Open Stack

On Thu, 2023-04-13 at 11:41 +0100, wodel youchi wrote:
> Thanks for the help,
> 
> I modified my glance-api.conf like this but no luck, I got the same problem
> : Privsep daemon failed to start
> 
> > [cinder]
> > cinder_store_auth_address = https://dashint.example.com:5000/v3
> > cinder_store_project_name = service
> > cinder_volume_type = nfstype
> > rootwrap_config = /etc/glance/rootwrap.conf
> > 
> > *cinder_store_user_name = glancecinder_store_password = glance-password*
> > cinder_catalog_info = volumev3:cinderv3:internalURL
> > 
> 
> > *###cinder_store_user_name = cinder###cinder_store_password =
> > cinder-password  *
> > 
> 
> 
> I thought once cinder has the capability to read & write into the backend,
> glance will just use it to upload the images!!
> 
> Another thing, about the credentials, which ones should I use? Glance's or
> cinder's I thought it should be cinder's !! but in your example @Sean you
> used {{ glance_keystone_user }} and  {{ glance_keystone_password }}

either would work but normally i woudl consider it bad partice for a service to have the username/password for a differnt users account
so glance should alwasy use its user to talk to other services when its not using the keystone user token passed in to the api.

> 
> Lastly I searched how to launch a privileged container in kolla but I
> didn't find anything.

i see the issue
https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/glance/defaults/main.yml#L10
glace api is only privlaged if you use iscsi for the cinder backend.
privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"
you are using nfs.

you can workaround this in your global.yaml by adding this i think

glance_services:
  glance-api:
   privileged: true

alternitivly you can do it via the inventory file by seting that as a host/group var.
> 
> Regards.