StarlingX

Docker proxy service parameters cannot be changed without a lock unlock

Bug #1931593 reported by Jerry Sun
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Jerry Sun

Bug Description

Brief Description
-----------------
Changing OAM IP should be possible without a lock unlock. Changing OAM IP must be accompanied by a change to docker proxy config if the system is configured to use docker proxy. This means system configured with a Docker proxy cannot change the OAM IP without a lock unlock.

Severity
--------
Major

Steps to Reproduce
------------------
Configure system with docker proxy. Change OAM IP

Expected Behavior
------------------
Changes applied without any node lock unlocks

Actual Behavior
----------------
Docker login, push, and pull fails due to bad proxy setting. Changing proxy requires lock unlock

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
All configurations

Branch/Pull Time/Commit
-----------------------
2021-06-10 master branch

Workaround
----------
Lock and unlock the nodes with config out-of-date alarms to apply config changes

Note
----
The current service parameter does not allow differentiation at a "section" level. Service parameter should be enhanced to allow differentiation at a "section" level to ensure docker_proxy can be changed without a reboot while the various docker registry url settings still requires a reboot.

See original description
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/stx-puppet/+/795825

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config/+/795826

Jerry Sun (jerry-sun-u)
description: updated
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Jerry Sun (jerry-sun-u)
tags: added: stx.6.0 stx.config
Changed in starlingx:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/795825
Committed: https://opendev.org/starlingx/stx-puppet/commit/baaaf4084f53e03195cf600675abf5d259941a2c
Submitter: "Zuul (22348)"
Branch: master

commit baaaf4084f53e03195cf600675abf5d259941a2c
Author: Jerry Sun <email address hidden>
Date: Thu Jun 10 10:52:53 2021 -0400

    Add runtime class for Docker

    This change adds a runtime class for Docker. The runtime class
    restarts Docker and containerd. It is used to make changes to
    Docker proxy settings without the need for a lock unlock.

    Change-Id: Ic39abb9764d5e03e0c6a97813b170c5f2fdb0cd9
    Partial-Bug: 1931593
    Signed-off-by: Jerry Sun <email address hidden>

Ramaswamy Subramanian (rsubrama)
tags: added: stx.containers
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/795826
Committed: https://opendev.org/starlingx/config/commit/5b098edd15d44298ab33f9d095839b8dddfcf19a
Submitter: "Zuul (22348)"
Branch: master

commit 5b098edd15d44298ab33f9d095839b8dddfcf19a
Author: Jerry Sun <email address hidden>
Date: Thu Jun 10 10:56:27 2021 -0400

    Change Docker proxy service parameters without reboot

    This commit allows for changing of Docker proxy service parameters
    without needing to lock/unlock hosts.

    The commit enhances service parameters to determine the need to raise
    the reboot required flag based on the section of a service parameter
    instead of only the service.

    It also fixes an issue where the reboot required flag was incorrectly
    set on operations that are not reboot required. This issue means that
    a previous config out-of-date alarm from a reboot required service
    parameter change can be accidentally cleared by applying another
    runtime manifest.

    With the ability to differentiate based on service parameter section,
    this commit also fixes an issue with kubernetes service parameters,
    where recently kube_apiserver and kubernetes certificate service
    parameters needed a reboot because they were in the same service as
    kubernetes config, which needed a reboot. As a result, kube_apiserver
    and kubernetes certificate service parameters accidentally became
    reboot required on workers in addition to controllers. This commit
    makes them not reboot required like they were supposed to be.

    Change-Id: I109ed198e2d50e1f98d3be6ff8069738fdce7f07
    Closes-Bug: 1931593
    Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/795825
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/stx-puppet/+/799875

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/799875
Committed: https://opendev.org/starlingx/stx-puppet/commit/f27ca11956ca275ccc14c11c389896f8e02d2ddd
Submitter: "Zuul (22348)"
Branch: master

commit f27ca11956ca275ccc14c11c389896f8e02d2ddd
Author: Jerry Sun <email address hidden>
Date: Wed Jul 7 13:48:07 2021 -0400

    Add proxyconfig class for containerd

    This change adds a proxyconfig class for containerd. Containerd keeps
    its own proxy config. This proxy config needs to be changed in
    addition to the docker proxy config when we change the proxy config
    as a whole. The containerd proxyconfig class is used by the docker
    runtime class when changing the proxy config without the need for
    a node lock unlock.

    Change-Id: I7b08f04ffa7b20beffa77e02188d6df3fe7809b9
    Partial-Bug: 1931593
    Signed-off-by: Jerry Sun <email address hidden>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.