That is definitely a fault in the disk image provisioning. The way I have set it up is the build host as a copy of git repositories. They are then git cloned under the image as bare repositories under /srv/git and we clone from there to populate /puppet.

I am suspecting one of the cloning phase ends up doing hardlinks that ends up being broken.

On an instance:

$ find / -inum 6059 2> /dev/null
/puppet/hieradata/eqiad.yaml
/sys/module/libata/parameters/acpi_gtf_filter

The later being owned by root.

The reference image created by dib is ci-jessie-wikimedia. Nodepool boot it up, run a setup script to refresh what was in the image, then snapshot that instance and will use the snapshot to build images.

On contintcloud labs project I have boot the image and the snapshot and search for empty files in /puppet using the very lame find /puppet -type f -empty|wc -l results:

The script is https://phabricator.wikimedia.org/diffusion/CICF/browse/master/nodepool/scripts/setup_node.sh

When building the image, there is a git bare mirror created under /srv/git which is owned by root. To populate /puppet a git clone is made out of the mirror and that creates hardlink. Later the git mirrors in the build phase, the mirrors ownership is changed to be owned by jenkins. When the setup script runs sudo git -C /puppet pull the different ownership might be confusing git.

On labnodepool I have hacked the setup script to count empty files before and after the git -C /puppet pull and the count of empty file matches.

But when booting an instance from the image, the files are gone :-\

I have downloaded a snapshot image and looked at some random files, they are empty:

$ virt-ls --extra-stats -l -R -a ci-jessie-wikimedia-1457097785.qcow2 /puppet/hieradata/hosts
- 0644        292 8:1 6332 1 0:0 8 /puppet/hieradata/hosts/restbase1009.yaml
- 0644          0 8:1 6694 1 0:0 0 /puppet/hieradata/hosts/restbase1010.yaml
- 0644          0 8:1 6718 1 0:0 0 /puppet/hieradata/hosts/restbase1011.yaml
- 0644          0 8:1 6722 1 0:0 0 /puppet/hieradata/hosts/restbase1012.yaml
- 0644          0 8:1 6725 1 0:0 0 /puppet/hieradata/hosts/restbase1013.yaml
- 0644          0 8:1 8634 1 0:0 0 /puppet/hieradata/hosts/restbase1014.yaml
- 0644          0 8:1 8635 1 0:0 0 /puppet/hieradata/hosts/restbase1015.yaml

Change 274954 had a related patch set uploaded (by Hashar):
dib: fully clone /puppet

https://gerrit.wikimedia.org/r/274954

I have rebuild an image with the patch above image-t128846. Will see what happens over the week-end.

Mentioned in SAL [2016-03-04T19:31:51Z] <hashar> Nodepool Image ci-jessie-wikimedia-1457119603 in wmflabs-eqiad is ready - T128846

The snapshot ci-jessie-wikimedia-1457119603 has been made out of the image image-t128846 which has a /puppet cloned without hardlinks. Spawning an instance show the same behavior.

Fast rewind to 20 years ago when I have learned about the sync command to have buffers flushed/written to disk. Deemed as yet another useless UNIX command by the younger me.

The OpenStack documentation at http://docs.openstack.org/openstack-ops/content/snapshots.html quotes OpenStack: Perform Consistent Snapshots. It mentions sync and also recommend fsfreeze.

Image ci-jessie-wikimedia-1457121113 in wmflabs-eqiad is ready

Created with sync called in the setup script.

Change 275037 had a related patch set uploaded (by Hashar):
dib: sync filesystem before snapshotting

https://gerrit.wikimedia.org/r/275037

Image ci-jessie-wikimedia-1457122001 in wmflabs-eqiad is ready

Went back to use a clone with hardlinks but with sync at snapshot time. Seems the resulting instance is happy.

Change 274954 abandoned by Hashar:
dib: fully clone /puppet

Reason:
Unneeded. We really want 'sync'

https://gerrit.wikimedia.org/r/274954

Change 275037 merged by jenkins-bot:
dib: sync filesystem before snapshotting

https://gerrit.wikimedia.org/r/275037

Fingers crossed :) Thanks for the effort, @hashar