From fa49b2692de1b38bfdf47e1468296770d5dfff89 Mon Sep 17 00:00:00 2001
From: chenxing <chason.chan@foxmail.com>
Date: Thu, 19 Dec 2019 12:03:54 +0800
Subject: [PATCH] Enable Glance to use Cinder iSCSI backend
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

To use an iSCSI Cinder backend as its store, glance_api must run
privileged and have /dev and /etc/iscsi properly mounted

Co-authored-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I988d3c9d0564483440ae17203ad88a8049abbea4
Closes-Bug: #1855695
---
 ansible/roles/glance/defaults/main.yml                      | 4 ++++
 ansible/roles/glance/handlers/main.yml                      | 1 +
 ansible/roles/glance/tasks/check-containers.yml             | 1 +
 ansible/roles/glance/tasks/rolling_upgrade.yml              | 6 +++---
 .../notes/glance-fix-iscsi-backend-784aca2c2456333c.yaml    | 6 ++++++
 5 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/glance-fix-iscsi-backend-784aca2c2456333c.yaml

diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml
index 2c661535c3..86fe4d3fe0 100644
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@@ -9,6 +9,7 @@ glance_services:
     enabled: true
     image: "{{ glance_api_image_full }}"
     environment: "{{ container_proxy }}"
+    privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"
     volumes: "{{ glance_api_default_volumes + glance_api_extra_volumes }}"
     dimensions: "{{ glance_api_dimensions }}"
     haproxy:
@@ -120,6 +121,9 @@ glance_api_default_volumes:
   - "{{ glance_file_datadir_volume }}:/var/lib/glance/"
   - "{{ kolla_dev_repos_directory ~ '/glance/glance:/var/lib/kolla/venv/lib/python2.7/site-packages/glance' if glance_dev_mode | bool else '' }}"
   - "kolla_logs:/var/log/kolla/"
+  # NOTE(yoctozepto): below to support Cinder iSCSI backends
+  - "{% if enable_cinder | bool and enable_cinder_backend_iscsi | bool %}iscsi_info:/etc/iscsi{% endif %}"
+  - "{% if enable_cinder | bool and enable_cinder_backend_iscsi | bool %}/dev:/dev{% endif %}"
 
 glance_extra_volumes: "{{ default_extra_volumes }}"
 glance_api_extra_volumes: "{{ glance_extra_volumes }}"
diff --git a/ansible/roles/glance/handlers/main.yml b/ansible/roles/glance/handlers/main.yml
index 93218c02d3..e3370f8d9c 100644
--- a/ansible/roles/glance/handlers/main.yml
+++ b/ansible/roles/glance/handlers/main.yml
@@ -9,6 +9,7 @@
     common_options: "{{ docker_common_options }}"
     name: "{{ service.container_name }}"
     image: "{{ service.image }}"
+    privileged: "{{ service.privileged }}"
     environment: "{{ service.environment }}"
     volumes: "{{ service.volumes|reject('equalto', '')|list }}"
     dimensions: "{{ service.dimensions }}"
diff --git a/ansible/roles/glance/tasks/check-containers.yml b/ansible/roles/glance/tasks/check-containers.yml
index 41d76c7602..7739559377 100644
--- a/ansible/roles/glance/tasks/check-containers.yml
+++ b/ansible/roles/glance/tasks/check-containers.yml
@@ -6,6 +6,7 @@
     common_options: "{{ docker_common_options }}"
     name: "{{ item.value.container_name }}"
     image: "{{ item.value.image }}"
+    privileged: "{{ item.value.privileged }}"
     environment: "{{ item.value.environment | default(omit) }}"
     volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
     dimensions: "{{ item.value.dimensions }}"
diff --git a/ansible/roles/glance/tasks/rolling_upgrade.yml b/ansible/roles/glance/tasks/rolling_upgrade.yml
index de4ae4541a..59736f26a8 100644
--- a/ansible/roles/glance/tasks/rolling_upgrade.yml
+++ b/ansible/roles/glance/tasks/rolling_upgrade.yml
@@ -43,7 +43,7 @@
       BOOTSTRAP:
     name: "bootstrap_glance"
     restart_policy: no
-    volumes: "{{ glance_api.volumes }}"
+    volumes: "{{ glance_api.volumes|reject('equalto', '')|list }}"
   run_once: True
   delegate_to: "{{ glance_api_hosts[0] }}"
 
@@ -64,7 +64,7 @@
       BOOTSTRAP:
     name: "bootstrap_glance"
     restart_policy: no
-    volumes: "{{ glance_api.volumes }}"
+    volumes: "{{ glance_api.volumes|reject('equalto', '')|list }}"
   run_once: True
   delegate_to: "{{ glance_api_hosts[0] }}"
   notify:
@@ -94,7 +94,7 @@
       BOOTSTRAP:
     name: "bootstrap_glance"
     restart_policy: no
-    volumes: "{{ glance_api.volumes }}"
+    volumes: "{{ glance_api.volumes|reject('equalto', '')|list }}"
   run_once: True
   delegate_to: "{{ glance_api_hosts[0] }}"
 
diff --git a/releasenotes/notes/glance-fix-iscsi-backend-784aca2c2456333c.yaml b/releasenotes/notes/glance-fix-iscsi-backend-784aca2c2456333c.yaml
new file mode 100644
index 0000000000..2d77dff8bf
--- /dev/null
+++ b/releasenotes/notes/glance-fix-iscsi-backend-784aca2c2456333c.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes glance_api to run as privileged and adds missing mounts so it
+    can use an iscsi cinder backend as its store. `LP#1855695
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1855695>`__