Do not run placement service as root

[gibizer]

Depends-On: openstack-k8s-operators/tcib#102
Implements: https://issues.redhat.com/browse/OSPRH-1374
Depends-On: openstack-k8s-operators/openstack-operator#591 (to pick up a new tcib image)

[gibizer]

/test precommit-check

   * could not run steps: step precommit-check failed: test "precommit-check" failed: could not watch pod: the pod ci-op-gids8xyf/precommit-check failed after 2m3s (failed containers: test): ContainerFailed one or more containers exited \

[bogdando]

lgtm

[gibizer]

/hold

This should not work as kolla_set_config should fail.

Also we cannot simply switch to the placement user in the container as that user is not in the kolla group:

❯ oc rsh placement-7ccc6bc7f5-cfchj
Defaulted container "placement-api" out of: placement-api, init (init)
sh-5.1# id
uid=0(root) gid=0(root) groups=0(root)
sh-5.1# cat /etc/passwd | grep placement
placement:x:997:994:OpenStack Placement:/:/bin/bash
sh-5.1# cat /etc/group | grep kolla
kolla:x:42400:
sh-5.1# 

[gibizer]

And we have a strange dbsync command:

	DBSyncCommand = "/usr/local/bin/kolla_set_configs && su -s /bin/sh -c \"placement-manage db sync\" placement"

[gibizer]

We need a fix in the tcib image first openstack-k8s-operators/tcib#102

[gibizer]

tcib fix merged but there is still no container image built in https://quay.io/repository/podified-antelope-centos9/openstack-placement-api?tab=tags&tag=latest so we wait...

[gibizer]

container promotion is blocked on https://issues.redhat.com/browse/OSPCIX-119

[SeanMooney]

https://issues.redhat.com/browse/OSPCIX-119 is closed
and there was a successful promotion yesterday
https://review.rdoproject.org/zuul/build/97b34cff01744289b42f01944b777616
so i belive we can now proceed with this

@GIBI if you agree then feel free to drop your hold

[gibizer]

/unhold

[gibizer]

This has the same limitation as nova-operator has. We cannot remove the usage of root from the container as kolla_set_config needs sudo.

[gibizer]

/hold
We need to wait for openstack-k8s-operators/openstack-operator#591 to pick up the new dataplane-operator that will pick up the new placement-api tcib image.

[gibizer]

/hold We need to wait for openstack-k8s-operators/openstack-operator#591 to pick up the new dataplane-operator that will pick up the new placement-api tcib image.

I mixed up this needs a new placement-operator to pick up a new placement-api tcib image. But we are in placement-operator so we don't have to wait for that.

[gibizer]

/unhold

[bogdando]

/LGTM

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bogdando, gibizer, SeanMooney

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [SeanMooney,bogdando,gibizer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment