kolla-ansible

Ceph octopus incompatible with containerised chrony

Bug #1885689 reported by Mark Goddard on 2020-06-30

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	Medium	Radosław Piliszek
Ussuri	Won't Fix	Medium	Unassigned
Victoria	Won't Fix	Medium	Radosław Piliszek	kolla-ansible 11.1.0 "victoria"
Wallaby	Fix Released	Medium	Radosław Piliszek	kolla-ansible 12.0.0 "wallaby"
Xena	Fix Released	Medium	Radosław Piliszek

Bug Description

CentOS 8 appears to have chrony enabled and started by default. The chronyd service is disabled and packages uninstalled during kolla-ansible bootstrap-servers, if enable_chrony is true.

The problem with Kolla-containerised chrony is that Ceph Octopus node health checks don’t see it and this puts the node into a warning state. Also, Ceph Orchestrator does a check for time sync during pre-flight checks, and Ceph deployment normally runs before the containerised service is deployed by kolla-ansible.

Related kayobe bug: https://storyboard.openstack.org/#!/story/2007872

Mark Goddard (mgoddard) on 2020-06-30

Changed in kolla-ansible:
importance:	Undecided → Medium

Revision history for this message

Radosław Piliszek (yoctozepto) wrote on 2020-06-30:

I'm +1 on stopping containerizing chrony - NTP service is a critical part of the base host for its many functions, usually related to synchronization and security.

Revision history for this message

Pierre Riteau (priteau) wrote on 2020-06-30:

Indeed, it feels odd to deploy a containerised chronyd when it comes enabled by default on CentOS 8. And it would be one fewer image for the Kolla project to build and maintain.

Revision history for this message

Radosław Piliszek (yoctozepto) wrote on 2020-06-30:

Honestly, I think it was usually on by default on 7 as well, not to mention Ubuntu Bionic.

Revision history for this message

Mark Goddard (mgoddard) wrote on 2020-07-01:

Agreed in kolla IRC meeting 2020/7/1:

* support configuration of an NTP client/server on the host
* add (timedatectl check?) to prechecks
* switch default of enable_chrony to false, enable host daemon by default

Revision history for this message

Mark Goddard (mgoddard) wrote on 2020-07-01:

> * support configuration of an NTP client/server on the host

Seems this was not unanimous.

Revision history for this message

Radosław Piliszek (yoctozepto) wrote on 2020-07-01:

enable_host_ntp looks brokenish too, at least stop advertising this part.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-01: Related fix proposed to kolla-ansible (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/738877

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-12: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/740585

Changed in kolla-ansible:
assignee:	nobody → Radosław Piliszek (yoctozepto)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-12:

Fix proposed to branch: master
Review: https://review.opendev.org/740586

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-04: Fix merged to kolla-ansible (master)

#10

Reviewed: https://review.opendev.org/740585
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=3018199f0b57cbab35b06ab84292519ab374fb87
Submitter: Zuul
Branch: master

commit 3018199f0b57cbab35b06ab84292519ab374fb87
Author: Radosław Piliszek <email address hidden>
Date: Sun Jul 12 10:33:24 2020 +0200

Add timesync prechecks

If not running containerised chrony, we need to check that host
has its own means of system clock synchronization.

Change-Id: I31b3e9ed625d63a4bf82c674593522268c20ec4c
Partial-Bug: #1885689

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-09-25: Change abandoned on kolla-ansible (master)

#11

Change abandoned by Radosław Piliszek (<email address hidden>) on branch: master
Review: https://review.opendev.org/738877
Reason: not needed

Mark Goddard (mgoddard) on 2021-01-13

Changed in kolla-ansible:
milestone:	11.0.0 → none

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-23: Fix included in openstack/kolla-ansible 12.0.0.0rc1

#12

This issue was fixed in the openstack/kolla-ansible 12.0.0.0rc1 release candidate.

Radosław Piliszek (yoctozepto) on 2021-05-05

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-07-26: Change abandoned on kolla-ansible (master)

#13

Change abandoned by "Doug Szumski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/764355

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.