OpenStack-Ansible

Conditionally set UID/GID for Nova user

Bug #1544889 reported by Andreas Krüger
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Wishlist
Major Hayden

Bug Description

If a person is planning to use the KVM hypervisor and make us of Live Migration then they must share the /var/lib/nova/instances directory between compute nodes. This should make us of a cluster aware filesystem like NFS or GlusterFS. Typically people are using NFS for this.

But when using NFS for sharing the folder between compute node, you must make sure that the GID and UID of the Nova user is equally on the controller node and compute nodes. Also, the libvirt-qemu UID and GID must be the same on all compute nodes.

Proposed solution is to add a feature allowing to conditionally set the UID and GID of the nova user, and if set, then enforce the UID on the task creating the nova user at https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_nova/tasks/nova_pre_install.yml#L37-L50 and also enforcing the gid when adding the system group at https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_nova/tasks/nova_pre_install.yml#L16-L22

Proposed solution for setting the UID and GID for libvirt-qemu is missing. Manually it sould be:

Usefull source article: https://www.mirantis.com/blog/tutorial-openstack-live-migration-with-kvm-hypervisor-and-nfs-shared-storage/

Revision history for this message
Andreas Krüger (aldreas) wrote :

It was proposed to add a topic for Live Migration in the docs itself.

Revision history for this message
Jean-Philippe Evrard (jean-philippe-evrard) wrote :

As mentioned on the IRC channel (12 Feb 2016 9:00AM UTC), this could cause conflicts.
The development should be appropriately documented, mentioning the benefits and risks of the approach.

Another feature to add would be to automatically discover the uid/gid on the first node, and then use these values on all the appropriate nodes.

Revision history for this message
Matthew Thode (prometheanfire) wrote :

you could also just use a vfat config drive

Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

This would be great to do as it would help in many ways. It is possible to do this for all compute nodes ahead of installing (or afterwards) as a workaround for now.

Changed in openstack-ansible:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Andreas Krüger (aldreas) wrote :

How would that work with a vfat config drive?

Major Hayden (rackerhacker)
Changed in openstack-ansible:
assignee: nobody → Major Hayden (rackerhacker)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/290110

Changed in openstack-ansible:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/290122

Revision history for this message
Andreas Krüger (aldreas) wrote :

The part about settings the GUID for qemu is missing

#find / -uid 104 -exec chown libvirt-qemu {} \; # note the 104 here is the old nova uid before the change
#find / -gid 104 -exec chgrp libvirt-qemu {} \; #note the 104 here is the old nova uid before the change

Don't know how this would be implemented.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_nova (master)

Reviewed: https://review.openstack.org/290110
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_nova/commit/?id=f4821e47b1cdafbb00d1949b292a40aaa687f3f1
Submitter: Jenkins
Branch: master

commit f4821e47b1cdafbb00d1949b292a40aaa687f3f1
Author: Major Hayden <email address hidden>
Date: Tue Mar 8 14:13:41 2016 -0600

    Conditionally set UID/GID for nova user/group

    Deployers with shared storage systems must ensure that the nova
    user and group have consistent UID's and GID's respectively. This
    patch adds a configurable option for deployers to set a UID/GID
    for the nova user and group. Warnings are provided in the
    default/main.yml about the potential dangers of adjusting this
    value on a production system

    Docs and a release note will be proposed separately in the
    OpenStack-Ansible main repository for this change.

    Closes-Bug: 1544889

    Change-Id: I881555a896455ce3c897d56a143a8a25c088880b

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/290122
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=a5264723f262c19434bc842e041185647bab09ea
Submitter: Jenkins
Branch: master

commit a5264723f262c19434bc842e041185647bab09ea
Author: Major Hayden <email address hidden>
Date: Tue Mar 8 15:40:02 2016 -0600

    Docs/Reno: Conditional nova UID/GID

    Adding documentation and a release note for the conditional
    nova UID/GID work done in the IRR role in:

      https://review.openstack.org/#/c/290110/

    Closes-Bug: 1544889
    Depends-On: I881555a896455ce3c897d56a143a8a25c088880b
    Change-Id: I98a904beb99d9b0bebd35d49c275a2e2f4c59279

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 13.0.0

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.