nova_virtlogd container fails with permission denied
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Michele Baldessari |
Bug Description
On a rhel8 os + rhel8 containers we seem to be getting the following error from kolla in nova_virtlogd:
[stack@win1 ~]$ sudo podman logs nova_virtlogd
+sudo -E kolla_set_configs OSError: [Errno 30] Read-only file system
The reason is the following nova_virtlogd bind mount:
... - /etc/libvirt/
Seems kolla config has a some empty folders that are then copied to a :ro fs and we fail: ()[root@win1 /]$ find var/lib/
var/lib/
var/lib/
var/lib/
var/lib/
var/lib/
var/lib/
It seems the empty folders are copied in because in https:/
Note that we cannot just move the mount to read-only because selinux denies writing to etc inside the container
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Michele Baldessari (michele) |
milestone: | none → stein-3 |
I think any file resources for puppet what rely on before => Service['libvirt'], should be nooped via a custom tag added and filtered by tht. Instead, we should manage such files via host prep tasks in tht directly. That would help to no more violate containers writing to /etc and "heal" the leaked abstraction as well, that is when containers attempt to do anything related to the disabled services management and packages installation. We don't do these in containers, neither shall we for the orphaned dependencies for those.