2138759 – subscription-manager command doesn't work on a Controller node running cinder-volume container

Bug 2138759 - subscription-manager command doesn't work on a Controller node running cinder-volume container

Summary: subscription-manager command doesn't work on a Controller node running cinder...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	z1
Target Release:	17.0
Assignee:	Takashi Kajinami
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2160821 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-10-31 06:22 UTC by yatanaka
Modified:	2023-04-09 12:02 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-14.3.1-0.20221208160327.feca772.el9ost
Doc Type:	Bug Fix
Doc Text:	Cause: cinder-volume container bind-mounted /var/run from host instead of /run, and this results in creating /run/.containerenv in host file system. The /run/.containerenv file made subscription-manager ignore its settings such as associated subscriptions. Consequence: The subscriptoon-manager command does not work in the node with cinder-volume container running Fix: Fixed the path used for bind-mount so that /run/.containerenv is not created in host file system. Result: The subscriptoon-manager command works even in the node with cinder-volume container running
Clone Of:
Clones:	2151043 (view as bug list)
Environment:
Last Closed:	2023-01-25 12:29:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1995237	None	None	None	2022-10-31 07:23:01 UTC
OpenStack gerrit	863024	None	stable/wallaby: MERGED	tripleo-heat-templates: Fix trailing slashes in bind-mounts and linting (Ia517b34c9d633101502bd8788e7b8764e75bbe64)	2022-12-07 21:04:37 UTC
Red Hat Issue Tracker	OSP-19801	None	None	None	2022-10-31 06:42:55 UTC
Red Hat Knowledge Base (Solution)	6989368	None	None	None	2022-12-07 06:58:12 UTC
Red Hat Product Errata	RHBA-2023:0271	None	None	None	2023-01-25 12:30:28 UTC

Description yatanaka 2022-10-31 06:22:41 UTC

Description of problem:

subscription-manager command doesn't work on a Controller node running openstack-cinder-volume-podman-X container.
~~~
[root@overcloud-controller-1 ~]# podman ps |grep cinder-volume
e7c8cee2afde  undercloud.ctlplane.yatanaka.example.com:8787/rhosp-rhel9/openstack-cinder-volume:pcmklatest  /bin/bash /usr/lo...  26 minutes ago  Up 26 minutes ago                    openstack-cinder-volume-podman-0

[root@overcloud-controller-1 ~]# subscription-manager list 
subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.
~~~

The reason subscription-manager doesn't work is existence of /run/.containerenv .
~~~
[root@overcloud-controller-1 ~]# file /run/.containerenv 
/run/.containerenv: empty
~~~

There was a similar discussion in the past, and the following change was merged in order to prevent creating /run/.containerenv if '/run' is bind-mounted into containers.
  - https://github.com/containers/podman/issues/14577
  - https://github.com/gbraad/podman/commit/3d4e9d73d25edc3287263e80ab379f7e3d10e799#diff-3c7c02f50259200df7913b0f622513cd28e3a9488796f89ad2dc7afbb9743663

However, only openstack-cinder-volume-podman-X container bind-mounts '/run/', not '/run'.
That's why /run/.containerenv is created only on a Controller node running openstack-cinder-volume-podman-X container, and subscription-manager command doesn't work.
~~~
[root@overcloud-controller-1 ~]# podman inspect openstack-cinder-volume-podman-0|less
 
  :
 
                {
                    "Type": "bind",
                    "Source": "/run",
                    "Destination": "/run/", <=====================(*)
                    "Driver": "",
                    "Mode": "",
                    "Options": [
                         "nosuid",
                         "nodev",
                         "rbind"
                    ],
                    "RW": true,
                    "Propagation": "rprivate"
               },
 
  :
~~~

This issue has been resolved on master branch by the following change:
  - https://github.com/openstack/tripleo-heat-templates/commit/d0ca9fe631cbdeb9e8857b4e64ad81f2260c7dae#

But it has not backported into Wallaby yet.
  - https://github.com/openstack/tripleo-heat-templates/blob/stable/wallaby/deployment/cinder/cinder-common-container-puppet.yaml#L361



Version-Release number of selected component (if applicable):
RHOSP 17.0


How reproducible:

Steps to Reproduce:
1. Deploy overcloud
2. Check on which node cinder-volume is running
3. Run subscription-manager command on the node running cinder-volume


Actual results:
subscription-manager command fails with the following message
  'subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.'

Expected results:
subscription-manager command works

Comment 9 David Rosenfeld 2022-12-14 15:03:02 UTC

subscription manager now works on a controller running a cinder volume container:

[tripleo-admin@controller-0 ~]$ sudo podman ps |grep cinder-volume
8987c2dc9caa  undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhosp17-openstack-cinder-volume:pcmklatest                                      /bin/bash /usr/lo...  40 minutes ago     Up 40 minutes ago                        openstack-cinder-volume-podman-0
[tripleo-admin@controller-0 ~]$ sudo subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Fast Datapath
Product ID:     329
Version:        9
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux for x86_64
Product ID:     479
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux for x86_64 - Extended Update Support
Product ID:     70
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support
Product ID:     84
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:

Comment 11 Takashi Kajinami 2023-01-16 00:13:26 UTC

*** Bug 2160821 has been marked as a duplicate of this bug. ***

Comment 16 errata-xmlrpc 2023-01-25 12:29:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.0.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0271

Note You need to log in before you can comment on or make changes to this bug.