commit 0a5b2e41b077615eab4870694d2ded84f9d17056
author Mohammed Naser <mnaser@vexxhost.com> Fri Jan 31 10:58:24 2025 -0500
committer Mohammed Naser <mnaser@vexxhost.com> Fri Jan 31 15:41:41 2025 -0500
tree 625640e51aa6d053b4399fe16a6900b693c5f35f
parent 63ad0ecfff2bbf0481eb4f0e56a8c924a7b723e6

Add missing [privsep_entrypoint]/helper_command

Closes-Bug: ATMOSPHERE-648
Change-Id: I12243527ad763bb249195220093717d68de050f6

images/cinder/Dockerfile

diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile
index 24db11a..c632be0 100644
--- a/images/cinder/Dockerfile
+++ b/images/cinder/Dockerfile
@@ -28,7 +28,7 @@
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
-    ceph-common lsscsi nfs-common nvme-cli python3-rados python3-rbd qemu-utils qemu-block-extra sysfsutils udev util-linux
+    ceph-common dmidecode lsscsi nfs-common nvme-cli python3-rados python3-rbd qemu-utils qemu-block-extra sysfsutils udev util-linux
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF

images/glance/Dockerfile

diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile
index 62509ec..062924d 100644
--- a/images/glance/Dockerfile
+++ b/images/glance/Dockerfile
@@ -24,7 +24,7 @@
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
-    ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-block-extra qemu-utils sysfsutils udev util-linux
+    ceph-common dmidecode lsscsi nvme-cli python3-rados python3-rbd qemu-block-extra qemu-utils sysfsutils udev util-linux
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF

images/nova/Dockerfile

diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
index 378b95a..eac8737 100644
--- a/images/nova/Dockerfile
+++ b/images/nova/Dockerfile
@@ -29,7 +29,7 @@
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
-    ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nfs-common nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux swtpm swtpm-tools libtpms0
+    ceph-common dmidecode genisoimage iproute2 libosinfo-bin lsscsi ndctl nfs-common nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux swtpm swtpm-tools libtpms0
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF

releasenotes/notes/add-missing-osbrick-helper-0bc348399986a5d6.yaml

diff --git a/releasenotes/notes/add-missing-osbrick-helper-0bc348399986a5d6.yaml b/releasenotes/notes/add-missing-osbrick-helper-0bc348399986a5d6.yaml
new file mode 100644
index 0000000..e663f72
--- /dev/null
+++ b/releasenotes/notes/add-missing-osbrick-helper-0bc348399986a5d6.yaml
@@ -0,0 +1,15 @@
+---
+fixes:
+  - The ``[privsep_osbrick]/helper_command`` configuration value was not
+    configured in both of the Cinder and Nova services, which lead to the
+    inability to run certain CLI commands since it instead tried to do a plain
+    ``sudo`` instead.  This has been fixed by adding the missing helper command
+    configuration to both services.
+  - The ``dmidecode`` package which is required by the ``os-brick`` library for
+    certain operations was not installed on the images that needed it, which
+    can cause NVMe-oF discovery issues.  The package has been added to all
+    images that require it.
+  - The ``[cinder]/auth_type`` configuration value was not set resulting in
+    the entire Cinder section not being rendered in the configuration file, it
+    is now set to ``password`` which will fully render the Cinder section
+    for OpenStack Nova.

roles/cinder/vars/main.yml

diff --git a/roles/cinder/vars/main.yml b/roles/cinder/vars/main.yml
index 4917bd9..ef3d6cd 100644
--- a/roles/cinder/vars/main.yml
+++ b/roles/cinder/vars/main.yml
@@ -52,6 +52,8 @@
         pool_timeout: 30
       oslo_messaging_notifications:
         driver: noop
+      privsep_osbrick:
+        helper_command: sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf
   manifests:
     ingress_api: false
     job_clean: false

roles/nova/vars/main.yml

diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index bd72f52..10c67a6 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -62,10 +62,7 @@
       cache:
         backend: oslo_cache.memcache_pool
       cinder:
-        catalog_info: volumev3::internalURL
-        os_region_name: "{{ openstack_helm_endpoints_nova_region_name }}"
-        username: "nova-{{ openstack_helm_endpoints_nova_region_name }}"
-        password: "{{ openstack_helm_endpoints_nova_keystone_password }}"
+        auth_type: password
       conductor:
         workers: 8
       compute:
@@ -111,6 +108,8 @@
         driver: noop
       os_vif_ovs:
         ovsdb_connection: unix:/run/openvswitch/db.sock
+      privsep_osbrick:
+        helper_command: sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf
       scheduler:
         max_attempts: 3
         workers: 8