[kolla-ansible][yoga] Does glance support cinder-nfs as backend?

Rajat Dhasmana rdhasman at redhat.com
Tue May 30 11:19:50 UTC 2023 

Hi,

On Mon, Apr 17, 2023 at 1:59 PM wodel youchi <wodel.youchi at gmail.com> wrote:

> Hi,
>
> The openstak documentation says that glance supports cinder as backend,
> but it does not exclude any backend used by cinder itself.
>
>
Although cinder as a backend for glance is not thoroughly tested against
all backends, it should work for our community drivers like LVM, NFS and
RBD.


> I'm having trouble configuring glance to use a cinder backend which is
> backed by an nfs share.
>
> Is this configuration supported?
>
> First, the rootwrap was missing, after adding it, I faced the lack of
> privileges, which was corrected by starting the glance-api container in
> privileged mode and finally I am facing a non existing filter error.
>
> Glance is trying to mount the nfs share to use it!!! Which I don't
> understand , why mount a share that is already mounted by cinder which
> glance is supposed to use as an intermediary!!!?
>
>
Glance is a different and independent service from cinder and has a
separate user account as well. Certain deployments don't allow access of
one service to the resources available to another service. Cinder, by
default, mounts the share in /var/lib/cinder directory and allowing Glance
the access to this directory is not a great idea for some deployments,
hence, the code we have mounts the share again in /var/lib/glance directory
by default. The glance directory might have different permissions, user
access, SELinux context etc. which needs to be honoured.


> When I push an image I get this error:
>
> Stderr: '/var/lib/kolla/venv/bin/glance-rootwrap: Unauthorized command:
> mount -t nfs 20.1.0.32:/kolla_nfs
> /var/lib/glance/mnt/nfs/f6f6b4ee42b4f3522a75f422887010ad2c47f8624
> f97bf3623b13014f22186b7 (no filter matched)\n'
>
>
Did you add the filters required[1] in your rootwrap.d folder? It allows
mount and umount to work, see L#15-16.

[1]
https://github.com/openstack/glance_store/blob/9bd9cf4fcd8a0aedc98fafb983fc19744e404015/etc/glance/rootwrap.d/glance_cinder_store.filters


> Regards.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230530/5e733a4d/attachment.htm>

More information about the openstack-discuss mailing list