On Thu, 2023-04-13 at 11:41 +0100, wodel youchi wrote:
Thanks for the help,
I modified my glance-api.conf like this but no luck, I got the same problem : Privsep daemon failed to start
[cinder] cinder_store_auth_address = https://dashint.example.com:5000/v3 cinder_store_project_name = service cinder_volume_type = nfstype rootwrap_config = /etc/glance/rootwrap.conf
*cinder_store_user_name = glancecinder_store_password = glance-password* cinder_catalog_info = volumev3:cinderv3:internalURL
*###cinder_store_user_name = cinder###cinder_store_password = cinder-password *
I thought once cinder has the capability to read & write into the backend, glance will just use it to upload the images!!
Another thing, about the credentials, which ones should I use? Glance's or cinder's I thought it should be cinder's !! but in your example @Sean you used {{ glance_keystone_user }} and {{ glance_keystone_password }}
either would work but normally i woudl consider it bad partice for a service to have the username/password for a differnt users account so glance should alwasy use its user to talk to other services when its not using the keystone user token passed in to the api.
Lastly I searched how to launch a privileged container in kolla but I didn't find anything.
i see the issue https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... glace api is only privlaged if you use iscsi for the cinder backend. privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" you are using nfs. you can workaround this in your global.yaml by adding this i think glance_services: glance-api: privileged: true alternitivly you can do it via the inventory file by seting that as a host/group var.
Regards.