Allow glance ceph osd cinder,nova pool access
Recently cinder has utilized clone v2 support of Ceph for its RBD backend, since then if you attempt to delete an image from glance that has a dependent volume, all future uses of that image will fail in error state. Despite the fact that image itself is still inside of Ceph/Glance. This issue is reproducible if you are using ceph client version greater than 'luminous' To resolve this issue glance RBD driver now checks whether original image has any dependency before deleting/removing it's snapshot and returns 409 response if it has any dependency. To check this dependency glance osd needs 'read' access to cinder and nova side RBD pool. This change allows glance keyring/osd a read access on cinder and nova side RBD pool. Related-Bug: #1954883 Change-Id: I2e6221e6de23920998bb5f32b2323704b3c89f74
This commit is contained in:
1 changed files with 2 additions and 0 deletions
@@ -697,6 +697,8 @@ function configure_ceph_glance {
get-or-create client.${GLANCE_CEPH_USER} \
mon "allow r" \
osd "allow class-read object_prefix rbd_children, \
allow rx pool=${CINDER_CEPH_POOL}, \
allow rx pool=${NOVA_CEPH_POOL}, \
allow rwx pool=${GLANCE_CEPH_POOL}" | \
sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.