Add a precheck to ensure nscd is not running

The 'name service caching daemon (nscd)' seems to effectively disable
Docker's user namespace when '/run' is bind mounted. This can cause
issues with Kolla containers that use this mount, if the uid the
container runs as exists on the system, they clash and container will
either fail to start, have sudo issues, etc.

Change-Id: I9ac6bdb193f1520d025251d3abfa761700481cc9
Closes-Bug: #1723934
This commit is contained in:
Paul Bourke 2017-10-16 13:10:03 +01:00 committed by Paul Bourke (pbourke)
parent 95cd334707
commit 8a2048906d

@ -16,3 +16,18 @@
register: result
changed_when: false
failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")
- name: Check if nscd is running
command: pgrep nscd
ignore_errors: yes
failed_when: false
changed_when: false
register: nscd_status
- name: Fail if nscd is running
fail:
msg: |
Service nscd is running. This is known to cause issues with Docker's user namespaces in
Kolla. Please disable it before proceeding.
when:
- nscd_status.rc == 0