Attempting to fix NFS issues

Issues still persist where sometimes instances fail to start due to a
failure with os.utime to read the file path. This could be some bad race
condition between qemu/nova while copying images on the NFS. This patch
adds more ports to open in firewall, and changes initial directory owner
to nfsnobody.

Also, includes a patch to fix an apparent race condition when nova sends
a remote call to the privsep helper daemon to modify the time of the
base file owned by qemu:
https://review.openstack.org/#/c/625741/

Includes another fix for patching container images where the docker
image was not being detected correctly because the full gerrit project
name including 'openstack/' prefix was being used to search tripleo
docker images. Additionally, there were more bugs around patching
openstack python containers where the patch was not being applied
correctly.

JIRA: APEX-654

Change-Id: I1d011035486298d5906038922e69d478c383c3f7
Signed-off-by: Tim Rozet <trozet@redhat.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/lib/ansible/playbooks/patch_containers.yml b/lib/ansible/playbooks/patch_containers.yml
new file mode 100644
index 00000000..bc4899ba
--- /dev/null
+++ b/lib/ansible/playbooks/patch_containers.yml
@@ -0,0 +1,13 @@
+---
+  - name: "Pull docker image to ensure it exists locally: {{ item }}"
+    shell: docker pull {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo
+  - name: "Find docker image user {{ item }}"
+    shell: >
+      docker inspect --format='{{ '{{' }}.ContainerConfig.User{{ '}}' }}'
+      {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo
+    register: user_result
+  - name: "Patch docker image {{ item }}"
+    shell: >
+      cd /home/stack/containers/{{ item }} && docker build
+      --build-arg REAL_USER={{ user_result.stdout }}
+      -t {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex .