From 8a27b7bdd8d98e03c519aeb32a4628f0cbe82463 Mon Sep 17 00:00:00 2001
From: Abhishek Kekane <akekane@redhat.com>
Date: Fri, 26 Nov 2021 14:28:02 +0000
Subject: [PATCH] Allow glance ceph osd cinder,nova pool access

Recently cinder has utilized clone v2 support of Ceph for its
RBD backend, since then if you attempt to delete an image from
glance that has a dependent volume, all future uses of that
image will fail in error state. Despite the fact that image
itself is still inside of Ceph/Glance. This issue is reproducible
if you are using ceph client version greater than 'luminous'

To resolve this issue glance RBD driver now checks whether original
image has any dependency before deleting/removing it's snapshot and
returns 409 response if it has any dependency. To check this
dependency glance osd needs 'read' access to cinder and nova
side RBD pool.

This change allows glance keyring/osd a read access on cinder and nova
side RBD pool.

Related-Bug: #1954883
Change-Id: I2e6221e6de23920998bb5f32b2323704b3c89f74
---
 devstack/lib/ceph | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/devstack/lib/ceph b/devstack/lib/ceph
index 839f89f..29da6a9 100755
--- a/devstack/lib/ceph
+++ b/devstack/lib/ceph
@@ -697,6 +697,8 @@ function configure_ceph_glance {
             get-or-create client.${GLANCE_CEPH_USER} \
             mon "allow r" \
             osd "allow class-read object_prefix rbd_children, \
+            allow rx pool=${CINDER_CEPH_POOL}, \
+	    allow rx pool=${NOVA_CEPH_POOL}, \
             allow rwx pool=${GLANCE_CEPH_POOL}" | \
             sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring