1358197 – docker's per-mount propagation mode wasn't turn on after upgrade

Bug 1358197 - docker's per-mount propagation mode wasn't turn on after upgrade

Summary: docker's per-mount propagation mode wasn't turn on after upgrade

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cluster Version Operator
Sub Component:
Version:	3.2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Scott Dodson
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-20 09:37 UTC by Anping Li
Modified:	2016-09-12 17:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:	openshift-ansible-3.2.28-1.git.0.5a85fc5.el7
Doc Type:	Bug Fix
Doc Text:	Future versions of docker will require containerized installations of OpenShift to mount /var/lib/origin with the 'rslave' flag. New installations of OCP 3.2 have this value set however upgrades from 3.1 did not properly set this value. Now this flag is set during upgrades ensuring that OCP works properly under future versions of docker.
Clone Of:
Environment:
Last Closed:	2016-09-12 17:35:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Upgrade logs (751.82 KB, text/plain) 2016-08-30 05:25 UTC, Anping Li	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:1853	0	normal	SHIPPED_LIVE	Important: Red Hat OpenShift Enterprise 3.2 security update and bug fix update	2016-09-12 21:33:16 UTC

Description Anping Li 2016-07-20 09:37:10 UTC

Description of problem:
The rslave wasn't added to atomic-openshift-node system configuration during openshift upgrade.

Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.2.13

How reproducible:
always

Steps to Reproduce:
1. install ose:v3.2.0.14 with docker-1.9.1
2. check the node pramartes
   ps -ef|grep atomic-openshift-node
3. upgrade to openshift to 3.2.1.7 and upgrade docker to 1.10.3
4. check the node parameters
   ps -ef|grep atomic-openshift-node
   ps -ef|grep atomic-openshift-node|grep rslave


Actual results:

2. the host looks well.
[root@host6master ~]# ps -ef|grep atomic-openshift-node
|root     19005     1  0 02:28 ?        00:00:00 /usr/bin/docker-current run --name atomic-openshift-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/atomic-openshift-node -v /:/rootfs:ro -e CONFIG_FILE=/etc/origin/node/node-config.yaml -e OPTIONS=--loglevel=2 -e HOST=/rootfs -e HOST_ETC=/host-etc -v /var/lib/origin:/var/lib/origin -v /etc/origin/node:/etc/origin/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev --volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro openshift3/node:v3.2.0.41


4. [root@host6master ~]# ps -ef|grep atomic-openshift-node
root      1623     1  0 04:13 ?        00:00:00 /usr/bin/docker-current run --name atomic-openshift-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/atomic-openshift-node -v /:/rootfs:ro -e CONFIG_FILE=/etc/origin/node/node-config.yaml -e OPTIONS=--loglevel=2 -e HOST=/rootfs -e HOST_ETC=/host-etc -v /var/lib/origin:/var/lib/origin -v /etc/origin/node:/etc/origin/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev --volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro openshift3/node:v3.2.1.7
[root@host6master ~]# ps -ef|grep atomic-openshift-node|grep rslave


Expected results:


Additional info:

Comment 1 Scott Dodson 2016-07-22 13:04:06 UTC

Hmm, I bet if you re-ran the upgrade playbook it'd add it? I think this is happening because docker may not have been upgraded prior to updating the unit files. I'm not certain though. I'll look into it.

Comment 2 Scott Dodson 2016-08-26 17:56:57 UTC

I can no longer reproduce this due to recent changes to our upgrade process. Can QE? I'll try a few more times but moving this to ON_QA

Comment 3 Anping Li 2016-08-29 04:32:49 UTC

The bug is still exist.  To reproduce that you must install OSE 3.2 using old version of openshift-ansible.

Comment 4 Anping Li 2016-08-29 07:11:34 UTC

The atomic-openshift-node wasn't reload https://bugzilla.redhat.com/show_bug.cgi?id=1371004

Comment 5 Scott Dodson 2016-08-29 15:44:41 UTC

(In reply to Anping Li from comment #3)
> The bug is still exist.  To reproduce that you must install OSE 3.2 using
> old version of openshift-ansible.

Ok, I went back to openshift-ansible-3.2.10-1 which didn't have the rslave flag, i verified that the unit didn't have that. I performed an upgrade using the latest in enterprise-3.2 branch, the rslave flag gets added, however the unit is not reloaded.

Does that mirror the behavior you're seeing? So if bug 1371004 is fixed then this bug will also be fixed, correct?

Let me know if you're not actually seeing /etc/systemd/system/atomic-openshift-node.service updated and if so, which version of the installer did you use to do the clean install and which version did you use to perform the upgrade?

Comment 6 Anping Li 2016-08-29 23:33:25 UTC

@Scott, Yes, the /etc/systemd/system/atomic-openshift-node.service updated  have been updated. it will take affect once the bug 1371004 is fixed.

Comment 7 Anping Li 2016-08-30 04:29:53 UTC

@Scott, Please ignore the comment 6, there are no rslave in /etc/systemd/system/atomic-openshift-node.service after upgraded.

[root@anli-working data]# diff pre_migrate_1472527608/host6node.example.com/etc/systemd/system/atomic-openshift-node.service post_migrate_1472527608/host6node.example.com/etc/systemd/system/atomic-openshift-node.service 
16c16
< ExecStart=/usr/bin/docker run --name atomic-openshift-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/atomic-openshift-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v /var/lib/origin:/var/lib/origin -v /etc/origin/node:/etc/origin/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS openshift3/node:${IMAGE_VERSION}
---
> ExecStart=/usr/bin/docker run --name atomic-openshift-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/atomic-openshift-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v /var/lib/origin:/var/lib/origin -v /etc/origin/node:/etc/origin/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS openshift3/node:${IMAGE_VERSION}

Comment 8 Anping Li 2016-08-30 05:25:49 UTC

Created attachment 1195618 [details]
Upgrade logs

Before upgrade, docker version is 1.9.1

Comment 9 Scott Dodson 2016-08-30 21:55:15 UTC

https://github.com/openshift/openshift-ansible/pull/2387 proposed PR, needs quick review though, will merge tomorrow.

Comment 11 Anping Li 2016-09-01 02:16:40 UTC

The bug wasn't fixed in atomic-openshift-utils-3.2.25

Comment 12 Scott Dodson 2016-09-01 02:19:05 UTC

Sorry, this too wasn't fixed until 3.2.27. latest is openshift-ansible-3.2.28-1.git.0.5a85fc5.el7

Comment 14 errata-xmlrpc 2016-09-12 17:35:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:1853

Note You need to log in before you can comment on or make changes to this bug.