From e1d286e89e04577bda2569a5909dfe8182d953ba Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Sat, 15 Dec 2018 13:41:31 -0500
Subject: Attempting to fix NFS issues

Issues still persist where sometimes instances fail to start due to a
failure with os.utime to read the file path. This could be some bad race
condition between qemu/nova while copying images on the NFS. This patch
adds more ports to open in firewall, and changes initial directory owner
to nfsnobody.

Also, includes a patch to fix an apparent race condition when nova sends
a remote call to the privsep helper daemon to modify the time of the
base file owned by qemu:
https://review.openstack.org/#/c/625741/

Includes another fix for patching container images where the docker
image was not being detected correctly because the full gerrit project
name including 'openstack/' prefix was being used to search tripleo
docker images. Additionally, there were more bugs around patching
openstack python containers where the patch was not being applied
correctly.

JIRA: APEX-654

Change-Id: I1d011035486298d5906038922e69d478c383c3f7
Signed-off-by: Tim Rozet <trozet@redhat.com>
---
 build/csit-environment.yaml        | 22 +++++++++++++++++-----
 build/csit-queens-environment.yaml | 22 +++++++++++++++++-----
 build/csit-rocky-environment.yaml  | 22 +++++++++++++++++-----
 3 files changed, 51 insertions(+), 15 deletions(-)

(limited to 'build')

diff --git a/build/csit-environment.yaml b/build/csit-environment.yaml
index 58676dc6..39486d32 100644
--- a/build/csit-environment.yaml
+++ b/build/csit-environment.yaml
@@ -15,16 +15,28 @@ parameter_defaults:
     tripleo::ringbuilder::build_ring: false
     nova::api::default_floating_pool: 'external'
   ControllerExtraConfig:
-    tripleo::firewall:firewall_rules:
-      '139 allow NFS':
-        dport: 2049
+    tripleo::firewall::firewall_rules:
+      '139 allow NFS TCP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: tcp
+        action: accept
+      '140 allow NFS UDP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: udp
+        action: accept
   GlanceNfsEnabled: true
   GlanceNfsShare: overcloud-controller-0.opnfvlf.org:/glance
   GlanceNfsOptions:
-    'rw,sync,nosharecache,context=system_u:object_r:glance_var_lib_t:s0'
+    'rw,sync,context=system_u:object_r:glance_var_lib_t:s0'
   NovaNfsEnabled: true
   NovaNfsShare: overcloud-controller-0.opnfvlf.org:/nova
-  NovaNfsOptions: 'rw,sync,nosharecache,context=system_u:object_r:nfs_t:s0'
+  NovaNfsOptions: 'rw,sync,context=system_u:object_r:nfs_t:s0'
   DockerPuppetProcessCount: 10
   NeutronNetworkVLANRanges: 'datacentre:500:525'
   SshServerOptions:
diff --git a/build/csit-queens-environment.yaml b/build/csit-queens-environment.yaml
index 2252bb02..12c994d1 100644
--- a/build/csit-queens-environment.yaml
+++ b/build/csit-queens-environment.yaml
@@ -15,16 +15,28 @@ parameter_defaults:
     tripleo::ringbuilder::build_ring: false
     nova::api::default_floating_pool: 'external'
   ControllerExtraConfig:
-    tripleo::firewall:firewall_rules:
-      '139 allow NFS':
-        dport: 2049
+    tripleo::firewall::firewall_rules:
+      '139 allow NFS TCP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: tcp
+        action: accept
+      '140 allow NFS UDP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: udp
+        action: accept
   GlanceNfsEnabled: true
   GlanceNfsShare: overcloud-controller-0.opnfvlf.org:/glance
   GlanceNfsOptions:
-    'rw,sync,nosharecache,context=system_u:object_r:glance_var_lib_t:s0'
+    'rw,sync,context=system_u:object_r:glance_var_lib_t:s0'
   NovaNfsEnabled: true
   NovaNfsShare: overcloud-controller-0.opnfvlf.org:/nova
-  NovaNfsOptions: 'rw,sync,nosharecache,context=system_u:object_r:nfs_t:s0'
+  NovaNfsOptions: 'rw,sync,context=system_u:object_r:nfs_t:s0'
   DockerPuppetProcessCount: 10
   NeutronNetworkVLANRanges: 'datacentre:500:525'
   SshServerOptions:
diff --git a/build/csit-rocky-environment.yaml b/build/csit-rocky-environment.yaml
index 58676dc6..39486d32 100644
--- a/build/csit-rocky-environment.yaml
+++ b/build/csit-rocky-environment.yaml
@@ -15,16 +15,28 @@ parameter_defaults:
     tripleo::ringbuilder::build_ring: false
     nova::api::default_floating_pool: 'external'
   ControllerExtraConfig:
-    tripleo::firewall:firewall_rules:
-      '139 allow NFS':
-        dport: 2049
+    tripleo::firewall::firewall_rules:
+      '139 allow NFS TCP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: tcp
+        action: accept
+      '140 allow NFS UDP':
+        dport:
+          - 2049
+          - 111
+          - 32765
+        proto: udp
+        action: accept
   GlanceNfsEnabled: true
   GlanceNfsShare: overcloud-controller-0.opnfvlf.org:/glance
   GlanceNfsOptions:
-    'rw,sync,nosharecache,context=system_u:object_r:glance_var_lib_t:s0'
+    'rw,sync,context=system_u:object_r:glance_var_lib_t:s0'
   NovaNfsEnabled: true
   NovaNfsShare: overcloud-controller-0.opnfvlf.org:/nova
-  NovaNfsOptions: 'rw,sync,nosharecache,context=system_u:object_r:nfs_t:s0'
+  NovaNfsOptions: 'rw,sync,context=system_u:object_r:nfs_t:s0'
   DockerPuppetProcessCount: 10
   NeutronNetworkVLANRanges: 'datacentre:500:525'
   SshServerOptions:
-- 
cgit 1.2.3-korg