<div dir="ltr"><div>Hi,</div><div><br></div><div>Adding those lines to globals.yml did produce errors, complaining about the enabled line missing<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>glance_services:<br> glance-api:<br> privileged: true</div></blockquote><div><br></div><div>Then I tried this</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>glance_services:<br> glance-api:<br> enabled: true<br> privileged: true</div></blockquote><div><br></div><div>Gave these errors</div><div>fatal: [192.168.2.23]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"}<br>fatal: [192.168.2.27]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"}<br>fatal: [192.168.2.31]: FAILED! => {"msg": "The conditional check 'item.value.host_in_groups | bool' failed. The error was: error while evaluating conditional (item.value.host_in_groups | bool): 'dict object' has no attribute 'host_in_groups'\n\nThe error appears to be in '/home/deployer/kollavenv/yogavenv/share/kolla-ansible/ansible/roles/glance/tasks/config.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Ensuring config directories exist\n ^ here\n"}</div><div><br></div><div><br></div><div>it seems, this configuration is discarding main.yml from
<a href="https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/glance/defaults/main.yml#L10" rel="noreferrer" target="_blank">https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/glance/defaults/main.yml#L10</a> not just replacing the needed variables.<br></div><div><br></div><div>Regards.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le jeu. 13 avr. 2023 à 13:00, Sean Mooney <<a href="mailto:smooney@redhat.com">smooney@redhat.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 2023-04-13 at 11:41 +0100, wodel youchi wrote:<br>
> Thanks for the help,<br>
> <br>
> I modified my glance-api.conf like this but no luck, I got the same problem<br>
> : Privsep daemon failed to start<br>
> <br>
> > [cinder]<br>
> > cinder_store_auth_address = <a href="https://dashint.example.com:5000/v3" rel="noreferrer" target="_blank">https://dashint.example.com:5000/v3</a><br>
> > cinder_store_project_name = service<br>
> > cinder_volume_type = nfstype<br>
> > rootwrap_config = /etc/glance/rootwrap.conf<br>
> > <br>
> > *cinder_store_user_name = glancecinder_store_password = glance-password*<br>
> > cinder_catalog_info = volumev3:cinderv3:internalURL<br>
> > <br>
> <br>
> > *###cinder_store_user_name = cinder###cinder_store_password =<br>
> > cinder-password *<br>
> > <br>
> <br>
> <br>
> I thought once cinder has the capability to read & write into the backend,<br>
> glance will just use it to upload the images!!<br>
> <br>
> Another thing, about the credentials, which ones should I use? Glance's or<br>
> cinder's I thought it should be cinder's !! but in your example @Sean you<br>
> used {{ glance_keystone_user }} and {{ glance_keystone_password }}<br>
<br>
either would work but normally i woudl consider it bad partice for a service to have the username/password for a differnt users account<br>
so glance should alwasy use its user to talk to other services when its not using the keystone user token passed in to the api.<br>
<br>
> <br>
> Lastly I searched how to launch a privileged container in kolla but I<br>
> didn't find anything.<br>
<br>
i see the issue<br>
<a href="https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/glance/defaults/main.yml#L10" rel="noreferrer" target="_blank">https://github.com/openstack/kolla-ansible/blob/stable/yoga/ansible/roles/glance/defaults/main.yml#L10</a><br>
glace api is only privlaged if you use iscsi for the cinder backend.<br>
privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"<br>
you are using nfs.<br>
<br>
you can workaround this in your global.yaml by adding this i think<br>
<br>
glance_services:<br>
glance-api:<br>
privileged: true<br>
<br>
alternitivly you can do it via the inventory file by seting that as a host/group var.<br>
> <br>
> Regards.<br>
<br>
</blockquote></div>