From 8a2048906dcb6517f287618496b77246cf1afd05 Mon Sep 17 00:00:00 2001
From: Paul Bourke <paul.bourke@oracle.com>
Date: Mon, 16 Oct 2017 13:10:03 +0100
Subject: [PATCH] Add a precheck to ensure nscd is not running

The 'name service caching daemon (nscd)' seems to effectively disable
Docker's user namespace when '/run' is bind mounted. This can cause
issues with Kolla containers that use this mount, if the uid the
container runs as exists on the system, they clash and container will
either fail to start, have sudo issues, etc.

Change-Id: I9ac6bdb193f1520d025251d3abfa761700481cc9
Closes-Bug: #1723934
---
 ansible/roles/prechecks/tasks/service_checks.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ansible/roles/prechecks/tasks/service_checks.yml b/ansible/roles/prechecks/tasks/service_checks.yml
index 3a739c595e..331e81342e 100644
--- a/ansible/roles/prechecks/tasks/service_checks.yml
+++ b/ansible/roles/prechecks/tasks/service_checks.yml
@@ -16,3 +16,18 @@
   register: result
   changed_when: false
   failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")
+
+- name: Check if nscd is running
+  command: pgrep nscd
+  ignore_errors: yes
+  failed_when: false
+  changed_when: false
+  register: nscd_status
+
+- name: Fail if nscd is running
+  fail:
+    msg: |
+      Service nscd is running. This is known to cause issues with Docker's user namespaces in
+      Kolla. Please disable it before proceeding.
+  when:
+    - nscd_status.rc == 0