Bug 1563774

Summary: Creating a whole disk secure hardened image for use with overcloud deployment failed. subprocess.CalledProcessError: Command 'sudo umount /tmp/dib_build.a0Ce67N4/mnt/tmp' returned non-zero exit status 32
Product: Red Hat OpenStack Reporter: mlammon
Component: openstack-tripleo-image-elementsAssignee: Alex Schultz <aschultz>
Status: CLOSED ERRATA QA Contact: Shai Revivo <srevivo>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: aschultz, bfournie, mburns, rhel-osp-director-maint
Target Milestone: betaKeywords: Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-image-elements-8.0.0-3.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 13:50:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1477921    

Description mlammon 2018-04-04 16:35:44 UTC
Description of problem:
Creating a whole disk secure hardened image for use with overcloud deployment failed.
"subprocess.CalledProcessError: Command 'sudo umount /tmp/dib_build.a0Ce67N4/mnt/tmp' returned non-zero exit status 32"

environment:
diskimage-builder-2.12.2-0.20180326010239.ffc0687.el7ost.noarch
dib-utils-0.0.11-1.el7ost.noarch
dibbler-client-1.0.1-0.RC1.3.el7ost.x86_64
rhosp-director-images-13.0-20180328.1.el7ost.noarch
python-tripleoclient-9.2.0-2.el7ost.noarch
 
Steps to Reproduce:
1. Deploy openstack undercloud
2. Install director to /home/stack/images directory
3. Download rhel 7.5 qcow image (rhel-guest-image-7.5-146.x86_64.qcow2)
3. Prepare whole disk secure hardened image

The following were the commands used to create the disk image.
export DIB_LOCAL_IMAGE=/home/stack/rhel-guest-image-7.5-146.x86_64.qcow2
export DIB_YUM_REPO_CONF="/etc/yum.repos.d/rhos-release-13.repo /etc/yum.repos.d/rhos-release-rhel-7.5.repo"
openstack overcloud image build --image-name overcloud-hardened-full --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images.yaml --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-rhel7.yaml --verbose


2018-04-04 14:54:03.065 | INFO diskimage_builder.block_device.utils [-] Calling [sudo fstrim --verbose /tmp/dib_build.a0Ce67N4/mnt/var/log/audit]
2018-04-04 14:54:03.078 | INFO diskimage_builder.block_device.utils [-] Calling [sudo umount /tmp/dib_build.a0Ce67N4/mnt/var/log/audit]
2018-04-04 14:54:03.095 | INFO diskimage_builder.block_device.level3.mount [-] Called for [mount_fs_log]
2018-04-04 14:54:03.095 | INFO diskimage_builder.block_device.utils [-] Calling [sudo sync]
2018-04-04 14:54:03.108 | INFO diskimage_builder.block_device.utils [-] Calling [sudo fstrim --verbose /tmp/dib_build.a0Ce67N4/mnt/var/log]
2018-04-04 14:54:03.120 | INFO diskimage_builder.block_device.utils [-] Calling [sudo umount /tmp/dib_build.a0Ce67N4/mnt/var/log]
2018-04-04 14:54:03.137 | INFO diskimage_builder.block_device.level3.mount [-] Called for [mount_fs_var]
2018-04-04 14:54:03.137 | INFO diskimage_builder.block_device.utils [-] Calling [sudo sync]
2018-04-04 14:54:03.150 | INFO diskimage_builder.block_device.utils [-] Calling [sudo fstrim --verbose /tmp/dib_build.a0Ce67N4/mnt/var]
2018-04-04 14:54:03.162 | INFO diskimage_builder.block_device.utils [-] Calling [sudo umount /tmp/dib_build.a0Ce67N4/mnt/var]
2018-04-04 14:54:03.217 | INFO diskimage_builder.block_device.level3.mount [-] Called for [mount_fs_tmp]
2018-04-04 14:54:03.218 | INFO diskimage_builder.block_device.utils [-] Calling [sudo sync]
2018-04-04 14:54:03.231 | INFO diskimage_builder.block_device.utils [-] Calling [sudo fstrim --verbose /tmp/dib_build.a0Ce67N4/mnt/tmp]
2018-04-04 14:54:03.243 | INFO diskimage_builder.block_device.utils [-] Calling [sudo umount /tmp/dib_build.a0Ce67N4/mnt/tmp]
2018-04-04 14:54:03.255 | Traceback (most recent call last):
2018-04-04 14:54:03.255 |   File "/usr/bin/dib-block-device", line 10, in <module>
2018-04-04 14:54:03.255 |     sys.exit(main())
2018-04-04 14:54:03.255 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/cmd.py", line 120, in main
2018-04-04 14:54:03.256 |     return bdc.main()
2018-04-04 14:54:03.256 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/cmd.py", line 115, in main
2018-04-04 14:54:03.256 |     self.args.func()
2018-04-04 14:54:03.256 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/cmd.py", line 39, in cmd_umount
2018-04-04 14:54:03.256 |     self.bd.cmd_umount()
2018-04-04 14:54:03.256 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/blockdevice.py", line 441, in cmd_umount
2018-04-04 14:54:03.256 |     node.umount()
2018-04-04 14:54:03.256 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/level3/mount.py", line 112, in umount
2018-04-04 14:54:03.256 |     exec_sudo(["umount", self.state['mount'][self.mount_point]['path']])
2018-04-04 14:54:03.256 |   File "/usr/lib/python2.7/site-packages/diskimage_builder/block_device/utils.py", line 125, in exec_sudo
2018-04-04 14:54:03.256 |     ' '.join(sudo_cmd))
2018-04-04 14:54:03.256 | subprocess.CalledProcessError: Command 'sudo umount /tmp/dib_build.a0Ce67N4/mnt/tmp' returned non-zero exit status 32

Comment 9 mlammon 2018-04-17 20:24:49 UTC
This bug has been verified today.   It build image successfully.

Env:
rhosp-director-images-ipa-13.0-20180412.1.el7ost.noarch
python-tripleoclient-9.2.0-3.el7ost.noarch
dib-utils-0.0.11-1.el7ost.noarch
rhosp-director-images-13.0-20180412.1.el7ost.noarch
diskimage-builder-2.12.2-0.20180408230325.f3d58d9.el7ost.noarch

(undercloud) [stack@undercloud-0 ~]$ tail -10 overcloud-hardened-full.log
2018-04-17 16:06:01.169 | INFO diskimage_builder.block_device.utils [-] Calling [sudo lvchange -an /dev/vg/lv_log]
2018-04-17 16:06:01.207 | INFO diskimage_builder.block_device.utils [-] Calling [sudo lvchange -an /dev/vg/lv_audit]
2018-04-17 16:06:01.247 | INFO diskimage_builder.block_device.utils [-] Calling [sudo lvchange -an /dev/vg/lv_home]
2018-04-17 16:06:01.283 | INFO diskimage_builder.block_device.utils [-] Calling [sudo vgchange -an vg]
2018-04-17 16:06:01.306 | INFO diskimage_builder.block_device.utils [-] Calling [sudo udevadm settle]
2018-04-17 16:06:01.324 | INFO diskimage_builder.block_device.utils [-] Calling [sudo kpartx -d /dev/loop0]
2018-04-17 16:06:01.351 | INFO diskimage_builder.block_device.utils [-] Calling [sudo pvscan --cache]
2018-04-17 16:06:01.374 | INFO diskimage_builder.block_device.blockdevice [-] Removing temporary state dir [/tmp/dib_build.UzIDdt3r/states/block-device]
2018-04-17 16:06:01.505 | Converting image using qemu-img convert
2018-04-17 16:08:14.524 | Image file ./overcloud-hardened-full.qcow2 created...

Here we see now "block-device-deps"

[root@undercloud-0 ~]# cat /usr/share/tripleo-image-elements/overcloud-secure/element-deps
block-device-mbr
package-installs

Comment 11 errata-xmlrpc 2018-06-27 13:50:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086