Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1429354

Summary: [RFE] systemd-nspawn wrapper for imgbased
Product: [oVirt] ovirt-node Reporter: Ryan Barry <rbarry>
Component: RFEsAssignee: Yuval Turgeman <yturgema>
Status: CLOSED CURRENTRELEASE QA Contact: Ryan Barry <rbarry>
Severity: medium Docs Contact:
Priority: high    
Version: masterCC: bugs, cshao, dguo, huzhao, jiawu, mgoldboi, qiyuan, rbarry, sbonazzo, weiwang, yaniwang, ycui, yturgema, yzhao
Target Milestone: ovirt-4.2.0Keywords: FutureFeature
Target Release: 4.2Flags: rule-engine: ovirt-4.2+
mgoldboi: planning_ack+
sbonazzo: devel_ack+
rule-engine: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-20 11:20:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Barry 2017-03-06 08:13:26 UTC 
Description of problem:
vdsm relies on "vdsm-tool configure --force" on upgrades of the package, but this does not run in pre-composed images like Node.

Since vdsm-tool configure touches systemd, neither "nsenter" nor "chroot" are sufficient to allow us to run this in the new layer.

Currently, we have a service which runs this on boot, but in the long term, an abstraction around nspawn in order to nicely isolate this behavior and keep boot times minimized is ideal.
Comment 1 Yuval Turgeman 2017-05-08 13:13:38 UTC 
vdsm-tool configure touches selinux in addition to systemd and since selinux can't be modified inside a systemd-nspawn container, the question is do we have another use case for such an abstraction other than vdsm-tool ?
Comment 2 Ryan Barry 2017-05-08 14:19:49 UTC 
There are a number of places in osupdater which enter the image to run commands. Off the top of my head, at least rpm verification/permission setting and generating a new initrd are done this way. Currently, these are using anonymous functions, but having a single point of abstraction would definitely help clean up the code for osupdater, even if we can't use it for vdsm-tool.
Comment 3 dguo 2017-08-08 05:44:16 UTC 
From talk with Yuval on IRC, the class in patch is still not in used inside codes. I will put it back to MODIFIED.

And perhaps is still not a very good solution for vdsm-reconfigure especially now with all the selinux changes.

So, currently I do not have an effective way to verify this RFE, just wait the next progress and hopefully get an instruction about the verification method.
Comment 4 Huijuan Zhao 2017-11-08 05:57:50 UTC 
According to Comment 3, change the status to ASSIGNED currently.
Comment 5 Red Hat Bugzilla Rules Engine 2017-11-08 05:57:57 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 6 Ryan Barry 2017-11-08 15:03:06 UTC 
Is QE ok with dev verifying this? The abstraction is there, but there's not a good target for actually calling it in the codebase in 4.2
Comment 7 Huijuan Zhao 2017-11-09 08:38:53 UTC 
(In reply to Ryan Barry from comment #6)
> Is QE ok with dev verifying this? The abstraction is there, but there's not
> a good target for actually calling it in the codebase in 4.2

Yes, QE is ok with dev verifying this issue. 

And could you help to change "QA Contact" to dev if confirmed? 
Thanks Ryan.
Comment 8 Sandro Bonazzola 2017-12-20 11:20:07 UTC 
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.