++++---- tests/templates/globals-default.j2 | 1 + tools/setup_gate.sh | 2 +- 5 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index 1234a40deb..03ca8ad908 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -9,6 +9,8 @@ customize_etc_hosts: True create_kolla_user: True +disable_selinux: False + docker_storage_driver: "" debian_pkg_install: diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index 9e00696300..52217d13e9 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -77,6 +77,15 @@ enabled: yes become: True +- name: Disable selinux + selinux: + policy: target + state: permissive + become: true + when: + - disable_selinux | bool + - ansible_os_family == "RedHat" + - name: Reboot command: reboot -f become: True diff --git a/ansible/roles/nova/templates/qemu.conf.j2 b/ansible/roles/nova/templates/qemu.conf.j2 index 0f75244e4b..1127ef0a2b 100644 --- a/ansible/roles/nova/templates/qemu.conf.j2 +++ b/ansible/roles/nova/templates/qemu.conf.j2 @@ -1,12 +1,13 @@ stdio_handler = "file" -{% if kolla_base_distro == "ubuntu" %} +{% if kolla_base_distro in ['ubuntu', 'centos', 'oraclelinux']%} # TODO: this workaround need to be fixed in Pike -# Ubuntu cloud archive released libvirt-bin version 2.5.0 which runs vms as -# libvirt-qemu user. This locks access to nova created files for vms which -# have permissions 722 for nova user. We need to force qemu to use this user +# libvirt-bin latest version which runs vms as libvirt-qemu user. +# This locks access to nova created files for vms which have +# permissions 722 for nova user. We need to force qemu to use this user # to be able to access vm files. # see https://bugs.launchpad.net/kolla-ansible/+bug/1668654 +# see https://bugs.launchpad.net/kolla/+bug/1718541 user = "nova" group = "nova" {% endif %} diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2 index 3cc20580cc..d98603eb6b 100644 --- a/tests/templates/globals-default.j2 +++ b/tests/templates/globals-default.j2 @@ -1,4 +1,5 @@ --- +disable_selinux: "yes" kolla_base_distro: "{{ base }}" kolla_install_type: "{{ type }}" diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh index 917ad191b4..aa69f3c7de 100755 --- a/tools/setup_gate.sh +++ b/tools/setup_gate.sh @@ -118,7 +118,7 @@ function setup_ansible { mkdir /tmp/kolla # TODO(SamYaple): Move to virtualenv - sudo -H pip install -U "ansible>=2" "docker-py>=1.6.0" "python-openstackclient" "python-neutronclient" "ara" + sudo -H pip install -U "ansible>=2,<2.4" "docker-py>=1.6.0" "python-openstackclient" "python-neutronclient" "ara" detect_distro setup_inventory