Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2138759

Summary: subscription-manager command doesn't work on a Controller node running cinder-volume container
Product: Red Hat OpenStack Reporter: yatanaka
Component: openstack-tripleo-heat-templatesAssignee: Takashi Kajinami <tkajinam>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: cjeanner, drosenfe, iconichsp, jschluet, mburns, msecaur, ramishra, tkajinam
Target Milestone: z1Keywords: Triaged
Target Release: 17.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-0.20221208160327.feca772.el9ost Doc Type: Bug Fix
Doc Text:
Cause: cinder-volume container bind-mounted /var/run from host instead of /run, and this results in creating /run/.containerenv in host file system. The /run/.containerenv file made subscription-manager ignore its settings such as associated subscriptions. Consequence: The subscriptoon-manager command does not work in the node with cinder-volume container running Fix: Fixed the path used for bind-mount so that /run/.containerenv is not created in host file system. Result: The subscriptoon-manager command works even in the node with cinder-volume container running
 Story Points: ---
Clone Of:
: 2151043 (view as bug list) Environment:
Last Closed: 2023-01-25 12:29:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yatanaka 2022-10-31 06:22:41 UTC 
Description of problem:

subscription-manager command doesn't work on a Controller node running openstack-cinder-volume-podman-X container.
~~~
[root@overcloud-controller-1 ~]# podman ps |grep cinder-volume
e7c8cee2afde  undercloud.ctlplane.yatanaka.example.com:8787/rhosp-rhel9/openstack-cinder-volume:pcmklatest  /bin/bash /usr/lo...  26 minutes ago  Up 26 minutes ago                    openstack-cinder-volume-podman-0

[root@overcloud-controller-1 ~]# subscription-manager list 
subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.
~~~

The reason subscription-manager doesn't work is existence of /run/.containerenv .
~~~
[root@overcloud-controller-1 ~]# file /run/.containerenv 
/run/.containerenv: empty
~~~

There was a similar discussion in the past, and the following change was merged in order to prevent creating /run/.containerenv if '/run' is bind-mounted into containers.
  - https://github.com/containers/podman/issues/14577
  - https://github.com/gbraad/podman/commit/3d4e9d73d25edc3287263e80ab379f7e3d10e799#diff-3c7c02f50259200df7913b0f622513cd28e3a9488796f89ad2dc7afbb9743663

However, only openstack-cinder-volume-podman-X container bind-mounts '/run/', not '/run'.
That's why /run/.containerenv is created only on a Controller node running openstack-cinder-volume-podman-X container, and subscription-manager command doesn't work.
~~~
[root@overcloud-controller-1 ~]# podman inspect openstack-cinder-volume-podman-0|less
 
  :
 
                {
                    "Type": "bind",
                    "Source": "/run",
                    "Destination": "/run/", <=====================(*)
                    "Driver": "",
                    "Mode": "",
                    "Options": [
                         "nosuid",
                         "nodev",
                         "rbind"
                    ],
                    "RW": true,
                    "Propagation": "rprivate"
               },
 
  :
~~~

This issue has been resolved on master branch by the following change:
  - https://github.com/openstack/tripleo-heat-templates/commit/d0ca9fe631cbdeb9e8857b4e64ad81f2260c7dae#

But it has not backported into Wallaby yet.
  - https://github.com/openstack/tripleo-heat-templates/blob/stable/wallaby/deployment/cinder/cinder-common-container-puppet.yaml#L361



Version-Release number of selected component (if applicable):
RHOSP 17.0


How reproducible:

Steps to Reproduce:
1. Deploy overcloud
2. Check on which node cinder-volume is running
3. Run subscription-manager command on the node running cinder-volume


Actual results:
subscription-manager command fails with the following message
  'subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.'

Expected results:
subscription-manager command works
Comment 9 David Rosenfeld 2022-12-14 15:03:02 UTC 
subscription manager now works on a controller running a cinder volume container:

[tripleo-admin@controller-0 ~]$ sudo podman ps |grep cinder-volume
8987c2dc9caa  undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhosp17-openstack-cinder-volume:pcmklatest                                      /bin/bash /usr/lo...  40 minutes ago     Up 40 minutes ago                        openstack-cinder-volume-podman-0
[tripleo-admin@controller-0 ~]$ sudo subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Fast Datapath
Product ID:     329
Version:        9
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux for x86_64
Product ID:     479
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux for x86_64 - Extended Update Support
Product ID:     70
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:           

Product Name:   Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support
Product ID:     84
Version:        9.0
Arch:           x86_64
Status:         Unknown
Status Details: 
Starts:         
Ends:
Comment 11 Takashi Kajinami 2023-01-16 00:13:26 UTC 
*** Bug 2160821 has been marked as a duplicate of this bug. ***
Comment 16 errata-xmlrpc 2023-01-25 12:29:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.0.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0271