| hamburgler2 | hmm think there is a permission bug somewhere and can't quite put my finger on as to why/where it is happening, during upgrade to 29.0.2 in dev and staging environment, permissions for /var/lib/neutron/ovn-metadata-proxy changed to root:root ownership, this prevents conf files from being created by neutron, stopping the service, removing the folder and starting service again fixes owner/group to | 01:59 |
|---|---|---|
| hamburgler2 | neutron:neutron - looks to only happen during upgrade, not when ran again when service has created folder with correct permissions, this did seem to break provisioning because there was no metadata server available for cloud-init. | 01:59 |
| hamburgler2 | actually looks to affect 29.0.1 (dev) and 29.0.2 (staging) envs for me | 02:01 |
| hamburgler2 | hmm shoot looking at production environment from bobcat, it is root:root, and /etc/systemd/system/neutron-ovn-metadata-agent.service has User = root Group = root | 02:06 |
| hamburgler2 | Caracal systemd neutron-ovn-metadata-agent service is User = neutron Group = neutron | 02:07 |
| hamburgler2 | that's probably why | 02:07 |
| hamburgler2 | after upgrade folder still has root:root from Bobcat but service file User and Group change | 02:07 |
| hamburgler2 | ah: https://github.com/openstack/openstack-ansible-os_neutron/compare/stable/2023.2...stable/2024.1 | 02:19 |
| hamburgler2 | removed systemd_user_name: root and systemd_group_name: root | 02:19 |
| hamburgler2 | so I'm guessing service use to start and create the folder as root:root, but the folder doesn't get deleted for the change when restarted, just ends up with broken permission | 02:20 |
| hamburgler2 | should add on compute nodes ^ | 02:43 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-ops master: mcapi_proxy: allow overriding of systemd service environment https://review.opendev.org/c/openstack/openstack-ansible-ops/+/926889 | 09:52 |
| hamburgler2 | ended up doing this https://paste.openstack.org/show/bY8oiZKQ5Pa4ycdCQkkp/ as a temporary fix for the above bug. | 17:21 |
| *** melwitt is now known as jgwentworth | 19:38 | |
| *** jgwentworth is now known as melwitt | 19:38 | |
| jrosser | hamburgler2: it would be great if you could submit a patch for that | 20:58 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!