From 8f26939da49691e035dde0cea0c2e2d3ee7c40f3 Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Tue, 30 Nov 2021 10:00:20 +0100 Subject: [PATCH] cephadm-adopt: bindmount /var/lib/ceph with 'ro' When collocating osds with iscsigw daemons, cephadm bindmounts the following: ``` -v /var/lib/ceph/6126c064-6a9e-4092-8a64-977930df0843/iscsi.rbd.ceph-ameenasuhani-4fs3bq-node5.vomtqb/configfs:/sys/kernel/config ``` this prevents cephadm-adopt playbook from running container and bindmounting `/var/lib/ceph:/var/lib/ceph:z` since 'ro' is enough in this playbook, let's replace the ':z' option on this bindmount with ':ro' Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411 Signed-off-by: Guillaume Abrioux (cherry picked from commit c4fdf956bd7269cb457023c45366d0edc17a8a67) --- infrastructure-playbooks/cephadm-adopt.yml | 2 +- library/ceph_volume.py | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/infrastructure-playbooks/cephadm-adopt.yml b/infrastructure-playbooks/cephadm-adopt.yml index 9da50a91ec..eb50b50158 100644 --- a/infrastructure-playbooks/cephadm-adopt.yml +++ b/infrastructure-playbooks/cephadm-adopt.yml @@ -176,7 +176,7 @@ - name: set_fact ceph_cmd set_fact: - ceph_cmd: "{{ container_binary + ' run --rm --net=host -v /etc/ceph:/etc/ceph:z -v /var/lib/ceph:/var/lib/ceph:z -v /var/run/ceph:/var/run/ceph:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }} --cluster {{ cluster }}" + ceph_cmd: "{{ container_binary + ' run --rm --net=host -v /etc/ceph:/etc/ceph:z -v /var/lib/ceph:/var/lib/ceph:ro -v /var/run/ceph:/var/run/ceph:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }} --cluster {{ cluster }}" - name: get current fsid command: "{{ ceph_cmd }} fsid" diff --git a/library/ceph_volume.py b/library/ceph_volume.py index 24de78ae66..76d409b0ce 100644 --- a/library/ceph_volume.py +++ b/library/ceph_volume.py @@ -186,7 +186,6 @@ ''' -<<<<<<< HEAD def fatal(message, module): ''' Report a fatal error and exit @@ -198,10 +197,7 @@ def fatal(message, module): raise(Exception(message)) -def container_exec(binary, container_image): -======= def container_exec(binary, container_image, mounts=None): ->>>>>>> b02d71c30 (ceph_volume: support overriding bind-mounts) ''' Build the docker CLI to run a command inside a container '''