2039412 – after minor update to 16.1.7, libvirtd is enabled on the controllers

Bug 2039412 - after minor update to 16.1.7, libvirtd is enabled on the controllers

Summary: after minor update to 16.1.7, libvirtd is enabled on the controllers

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z9
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Lukas Bezdicka
QA Contact:	Khomesh Thakre
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-11 16:55 UTC by Jean-Francois Beaudoin
Modified:	2023-04-18 08:43 UTC (History)
CC List:	12 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-1.20220308083412.29a02c1.el8ost
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-12-07 20:29:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	824204	None	MERGED	Disable libvirtd and stop it	2022-10-18 19:29:55 UTC
OpenStack gerrit	827019	None	MERGED	Disable libvirtd and stop it	2022-10-18 19:29:58 UTC
Red Hat Issue Tracker	OSP-12097	None	None	None	2022-01-11 17:01:03 UTC
Red Hat Issue Tracker	UPG-4899	None	None	None	2022-01-12 15:01:54 UTC
Red Hat Knowledge Base (Solution)	6634441	None	None	None	2022-01-11 19:17:46 UTC
Red Hat Product Errata	RHSA-2022:8796	None	None	None	2022-12-07 20:29:52 UTC

Description Jean-Francois Beaudoin 2022-01-11 16:55:57 UTC

Description of problem:
After doing a minor update from 16.1 to 16.1.7, libvirtd.service was enabled onto the controllers.

Version-Release number of selected component (if applicable):
RedHat OpenStack 16.1.7

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
libvirtd.service was enabled onto controllers

Expected results:
libvirtd.service should not be enabled onto controllers.

Additional info:
This prevented introspection to works for baremetal nodes with ironic in the overcloud.
The PXE boot never receive a IP after sending a DHCP request.
Within logs we see "no address available":
~~~
Jan 10 19:48:08 controller0 dnsmasq-dhcp[16607]: DHCPDISCOVER(tapb000000-ef) 10.10.10.10 00:00:00:00:00:00 no address available
~~~

Comment 3 Steve Baker 2022-01-11 20:59:53 UTC

Assinging to DFG:DF for triage. It looks like enabling the container-tools 2.0 stream results in an enabled running libvirtd service. The side-effect of this is a non-working ironic-inspector but this is just a symptom.

Ideally libvirtd should never run without being explicitly enabled, this may need to be fixed in container packaging. But tripleo-heat-templates/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml may be a more appropriate place for a workaround.

Comment 4 David Hill 2022-01-11 21:23:23 UTC

Is that being run in a minor update too ??

Comment 5 David Hill 2022-01-11 21:27:37 UTC

https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/nova/nova-modular-libvirt-container-puppet.yaml#L937-L947

Comment 6 David Hill 2022-01-11 21:35:40 UTC

Is it really a workaround though ?   We never want to have a running libvirt where ironic inspector will run and on pre-deployed node this could happen as well ...   I think this is the best place to put this fix.

Comment 7 David Hill 2022-01-11 21:47:57 UTC

The location you suggested in #3 is for standalone undercloud but the current case is on the overcloud nodes... so we'd have to make more changes to allow this to happen .  I still think we need this just because we also support pre-provisionned servers where this could happen ... unless we already consider this somewhere else, we'll need this still (or maybe not, we don't have many users with pre-provisionned servers).

Comment 10 Artom Lifshitz 2022-01-19 14:52:41 UTC

With the upstream close to merging (just waiting on the gate), assigning to dvd to handle any necessary backports, and/or help shepherd dhill through the process.

Comment 27 errata-xmlrpc 2022-12-07 20:29:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenStack 16.1.9 (openstack-tripleo-heat-templates) security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8796

Note You need to log in before you can comment on or make changes to this bug.