)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8449,"name":"Marios Andreou","email":"marios.andreou@gmail.com","username":"marios"},"change_message_id":"e16d6a76efa8309c4bb25d903a6b6b3fa2429386","unresolved":false,"context_lines":[{"line_number":11,"context_line":"podman fails to apply setting with glance is using NFS (i.e."},{"line_number":12,"context_line":"/var/lib/glance/images is a mount point)."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Also update the NFS mount options to use svirt_sandbox_file_t, which"},{"line_number":15,"context_line":"is consistent with the parent service directory."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Closes-Bug: #1844465"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"3fa7e38b_ee193788","line":14,"range":{"start_line":14,"start_character":42,"end_line":14,"end_character":60},"updated":"2019-09-18 06:23:12.000000000","message":"i found another one there in a comment might want to update that too https://opendev.org/openstack/tripleo-heat-templates/src/commit/9fde6321e0f286f919c13e0b243aaa0ab65da227/environments/storage-environment.yaml#L52","commit_id":"1c686761b12f302f673141132af59a4e379889d1"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"5df07347297b555eaa2e7a17cff8efa65991f273","unresolved":false,"context_lines":[{"line_number":11,"context_line":"podman fails to apply setting with glance is using NFS (i.e."},{"line_number":12,"context_line":"/var/lib/glance/images is a mount point)."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Also update the NFS mount options to use svirt_sandbox_file_t, which"},{"line_number":15,"context_line":"is consistent with the parent service directory."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Closes-Bug: #1844465"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"3fa7e38b_f20911dd","line":14,"range":{"start_line":14,"start_character":42,"end_line":14,"end_character":60},"in_reply_to":"3fa7e38b_ee193788","updated":"2019-09-18 12:55:05.000000000","message":"Thanks! Emilien also said that file needed to be updated, but I must have missed it because it\u0027s in a comment. I\u0027ll fix.","commit_id":"1c686761b12f302f673141132af59a4e379889d1"}],"deployment/glance/glance-api-container-puppet.yaml":[{"author":{"_account_id":13861,"name":"yatin","email":"ykarel@redhat.com","username":"yatinkarel"},"change_message_id":"3f990e0382194300a30e260bf5430ed9b0503651","unresolved":false,"context_lines":[{"line_number":514,"context_line":"                  - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json"},{"line_number":515,"context_line":"                  - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro"},{"line_number":516,"context_line":"                  - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro"},{"line_number":517,"context_line":"                  - /var/lib/glance:/var/lib/glance:slave"},{"line_number":518,"context_line":"                -"},{"line_number":519,"context_line":"                  if:"},{"line_number":520,"context_line":"                    - cinder_backend_enabled"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_4b8f1dcc","line":517,"updated":"2019-09-18 04:42:15.000000000","message":"i assume you will backport it to stein as well as there also bug reported for it against stein https://bugs.launchpad.net/tripleo/+bug/1834857, that bug is specific to NFS.\n\nIs the issue seen in non NFS cases as well? I see nova handled z flag seperately for NFS and non NFS cases.","commit_id":"1c686761b12f302f673141132af59a4e379889d1"},{"author":{"_account_id":6796,"name":"Giulio Fidente","email":"gfidente@redhat.com","username":"gfidente"},"change_message_id":"1a6f2d6659cf2d6d4723673a568b2c91d989fb1d","unresolved":false,"context_lines":[{"line_number":514,"context_line":"                  - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json"},{"line_number":515,"context_line":"                  - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro"},{"line_number":516,"context_line":"                  - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro"},{"line_number":517,"context_line":"                  - /var/lib/glance:/var/lib/glance:slave"},{"line_number":518,"context_line":"                -"},{"line_number":519,"context_line":"                  if:"},{"line_number":520,"context_line":"                    - cinder_backend_enabled"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_dde18b00","line":517,"in_reply_to":"3fa7e38b_4b8f1dcc","updated":"2019-09-18 10:52:09.000000000","message":"I think :z is relabeling the directory on the host with a selinux context which allows container to do whatever with the files in it\n\nthe question is why that was needed and if it is what we want\n\nwe didn\u0027t have :z in queens or rocky and I wouldn\u0027t enable it lightly or for consistency but rather try to understand which mounts need it, why and when in the attempt to avoid its use\n\nbut this might be wrong in principle, would be nice to get some selinux to review this decision","commit_id":"1c686761b12f302f673141132af59a4e379889d1"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"5df07347297b555eaa2e7a17cff8efa65991f273","unresolved":false,"context_lines":[{"line_number":514,"context_line":"                  - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json"},{"line_number":515,"context_line":"                  - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro"},{"line_number":516,"context_line":"                  - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro"},{"line_number":517,"context_line":"                  - /var/lib/glance:/var/lib/glance:slave"},{"line_number":518,"context_line":"                -"},{"line_number":519,"context_line":"                  if:"},{"line_number":520,"context_line":"                    - cinder_backend_enabled"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_12bf0dfc","line":517,"in_reply_to":"3fa7e38b_dde18b00","updated":"2019-09-18 12:55:05.000000000","message":"I didn\u0027t realize someone reported this already against stein, and I do intend to backport the patch. I will update the commit message to indicate it closes both bugs.\n\nGiulio and I discussed the question of whether the z flag is necessary even when nfs isn\u0027t involved. The nfs mount is a subdir under both nova\u0027s and glance\u0027s service dir. My position is that if the z flag isn\u0027t necessary for things to work when just a subdir is nfs, then perhaps the z flag isn\u0027t necessary at all. And in the case of glance, its service dir doesn\u0027t need to be shared with other containers.","commit_id":"1c686761b12f302f673141132af59a4e379889d1"}]}