Do not set_acls if store is not associated to glance node

In case of glance multiple stores (mostly for ceph) nova initiates
copy-image functionality if image, from which the sever is being
created, is not present in the referring ceph store. This can fail if
image location which is already present in image but not available for
that glance edge node. This scenario can only be reproducible
with EDGE deployment.

In order to fix this, if the store is defined on that glance node
then only call set_acls method, else ignore it.

Closes-Bug: #2073945
Change-Id: I0409982ae27b662e60dd2363ba2f7863d0722fea
(cherry picked from commit ee7e96f06a)
(cherry picked from commit aec654ff2c)

glance/location.py

@@ -63,8 +63,19 @@ class ImageRepoProxy(glance.domain.proxy.Repo):
             member_ids = [m.member_id for m in member_repo.list()]
         for location in image.locations:
             if CONF.enabled_backends:
+                # NOTE(whoami-rajat): Do not set_acls if store is not defined
+                # on this node. This is possible in case of edge deployment
+                # that image location is present but the actual store is
+                # not related to this node.
+                image_store = location['metadata'].get('store')
+                if image_store not in CONF.enabled_backends:
+                    msg = (_("Store %s is not available on "
+                             "this node, skipping `_set_acls` "
+                             "call.") % image_store)
+                    LOG.debug(msg)
+                    continue
                 self.store_api.set_acls_for_multi_store(
-                    location['url'], location['metadata'].get('store'),
+                    location['url'], image_store,
                     public=public, read_tenants=member_ids,
                     context=self.context
                 )
@@ -655,8 +666,19 @@ class ImageMemberRepoProxy(glance.domain.proxy.Repo):
             member_ids = [m.member_id for m in self.repo.list()]
             for location in self.image.locations:
                 if CONF.enabled_backends:
+                    # NOTE(whoami-rajat): Do not set_acls if store is not
+                    # defined on this node. This is possible in case of edge
+                    # deployment that image location is present but the actual
+                    # store is not related to this node.
+                    image_store = location['metadata'].get('store')
+                    if image_store not in CONF.enabled_backends:
+                        msg = (_("Store %s is not available on "
+                                 "this node, skipping `_set_acls` "
+                                 "call.") % image_store)
+                        LOG.debug(msg)
+                        continue
                     self.store_api.set_acls_for_multi_store(
-                        location['url'], location['metadata'].get('store'),
+                        location['url'], image_store,
                         public=public, read_tenants=member_ids,
                         context=self.context
                     )

releasenotes/notes/fix-set-acls-bc17b5e125425c9b.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    `Bug #2073945 <https://bugs.launchpad.net/glance/+bug/2073945>`_:
+    Fixed issue with VM creation in DCN cases with RBD backend where
+    an edge node doesn't have the store defined which is part of the
+    image locations and the operation fails.