Description of problem: After doing a minor update from 16.1 to 16.1.7, libvirtd.service was enabled onto the controllers. Version-Release number of selected component (if applicable): RedHat OpenStack 16.1.7 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: libvirtd.service was enabled onto controllers Expected results: libvirtd.service should not be enabled onto controllers. Additional info: This prevented introspection to works for baremetal nodes with ironic in the overcloud. The PXE boot never receive a IP after sending a DHCP request. Within logs we see "no address available": ~~~ Jan 10 19:48:08 controller0 dnsmasq-dhcp[16607]: DHCPDISCOVER(tapb000000-ef) 10.10.10.10 00:00:00:00:00:00 no address available ~~~
Assinging to DFG:DF for triage. It looks like enabling the container-tools 2.0 stream results in an enabled running libvirtd service. The side-effect of this is a non-working ironic-inspector but this is just a symptom. Ideally libvirtd should never run without being explicitly enabled, this may need to be fixed in container packaging. But tripleo-heat-templates/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml may be a more appropriate place for a workaround.
Is that being run in a minor update too ??
https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/nova/nova-modular-libvirt-container-puppet.yaml#L937-L947
Is it really a workaround though ? We never want to have a running libvirt where ironic inspector will run and on pre-deployed node this could happen as well ... I think this is the best place to put this fix.
The location you suggested in #3 is for standalone undercloud but the current case is on the overcloud nodes... so we'd have to make more changes to allow this to happen . I still think we need this just because we also support pre-provisionned servers where this could happen ... unless we already consider this somewhere else, we'll need this still (or maybe not, we don't have many users with pre-provisionned servers).
With the upstream close to merging (just waiting on the gate), assigning to dvd to handle any necessary backports, and/or help shepherd dhill through the process.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat OpenStack 16.1.9 (openstack-tripleo-heat-templates) security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8796