From 346212ebf0a551278dc0b8722c7525abd3ce3e1a Mon Sep 17 00:00:00 2001
From: Abhishek Kekane <akekane@redhat.com>
Date: Fri, 26 Nov 2021 14:28:02 +0000
Subject: [PATCH] Allow glance ceph osd cinder pool access

Recently cinder has added clone v2 support for its RBD backend, since
then if you attempt to delete an image from glance that has a
dependent volume, all future uses of that image will fail in
error state. Despite the fact that image itself is still inside of
Ceph/Glance. This issue is reproducible if you are using ceph
client version greater than 'luminous'

To resolve this issue glance RBD driver now checks whether original
image has any dependency before deleting/removing it's snapshot and
returns 409 response if it has any dependency. To check this
dependency glance osd needs 'read' access to cinder side RBD pool.

This change allows glance keyring/osd a read access on cinder side
RBD pool.

Related-Bug: #1954883
Change-Id: I2e6221e6de23920998bb5f32b2323704b3c89f74
---
 devstack/lib/ceph | 1 +
 1 file changed, 1 insertion(+)

diff --git a/devstack/lib/ceph b/devstack/lib/ceph
index 57e387e..7b9827a 100755
--- a/devstack/lib/ceph
+++ b/devstack/lib/ceph
@@ -697,6 +697,7 @@ function configure_ceph_glance {
             get-or-create client.${GLANCE_CEPH_USER} \
             mon "allow r" \
             osd "allow class-read object_prefix rbd_children, \
+            allow rx pool=${CINDER_CEPH_POOL}, \
             allow rwx pool=${GLANCE_CEPH_POOL}" | \
             sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring