kolla-ansible

Baremetal role not idempotent due an error 'Unable to remove "libvirtd"'

Bug #1960302 reported by Maksim Malchuk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Undecided
Maksim Malchuk

Bug Description

The second run of the Baremetal role on the Ubuntu host failed with an error:

fatal: [seed0]: FAILED! => {
    "changed": true,
    "cmd": [
        "apparmor_parser",
        "-v",
        "-R",
        "/etc/apparmor.d/usr.sbin.libvirtd"
    ],
    "delta": "0:00:00.081768",
    "end": "2022-02-08 13:29:34.846945",
    "invocation": {
        "module_args": {
            "_raw_params": "apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd",
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": false
        }
    },
    "msg": "non-zero return code",
    "rc": 254,
    "start": "2022-02-08 13:29:34.765177",
    "stderr": "apparmor_parser: Unable to remove \"libvirtd\". Profile doesn't exist",
    "stderr_lines": [
        "apparmor_parser: Unable to remove \"libvirtd\". Profile doesn't exist"
    ],
    "stdout": "",
    "stdout_lines": []
}

this is because the 'apparmor_parser -R' command removes the profile from the memory only.
We need to create the '/etc/apparmor.d/disable' links ourselves to make the role idempotent and avoid the load an active profile again after the reboot of the host.

Maksim Malchuk (mmalchuk)
Changed in kolla-ansible:
assignee: nobody → Maksim Malchuk (mmalchuk)
OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824550
Committed: https://opendev.org/openstack/kolla-ansible/commit/75f55d13ad9060b7821a6e7702a347debd785ee9
Submitter: "Zuul (22348)"
Branch: master

commit 75f55d13ad9060b7821a6e7702a347debd785ee9
Author: Maksim Malchuk <email address hidden>
Date: Thu Jan 13 14:28:13 2022 +0300

    Fix Apparmor libvirt profile removal

    The apparmor_parser actually doesn't remove the file or doesn't create
    the symlink in '/etc/apparmor.d/disable' itself so the next run of the
    baremetal role will fail with the error "Unable to remove "libvirtd".
    Even more after reboot, the profile is still active. We need to
    disable the profile completly ourselves. This change fixes the
    idempotents of the baremetal role.

    Closes-Bug: #1960302
    Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
    Signed-off-by: Maksim Malchuk <email address hidden>

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/828692

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/828830

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/828831

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/828692
Committed: https://opendev.org/openstack/kolla-ansible/commit/ae8900855a8081c57640c0f617d8a6307fdb4c7b
Submitter: "Zuul (22348)"
Branch: stable/xena

commit ae8900855a8081c57640c0f617d8a6307fdb4c7b
Author: Maksim Malchuk <email address hidden>
Date: Thu Jan 13 14:28:13 2022 +0300

    Fix Apparmor libvirt profile removal

    The apparmor_parser actually doesn't remove the file or doesn't create
    the symlink in '/etc/apparmor.d/disable' itself so the next run of the
    baremetal role will fail with the error "Unable to remove "libvirtd".
    Even more after reboot, the profile is still active. We need to
    disable the profile completly ourselves. This change fixes the
    idempotents of the baremetal role.

    Closes-Bug: #1960302
    Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
    Signed-off-by: Maksim Malchuk <email address hidden>
    (cherry picked from commit 75f55d13ad9060b7821a6e7702a347debd785ee9)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/828830
Committed: https://opendev.org/openstack/kolla-ansible/commit/9b3b2fdab7d2dff83e010b813a9c1c640d264226
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 9b3b2fdab7d2dff83e010b813a9c1c640d264226
Author: Maksim Malchuk <email address hidden>
Date: Thu Jan 13 14:28:13 2022 +0300

    Fix Apparmor libvirt profile removal

    The apparmor_parser actually doesn't remove the file or doesn't create
    the symlink in '/etc/apparmor.d/disable' itself so the next run of the
    baremetal role will fail with the error "Unable to remove "libvirtd".
    Even more after reboot, the profile is still active. We need to
    disable the profile completly ourselves. This change fixes the
    idempotents of the baremetal role.

    Closes-Bug: #1960302
    Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
    Signed-off-by: Maksim Malchuk <email address hidden>
    (cherry picked from commit 75f55d13ad9060b7821a6e7702a347debd785ee9)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/828831
Committed: https://opendev.org/openstack/kolla-ansible/commit/c37bf3e0687b86e4c3c6841cc9c38549fb9b5d1c
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit c37bf3e0687b86e4c3c6841cc9c38549fb9b5d1c
Author: Maksim Malchuk <email address hidden>
Date: Thu Jan 13 14:28:13 2022 +0300

    Fix Apparmor libvirt profile removal

    The apparmor_parser actually doesn't remove the file or doesn't create
    the symlink in '/etc/apparmor.d/disable' itself so the next run of the
    baremetal role will fail with the error "Unable to remove "libvirtd".
    Even more after reboot, the profile is still active. We need to
    disable the profile completly ourselves. This change fixes the
    idempotents of the baremetal role.

    Closes-Bug: #1960302
    Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
    Signed-off-by: Maksim Malchuk <email address hidden>
    (cherry picked from commit 75f55d13ad9060b7821a6e7702a347debd785ee9)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 14.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 14.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 11.4.0

This issue was fixed in the openstack/kolla-ansible 11.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 12.4.0

This issue was fixed in the openstack/kolla-ansible 12.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 13.1.0

This issue was fixed in the openstack/kolla-ansible 13.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.