Hi,
The openstak documentation says that glance supports cinder as backend, but it does not exclude any backend used by cinder itself.
Although cinder as a backend for glance is not thoroughly tested against all backends, it should work for our community drivers like LVM, NFS and RBD.
I'm having trouble configuring glance to use a cinder backend which is backed by an nfs share.
Is this configuration supported?
First, the rootwrap was missing, after adding it, I faced the lack of privileges, which was corrected by starting the glance-api container in privileged mode and finally I am facing a non existing filter error.
Glance is trying to mount the nfs share to use it!!! Which I don't understand , why mount a share that is already mounted by cinder which glance is supposed to use as an intermediary!!!?
Glance is a different and independent service from cinder and has a separate user account as well. Certain deployments don't allow access of one service to the resources available to another service. Cinder, by default, mounts the share in /var/lib/cinder directory and allowing Glance the access to this directory is not a great idea for some deployments, hence, the code we have mounts the share again in /var/lib/glance directory by default. The glance directory might have different permissions, user access, SELinux context etc. which needs to be honoured.
When I push an image I get this error:
Stderr: '/var/lib/kolla/venv/bin/glance-rootwrap: Unauthorized command: mount -t nfs 20.1.0.32:/kolla_nfs /var/lib/glance/mnt/nfs/f6f6b4ee42b4f3522a75f422887010ad2c47f8624
f97bf3623b13014f22186b7 (no filter matched)\n'
Did you add the filters required[1] in your rootwrap.d folder? It allows mount and umount to work, see L#15-16.