Dear Daniel, I also stumbled upon this recently. This is most likely due to the introduction of the format_inspector module and its privileged calls [1] in recent Cinder releases. This makes backends which previously did not need privileges in cinder-volume now also require them. The individual capabilities required are listed in the code of the privsep module [2]. [1] https://github.com/openstack/cinder/commit/4aa6590a483901de64e0d162fff11f3d2... [2] https://github.com/openstack/cinder/blob/unmaintained/zed/cinder/privsep/__i... Best regards, Markus daniel890723@gmail.com schrieb:
Hello Daniel here i have been testing on this Error in a clean enviroment i found out this Error is actually from Cinder-Volume Pod not Cinder-Scheduler Where the Cinder-Volume pod can't get enough Permission to run oslo_privsep Anyone that trying to run Openstack-helm and encounter this Error when deploy has to give privilige to Cinder-Volume ( No need to give more permission on any other Pod) The Value.yaml Setting shows below: cinder_volume: pod: runAsUser: 42424 container: ceph_keyring_placement: runAsUser: 0 readOnlyRootFilesystem: true ceph_coordination_volume_perms: runAsUser: 0 readOnlyRootFilesystem: true init_cinder_conf: runAsUser: 0 readOnlyRootFilesystem: true cinder_volume: privileged: true # Give cinder_volume priviliged readOnlyRootFilesystem: true
Simply add the privileged: true on cinder_volume and everything should be fine Perhaps Cinder_volume has some wrong setting that cause the permission error?
Daniel Lu
-- Markus Hentsch DevOps Engineer Cloud&Heat Technologies GmbH Königsbrücker Straße 96 | 01099 Dresden +49 351 479 367 00 markus.hentsch@cloudandheat.com | www.cloudandheat.com Green, Open, Efficient. Ihr Cloud-Service- und Cloud-Technologie-Provider aus Dresden. https://www.cloudandheat.com/ Commercial Register: District Court Dresden Register Number: HRB 30549 VAT ID No.: DE281093504 Managing Director: Nicolas Röhrs Authorized signatory: Dr. Marius Feldmann