This bug was initially created as a copy of Bug #2217889 I am copying this bug because: We need to get proper backport of the audit write capability patch. Description of problem: It looks like symptoms similar to upstream bugs https://bugs.launchpad.net/tripleo/+bug/1989247 and https://bugs.launchpad.net/tripleo/+bug/1942076 are reproduced in RHOSP 17.0: Jun 19 20:03:24 director ansible-tripleo_container_manage[23525]: [WARNING] ERROR: Can't run container aodh_db_sync#012stderr: + sudo -E kolla_set_configs#012sudo: unable to send audit message: Operation not permitted Jun 19 20:05:33 director ansible-tripleo_container_manage[23525]: [WARNING] ERROR: Can't run container neutron_db_sync#012stderr: + sudo -E kolla_set_configs#012sudo: unable to send audit message: Operation not permitted From upstream's bug description it looks like it was a blocker for upstream. For customer's RHOSP 17.0 deployment it was cosmetic problem which didn't break anything. But it is misleading. Version-Release number of selected component (if applicable): python3-tripleoclient-16.5.1-0.20221207110335.23dbe54.el9ost.noarch How reproducible: Run undercloud deployment command for RHOSP 17.0 Actual results: "sudo: unable to send audit message: Operation not permitted" errors are logged Expected results: "sudo: unable to send audit message: Operation not permitted" errors are not logged
We later noticed podman 3.0 in CentOS8/RHEL8 does not contain https://github.com/containers/podman/pull/13744/commits/1cd529b22d40205c1f3246ed49f07e3615cf8292 thus does not allow using both privileged and cap add at the same time. Because of this nova_migration_target container is not able to start in CentOS 8. As a quick fix we decided to exclude this specific container. If anyone find actual problems caused by the warning coming from nova_migration_target, that needs further investigation mainly from nova's perspective. (We probably need to check whether the container requires requires priviledge or not, first)