From fe87c23ce3450ff8519e9c7d62cb879903519069 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Sat, 15 Dec 2018 13:41:31 -0500 Subject: Attempting to fix NFS issues Issues still persist where sometimes instances fail to start due to a failure with os.utime to read the file path. This could be some bad race condition between qemu/nova while copying images on the NFS. This patch adds more ports to open in firewall, and changes initial directory owner to nfsnobody. Also, includes a patch to fix an apparent race condition when nova sends a remote call to the privsep helper daemon to modify the time of the base file owned by qemu: https://review.openstack.org/#/c/625741/ Includes another fix for patching container images where the docker image was not being detected correctly because the full gerrit project name including 'openstack/' prefix was being used to search tripleo docker images. Additionally, there were more bugs around patching openstack python containers where the patch was not being applied correctly. JIRA: APEX-654 Change-Id: I1d011035486298d5906038922e69d478c383c3f7 Signed-off-by: Tim Rozet (cherry picked from commit e1d286e89e04577bda2569a5909dfe8182d953ba) --- build/csit-environment.yaml | 26 +++++++++++++++++++------- build/csit-queens-environment.yaml | 26 +++++++++++++++++++------- 2 files changed, 38 insertions(+), 14 deletions(-) (limited to 'build') diff --git a/build/csit-environment.yaml b/build/csit-environment.yaml index 58676dc6..36e2ddb5 100644 --- a/build/csit-environment.yaml +++ b/build/csit-environment.yaml @@ -15,16 +15,28 @@ parameter_defaults: tripleo::ringbuilder::build_ring: false nova::api::default_floating_pool: 'external' ControllerExtraConfig: - tripleo::firewall:firewall_rules: - '139 allow NFS': - dport: 2049 + tripleo::firewall::firewall_rules: + '139 allow NFS TCP': + dport: + - 2049 + - 111 + - 32765 + proto: tcp + action: accept + '140 allow NFS UDP': + dport: + - 2049 + - 111 + - 32765 + proto: udp + action: accept GlanceNfsEnabled: true - GlanceNfsShare: overcloud-controller-0.opnfvlf.org:/glance + GlanceNfsShare: overcloud-controller-0.ctlplane.opnfvlf.org:/glance GlanceNfsOptions: - 'rw,sync,nosharecache,context=system_u:object_r:glance_var_lib_t:s0' + 'rw,sync,context=system_u:object_r:glance_var_lib_t:s0' NovaNfsEnabled: true - NovaNfsShare: overcloud-controller-0.opnfvlf.org:/nova - NovaNfsOptions: 'rw,sync,nosharecache,context=system_u:object_r:nfs_t:s0' + NovaNfsShare: overcloud-controller-0.ctlplane.opnfvlf.org:/nova + NovaNfsOptions: 'rw,sync,context=system_u:object_r:nfs_t:s0' DockerPuppetProcessCount: 10 NeutronNetworkVLANRanges: 'datacentre:500:525' SshServerOptions: diff --git a/build/csit-queens-environment.yaml b/build/csit-queens-environment.yaml index 2252bb02..82a8c88c 100644 --- a/build/csit-queens-environment.yaml +++ b/build/csit-queens-environment.yaml @@ -15,16 +15,28 @@ parameter_defaults: tripleo::ringbuilder::build_ring: false nova::api::default_floating_pool: 'external' ControllerExtraConfig: - tripleo::firewall:firewall_rules: - '139 allow NFS': - dport: 2049 + tripleo::firewall::firewall_rules: + '139 allow NFS TCP': + dport: + - 2049 + - 111 + - 32765 + proto: tcp + action: accept + '140 allow NFS UDP': + dport: + - 2049 + - 111 + - 32765 + proto: udp + action: accept GlanceNfsEnabled: true - GlanceNfsShare: overcloud-controller-0.opnfvlf.org:/glance + GlanceNfsShare: overcloud-controller-0.ctlplane.opnfvlf.org:/glance GlanceNfsOptions: - 'rw,sync,nosharecache,context=system_u:object_r:glance_var_lib_t:s0' + 'rw,sync,context=system_u:object_r:glance_var_lib_t:s0' NovaNfsEnabled: true - NovaNfsShare: overcloud-controller-0.opnfvlf.org:/nova - NovaNfsOptions: 'rw,sync,nosharecache,context=system_u:object_r:nfs_t:s0' + NovaNfsShare: overcloud-controller-0.ctlplane.opnfvlf.org:/nova + NovaNfsOptions: 'rw,sync,context=system_u:object_r:nfs_t:s0' DockerPuppetProcessCount: 10 NeutronNetworkVLANRanges: 'datacentre:500:525' SshServerOptions: -- cgit 1.2.3-korg