given it appears to be replacing it directly instead of merging then you need to add the following to global.yaml instead glance_services: glance-api: container_name: glance_api group: glance-api host_in_groups: "{{ inventory_hostname in glance_api_hosts }}" enabled: true image: "{{ glance_api_image_full }}" environment: "{{ glance_api_container_proxy }}" privileged: true volumes: "{{ glance_api_default_volumes + glance_api_extra_volumes }}" dimensions: "{{ glance_api_dimensions }}" healthcheck: "{{ glance_api_healthcheck }}" haproxy: glance_api: enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}" mode: "http" external: false port: "{{ glance_api_port }}" frontend_http_extra: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" custom_member_list: "{{ haproxy_members.split(';') }}" glance_api_external: enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}" mode: "http" external: true port: "{{ glance_api_port }}" frontend_http_extra: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" custom_member_list: "{{ haproxy_members.split(';') }}" basically copy the default with all teh templates and just update privileged to true On Thu, 2023-04-13 at 15:23 +0100, wodel youchi wrote:
Hi,
Adding those lines to globals.yml did produce errors, complaining about the enabled line missing
glance_services: glance-api: privileged: true
Then I tried this
glance_services: glance-api: enabled: true privileged: true
Gave these errors fatal: [192.168.2.23]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"} fatal: [192.168.2.27]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"} fatal: [192.168.2.31]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"}
it seems, this configuration is discarding main.yml from https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... not just replacing the needed variables.
Regards.
Le jeu. 13 avr. 2023 à 13:00, Sean Mooney <smooney@redhat.com> a écrit :
Thanks for the help,
I modified my glance-api.conf like this but no luck, I got the same
On Thu, 2023-04-13 at 11:41 +0100, wodel youchi wrote: problem
: Privsep daemon failed to start
[cinder] cinder_store_auth_address = https://dashint.example.com:5000/v3 cinder_store_project_name = service cinder_volume_type = nfstype rootwrap_config = /etc/glance/rootwrap.conf
*cinder_store_user_name = glancecinder_store_password = glance-password* cinder_catalog_info = volumev3:cinderv3:internalURL
*###cinder_store_user_name = cinder###cinder_store_password = cinder-password *
I thought once cinder has the capability to read & write into the backend, glance will just use it to upload the images!!
Another thing, about the credentials, which ones should I use? Glance's or cinder's I thought it should be cinder's !! but in your example @Sean you used {{ glance_keystone_user }} and {{ glance_keystone_password }}
either would work but normally i woudl consider it bad partice for a service to have the username/password for a differnt users account so glance should alwasy use its user to talk to other services when its not using the keystone user token passed in to the api.
Lastly I searched how to launch a privileged container in kolla but I didn't find anything.
i see the issue
https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... glace api is only privlaged if you use iscsi for the cinder backend. privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" you are using nfs.
you can workaround this in your global.yaml by adding this i think
glance_services: glance-api: privileged: true
alternitivly you can do it via the inventory file by seting that as a host/group var.
Regards.