tripleo-heat-templates/releasenotes/notes/wrapper-containers-debug-844c13348c83de93.yaml

17 lines
707 B
YAML
Raw Normal View History

Rework neutron/own agent wrapper tools for podman Add ContainerCli parameter, default to docker. Possible values: podman/docker (default). Deprecate DockerAdditionalSockets so it does nothing for podman. Nested podman CLI replaces docker sockets. Only bind mount /var/lib/openstack for the neutron/ovn agents for docker. Support debug messages for Neutron/OVN wrappers controled via NeutronWrapperDebug and OWNWrapperDebug (defaults to False). Or globally controlled by Debug. Make the wrapper containers managed by its parent processes and not exited/removed forcibly, when the parent container restarts. Background for podman CLI replacing the docker socket: We'll use 'nsenter -m -n -p -t 1 podman' in wrappers to execute podman in the same namespaces as on the host and to NOT bind-mount world for that, like: - /sys/fs/cgroup:/sys/fs/cgroup - /run/libpod:/run/libpod - /run/containers:/run/containers - /run/runc:/run/runc - /run/runc-ctrs:/run/runc-ctrs - /var/lib/containers:/var/lib/containers - /etc/containers:/etc/containers:ro - /usr/bin/podman:/usr/bin/podman:ro - /usr/bin/runc:/usr/bin/runc:ro - /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro - /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro ... We cannot use chroot /host instead as there is more bind-mounts to use outside of the /host chroot. Maybe varlink is a good replacement for all of that, but it's not there yet. Change-Id: I055fb7a5fd20932c5bee665bb96678f3ae92bffe Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-09-28 15:15:17 +02:00
---
features:
- |
``ContainerCli`` allows 'docker' (deprecated) and 'podman' for Neutron
L3/DHCP and OVN metadata rootwrap containers managed by agents.
Parameters ``OVNWrapperDebug`` and ``NeutronWrapperDebug`` (Defaults to
`False`) allow to log debug messages for the wrapper scripts managing
rootwrap containers. It is also controled by the global ``Debug`` setting.
fixes:
- |
Neutron/OVN rootwrap containers are managed by agents and will no longer
be deleted, when the parent container restarts.
deprecations:
- |
Parameter ``DockerAdditionalSockets`` is deprecated. No sockets are
expected to bind mount for podman. So it only works for the docker runtime.