From 1ed2cdf1864b1737b38609bac6cbff6333eb0de0 Mon Sep 17 00:00:00 2001 From: Dan Voiculeasa Date: Mon, 6 Jun 2022 14:27:13 +0300 Subject: [PATCH] cni: use /var/opt/cni This will allow bootstrap on Debian to work without unlocking ostree. Currently /opt/cni is a symlink to a /usr subdir. /usr is mounted read-only. This lead to issues when containers try to write inside /opt/cni. Update software to use /var/opt/cni instead. The problematic symlink is created by the meta-lat component. This commit can be reverted later if the meta-lat design is changed. This is an enhancement to the following series: https://review.opendev.org/c/starlingx/ansible-playbooks/+/825354 https://review.opendev.org/c/starlingx/integ/+/825346 https://review.opendev.org/c/starlingx/stx-puppet/+/825355 https://review.opendev.org/c/starlingx/integ/+/843965 Test on AIO-SX: CentOS: PASS: unlocked enabled available Debian: PASS: bootstrap without ostree unlock. PASS: unlocked enabled available Story: 2009101 Task: 44314 Signed-off-by: Dan Voiculeasa Change-Id: Id6ced63f913ed21954c379b031ae74683cd4d86f --- kubernetes/cni/bond-cni/centos/bond-cni.spec | 10 ++++++---- .../cni/bond-cni/debian/deb_folder/bond-cni.install | 2 +- .../plugins/centos/containernetworking-plugins.spec | 11 +++++++---- .../deb_folder/containernetworking-plugins.install | 2 +- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/kubernetes/cni/bond-cni/centos/bond-cni.spec b/kubernetes/cni/bond-cni/centos/bond-cni.spec index 16c6785fd..445bf9c49 100644 --- a/kubernetes/cni/bond-cni/centos/bond-cni.spec +++ b/kubernetes/cni/bond-cni/centos/bond-cni.spec @@ -58,8 +58,8 @@ echo "Building bond-cni plugin" %gobuild -o "${PWD}/bin/bond" "${PWD}/bond/" %install -install -d -p %{buildroot}/opt/cni/bin -install -p -m 0755 bin/* %{buildroot}/opt/cni/bin +install -d -p %{buildroot}/var/opt/cni/bin +install -p -m 0755 bin/* %{buildroot}/var/opt/cni/bin #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -67,10 +67,12 @@ install -p -m 0755 bin/* %{buildroot}/opt/cni/bin %files %license LICENSE %doc *.md -%dir /opt/cni/bin -/opt/cni/bin/* +%dir /var/opt/cni/bin +/var/opt/cni/bin/* %changelog +* Mon Jun 06 2022 Dan Voiculeasa +- Update install directory to /var/opt/cni/bin. * Fri May 27 2022 Steven Webster - Update install directory to /opt/cni/bin. * Fri Jan 21 2022 Steven Webster diff --git a/kubernetes/cni/bond-cni/debian/deb_folder/bond-cni.install b/kubernetes/cni/bond-cni/debian/deb_folder/bond-cni.install index f99a4035a..1eeb9b126 100644 --- a/kubernetes/cni/bond-cni/debian/deb_folder/bond-cni.install +++ b/kubernetes/cni/bond-cni/debian/deb_folder/bond-cni.install @@ -1 +1 @@ -bond /opt/cni/bin/ +bond /var/opt/cni/bin/ diff --git a/kubernetes/cni/plugins/centos/containernetworking-plugins.spec b/kubernetes/cni/plugins/centos/containernetworking-plugins.spec index d82bf4732..486084d61 100644 --- a/kubernetes/cni/plugins/centos/containernetworking-plugins.spec +++ b/kubernetes/cni/plugins/centos/containernetworking-plugins.spec @@ -77,8 +77,8 @@ for d in $PLUGINS; do done %install -install -d -p %{buildroot}/opt/cni/bin -install -p -m 0755 bin/* %{buildroot}/opt/cni/bin +install -d -p %{buildroot}/var/opt/cni/bin +install -p -m 0755 bin/* %{buildroot}/var/opt/cni/bin %check %if 0%{?with_check} @@ -119,10 +119,13 @@ install -p -m 0755 bin/* %{buildroot}/opt/cni/bin %files %license LICENSE %doc *.md -%dir /opt/cni/bin -/opt/cni/bin/* +%dir /var/opt/cni/bin +/var/opt/cni/bin/* %changelog +* Mon Jun 06 2022 Dan Voiculeasa +- Update install directory to /var/opt/cni/bin. + * Thu Feb 17 2022 Steven Webster - 1.0.1 - bump to v1.0.1 diff --git a/kubernetes/cni/plugins/debian/deb_folder/containernetworking-plugins.install b/kubernetes/cni/plugins/debian/deb_folder/containernetworking-plugins.install index 956deb0cb..fcc73170f 100644 --- a/kubernetes/cni/plugins/debian/deb_folder/containernetworking-plugins.install +++ b/kubernetes/cni/plugins/debian/deb_folder/containernetworking-plugins.install @@ -1 +1 @@ -usr/bin/* opt/cni/bin +usr/bin/* /var/opt/cni/bin