Allow glance ceph osd cinder,nova pool access

Recently cinder has utilized clone v2 support of Ceph for its RBD backend, since then if you attempt to delete an image from glance that has a dependent volume, all future uses of that image will fail in error state. Despite the fact that image itself is still inside of Ceph/Glance. This issue is reproducible if you are using ceph client version greater than 'luminous' To resolve this issue glance RBD driver now checks whether original image has any dependency before deleting/removing it's snapshot and returns 409 response if it has any dependency. To check this dependency glance osd needs 'read' access to cinder and nova side RBD pool. This change allows glance keyring/osd a read access on cinder and nova side RBD pool. Related-Bug: #1954883 Change-Id: I2e6221e6de23920998bb5f32b2323704b3c89f74
2021-11-26 14:28:02 +00:00 · 2021-11-26 14:28:02 +00:00 · 8a27b7bdd8
parent 4d9f4b2235
commit 8a27b7bdd8
1 changed files with 2 additions and 0 deletions
--- a/devstack/lib/ceph
+++ b/devstack/lib/ceph
@ -697,6 +697,8 @@ function configure_ceph_glance {
            get-or-create client.${GLANCE_CEPH_USER} \
            mon "allow r" \
            osd "allow class-read object_prefix rbd_children, \
+            allow rx pool=${CINDER_CEPH_POOL}, \
+	    allow rx pool=${NOVA_CEPH_POOL}, \
            allow rwx pool=${GLANCE_CEPH_POOL}" | \
            sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring