On Fri, 2023-04-14 at 12:46 +0100, Sean Mooney wrote:
given it appears to be replacing it directly instead of merging then you need to add the following to global.yaml instead
slight correction you will also need to include the glance-tls-proxy section https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... since that is also under glance_services so copy all the highlighted section
glance_services: glance-api: container_name: glance_api group: glance-api host_in_groups: "{{ inventory_hostname in glance_api_hosts }}" enabled: true image: "{{ glance_api_image_full }}" environment: "{{ glance_api_container_proxy }}" privileged: true volumes: "{{ glance_api_default_volumes + glance_api_extra_volumes }}" dimensions: "{{ glance_api_dimensions }}" healthcheck: "{{ glance_api_healthcheck }}" haproxy: glance_api: enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}" mode: "http" external: false port: "{{ glance_api_port }}" frontend_http_extra: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" custom_member_list: "{{ haproxy_members.split(';') }}" glance_api_external: enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}" mode: "http" external: true port: "{{ glance_api_port }}" frontend_http_extra: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" custom_member_list: "{{ haproxy_members.split(';') }}"
basically copy the default with all teh templates and just update privileged to true
On Thu, 2023-04-13 at 15:23 +0100, wodel youchi wrote:
Hi,
Adding those lines to globals.yml did produce errors, complaining about the enabled line missing
glance_services: glance-api: privileged: true
Then I tried this
glance_services: glance-api: enabled: true privileged: true
Gave these errors fatal: [192.168.2.23]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"} fatal: [192.168.2.27]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"} fatal: [192.168.2.31]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"}
it seems, this configuration is discarding main.yml from https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... not just replacing the needed variables.
Regards.
Le jeu. 13 avr. 2023 à 13:00, Sean Mooney <smooney@redhat.com> a écrit :
Thanks for the help,
I modified my glance-api.conf like this but no luck, I got the same
On Thu, 2023-04-13 at 11:41 +0100, wodel youchi wrote: problem
: Privsep daemon failed to start
[cinder] cinder_store_auth_address = https://dashint.example.com:5000/v3 cinder_store_project_name = service cinder_volume_type = nfstype rootwrap_config = /etc/glance/rootwrap.conf
*cinder_store_user_name = glancecinder_store_password = glance-password* cinder_catalog_info = volumev3:cinderv3:internalURL
*###cinder_store_user_name = cinder###cinder_store_password = cinder-password *
I thought once cinder has the capability to read & write into the backend, glance will just use it to upload the images!!
Another thing, about the credentials, which ones should I use? Glance's or cinder's I thought it should be cinder's !! but in your example @Sean you used {{ glance_keystone_user }} and {{ glance_keystone_password }}
either would work but normally i woudl consider it bad partice for a service to have the username/password for a differnt users account so glance should alwasy use its user to talk to other services when its not using the keystone user token passed in to the api.
Lastly I searched how to launch a privileged container in kolla but I didn't find anything.
i see the issue
https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/gl... glace api is only privlaged if you use iscsi for the cinder backend. privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" you are using nfs.
you can workaround this in your global.yaml by adding this i think
glance_services: glance-api: privileged: true
alternitivly you can do it via the inventory file by seting that as a host/group var.
Regards.