From 988c4f23f10b8c844c8a8123187391ab992d1fa7 Mon Sep 17 00:00:00 2001
From: Paul Bourke <paul.bourke@oracle.com>
Date: Mon, 16 Nov 2015 17:53:46 +0000
Subject: [PATCH] Fix issues in Glance filesystem backend

The drop root change for Glance highlighted the fact that we were
binding volumes from glance_data into the wrong container - it was
glance_registry whereas it should be glance_api. This would result in
all images being lost if the glance_api container happens to restart.

Also, we need a sudoers file to chown the file backend dir to the glance
user.

Change-Id: If04337045bb94b3126e48d1f5bf0ea29e20373ae
Closes-Bug: #1516729
---
 ansible/roles/glance/tasks/start.yml     | 4 ++--
 docker/glance/glance-api/extend_start.sh | 1 +
 docker/glance/glance-base/Dockerfile.j2  | 6 +++++-
 docker/glance/glance-base/glance_sudoers | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 docker/glance/glance-base/glance_sudoers

diff --git a/ansible/roles/glance/tasks/start.yml b/ansible/roles/glance/tasks/start.yml
index a28e3f3b14..80be58c2b7 100644
--- a/ansible/roles/glance/tasks/start.yml
+++ b/ansible/roles/glance/tasks/start.yml
@@ -16,8 +16,6 @@
     volumes:
       - "{{ node_config_directory }}/glance-registry/:{{ container_config_directory }}/:ro"
       - "/var/lib/kolla/dev/log:/dev/log"
-    volumes_from:
-      - glance_data
     env:
       KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
   when: inventory_hostname in groups['glance-registry']
@@ -39,6 +37,8 @@
     volumes:
       - "{{ node_config_directory }}/glance-api/:{{ container_config_directory }}/:ro"
       - "/var/lib/kolla/dev/log:/dev/log"
+    volumes_from:
+      - glance_data
     env:
       KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
   when: inventory_hostname in groups['glance-api']
diff --git a/docker/glance/glance-api/extend_start.sh b/docker/glance/glance-api/extend_start.sh
index 6f3cab8307..4b99201c9c 100644
--- a/docker/glance/glance-api/extend_start.sh
+++ b/docker/glance/glance-api/extend_start.sh
@@ -4,5 +4,6 @@
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
     glance-manage db_sync
+    sudo chown -R glance: /var/lib/glance/
     exit 0
 fi
diff --git a/docker/glance/glance-base/Dockerfile.j2 b/docker/glance/glance-base/Dockerfile.j2
index 447c2d5b9f..8f0cadfebb 100644
--- a/docker/glance/glance-base/Dockerfile.j2
+++ b/docker/glance/glance-base/Dockerfile.j2
@@ -44,4 +44,8 @@ RUN ln -s glance-base-source/* glance \
 
 {% endif %}
 
-RUN usermod -a -G kolla glance
+COPY glance_sudoers /etc/sudoers.d/glance_sudoers
+
+RUN usermod -a -G kolla glance \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/glance_sudoers
diff --git a/docker/glance/glance-base/glance_sudoers b/docker/glance/glance-base/glance_sudoers
new file mode 100644
index 0000000000..ffb536abf5
--- /dev/null
+++ b/docker/glance/glance-base/glance_sudoers
@@ -0,0 +1 @@
+%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R glance\: /var/lib/glance/, /bin/chown -R glance\: /var/lib/glance/