From da292982b179d690778fbaaedbe3f9775261150f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Mon, 3 Oct 2022 16:49:27 +0200 Subject: [PATCH] Stop showing image locations This is generally considered insecure because it may reveal sensitive data [1]. Furthermore, it happens that the default Ceph perms cause fatal ERRORs with this setting: 1) when Glance wants to remove an image, it cannot list children because Cinder or Nova might have created a linked volume clone behind the scenes and it is put in another pool (volumes/vms) which Glance cannot normally access; 2) when Nova wants to create an image, it lacks permissions to write to the images pool. Thus, I propose that Kolla Ansible stops setting this by default and relies on the working defaults. The downside is that this disables optimisations in Cinder and Nova. On the other hand, these optimisations have nasty behaviour of being linked directly to the original image, preventing its removal. [1] https://docs.openstack.org/glance/yoga/configuration/glance_api.html#DEFAULT.show_multiple_locations Change-Id: I63ee9a6eefd8593f2169bba34dbb699f413d7cf8 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/860093 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/860291 Closes-Bug: #1992153 --- .../roles/glance/templates/glance-api.conf.j2 | 4 ---- .../notes/bug-1992153-e1cc20032f1d517f.yaml | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/bug-1992153-e1cc20032f1d517f.yaml diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index 4091567993..7df76e18db 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -17,10 +17,6 @@ workers = {{ glance_api_workers }} enabled_backends = {% for key in glance_store_backends %}{{ key.name }}:{{ key.type }}{% if not loop.last %}, {% endif %}{% endfor %} {% endif %} -{% if glance_backend_ceph | bool %} -show_multiple_locations = True -{% endif %} - {% if glance_enable_property_protection | bool %} property_protection_file = /etc/glance/property-protections-rules.conf {% endif %} diff --git a/releasenotes/notes/bug-1992153-e1cc20032f1d517f.yaml b/releasenotes/notes/bug-1992153-e1cc20032f1d517f.yaml new file mode 100644 index 0000000000..41f757002f --- /dev/null +++ b/releasenotes/notes/bug-1992153-e1cc20032f1d517f.yaml @@ -0,0 +1,17 @@ +--- +upgrade: + - | + Kolla Ansible no longer sets ``show_multiple_locations = True`` by default + when Glance's Ceph RBD backend is enabled. This was applied as a fix but + operators must note that this, in turn, disables the Cinder's and Nova's + optimisations. On the other hand, these optimisations might have been + causing other operators' trouble. Please see the linked bug report. + Operators relying on this feature can set the flag themselves using service + config overrides. + `LP#1992153 `__ +fixes: + - | + Kolla Ansible no longer sets ``show_multiple_locations = True`` by default + when Glance's Ceph RBD backend is enabled. This caused various issues with + the services running with the recommended Ceph permissions. + `LP#1992153 `__