Created attachment 1325843 [details] Logs Description of problem: When I used attached (nfs11_GlanceCinder.yaml) heat template to configure both Cinder and Glance to mount to NFS share, Glance mount works but Cinder's isn't created. When I used this template nfs11Cinder.yaml, just Cinder without Glance, create volume works fine. Version-Release number of selected component (if applicable): rhel7.4 openstack-tripleo-heat-templates-6.2.0-3.el7ost.noarch puppet-tripleo-6.5.0-8.el7ost.noarch puppet-cinder-10.3.1-1.el7ost.noarch How reproducible: Every time (twice already) Steps to Reproduce: 1. Use attached nfs yaml and deploy overcloud 2. Try to create a volume. 3. Actual results: Volume in error state as Cinder nfs mount is broke. Expected results: Volume be available. Additional info: I hit this bug while working on another heat storage nfs bz https://bugzilla.redhat.com/show_bug.cgi?id=1440700#c12 While debugging ^ bug, Eric/Alan determined it's a side effect of SELinux. Grep for "mount" in controller's /var/log/messages and see "SELinux: mount invalid. Same superblock, different security settings for (dev 0:41, type nfs4)" Suggested add "nosharecache" to both the cinder and glance nfs mount options See https://bugzilla.redhat.com/show_bug.cgi?id=253530 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html#sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts Suggested add "nosharecache" to both the cinder and glance nfs mount options
Created attachment 1325844 [details] nfs11_GlanceCinder.yaml
Created attachment 1325846 [details] nfs11Cinder.yaml
Created attachment 1325941 [details] Logs Some mode debugging info, deleted overcloud Attempted with this template parameter_defaults: CinderEnableIscsiBackend: false CinderEnableRbdBackend: false CinderEnableNfsBackend: true CinderNfsMountOptions: '' --> removed the retry=1, which was here before. CinderNfsServers: '10.35.160.111:/export/ins_cinder' GlanceBackend: 'file' GlanceNfsEnabled: true GlanceNfsShare: '10.35.160.111:/export/ins_glance' Cinder create still fails, Cinder mount still missing.
OK looks like setting mount option-> nosharecache resolves the issue. On this last attempt used this heat template: parameter_defaults: CinderEnableIscsiBackend: false CinderEnableRbdBackend: false CinderEnableNfsBackend: true CinderNfsMountOptions: 'nosharecache' CinderNfsServers: '10.35.160.111:/export/ins_cinder' GlanceBackend: 'file' GlanceNfsEnabled: true GlanceNfsMountOptions: 'nosharecache' GlanceNfsShare: '10.35.160.111:/export/ins_glance' Volume is available $ cinder list +--------------------------------------+-----------+------+------+-------------+----------+-------------+ | ID | Status | Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+------+------+-------------+----------+-------------+ | 08945b6f-83f9-442c-bbd5-b19bc2a6dc13 | available | - | 1 | - | false | | +--------------------------------------+-----------+------+------+-------------+----------+-------------+ Not sure what the outcome of this bug is: 1. Maybe check if we should add nosharecache by default? 2. At least document this issue.
Is this one worth fixing or do we want to set the fields to just make sure we document it?
OSP11 is now retired, see details at https://access.redhat.com/errata/product/191/ver=11/rhel---7/x86_64/RHBA-2018:1828