diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py index 1bce571f..bfd0b141 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2025 Wind River Systems, Inc. +# Copyright (c) 2019-2026 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -139,6 +139,9 @@ ROOK_CEPH_POOL_CINDER_BACKUP_CHUNK_SIZE = 0 ROOK_CEPH_POOL_GLANCE_CHUNK_SIZE = 0 ROOK_CEPH_POOL_NOVA_RBD_CHUNK_SIZE = 0 +# Keystone version used as the default value when getting service name and type +KEYSTONE_CURRENT_VERSION = 'v3' + # Cinder version used as the default value when getting service name and type CINDER_CURRENT_VERSION = 'v3' @@ -204,6 +207,7 @@ NETAPP_FC_BACKUP_DRIVER = "cinder.backup.drivers.posix.PosixBackupDriver" GLANCE_BACKEND_RBD = 'rbd' GLANCE_BACKEND_PVC = 'pvc' GLANCE_BACKEND_CINDER = 'cinder' +GLANCE_CINDER_CATALOG_INFO = 'volumev3:cinderv3:publicURL' GLANCE_DEFAULT_BACKEND = GLANCE_BACKEND_CINDER GLANCE_IMAGE_STORE_RBD = 'rbd' GLANCE_IMAGE_STORE_FILE = 'file' diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py index 38a43df0..afc75ba3 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2025 Wind River Systems, Inc. +# Copyright (c) 2019-2026 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -115,12 +115,27 @@ class GlanceHelm(openstack.OpenstackBaseHelm): if ceph_backend: replicas_count = self._num_provisioned_controllers() - return { + overrides = { 'replicas': { 'api': replicas_count, - } + }, } + if self._image_store == app_constants.GLANCE_IMAGE_STORE_CINDER: + overrides['security_context'] = { + 'glance': { + 'container': { + 'glance_api': { + 'readOnlyRootFilesystem': False, + 'privileged': True, + 'allowPrivilegeEscalation': True, + }, + }, + }, + } + + return overrides + def _get_endpoints_overrides(self): return { 'image': { @@ -209,6 +224,23 @@ class GlanceHelm(openstack.OpenstackBaseHelm): 'show_multiple_locations': False, 'enabled_backends': f"{self._image_store}:{self._image_store}" }, + 'cinder': { + 'cinder_api_insecure': not self._is_openstack_https_ready(self.SERVICE_NAME), + 'cinder_catalog_info': app_constants.GLANCE_CINDER_CATALOG_INFO, + 'cinder_store_auth_address': self._get_service_public_endpoint( + app_constants.HELM_CHART_KEYSTONE, + path="v3" + ), + 'cinder_store_user_name': self._get_admin_user_name(), + 'cinder_store_password': self._get_identity_password( + app_constants.HELM_CHART_KEYSTONE, + self._get_admin_user_name() + ), + 'cinder_store_project_name': self._get_admin_project_name(), + 'cinder_store_user_domain_name': self._get_admin_user_domain(), + 'cinder_store_project_domain_name': self._get_admin_project_domain(), + 'cinder_volume_type': '__DEFAULT__' + }, 'file': { 'filesystem_store_datadir': constants.GLANCE_IMAGE_PATH, }, diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py index 56d7e8e0..f0b6575e 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2025 Wind River Systems, Inc. +# Copyright (c) 2019-2026 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -555,6 +555,29 @@ class OpenstackBaseHelm(FluxCDBaseHelm): return "{}.{}.svc.{}".format(service, common.HELM_NS_OPENSTACK, constants.DEFAULT_DNS_SERVICE_DOMAIN) + def _get_service_public_endpoint(self, service, path=None): + """ + Return the public endpoint URL for an OpenStack service. + + Args: + service (str): Helm chart name of the service. + path (str, optional): Optional path to append to the endpoint. + + Returns: + str: The service public endpoint URL. + + Example: + _get_service_public_endpoint( + app_constants.HELM_CHART_KEYSTONE, + path="v3" + ) + # http://keystone.openstack.svc.cluster.local/v3 + """ + protocol = self._get_public_protocol() + host = self._get_service_default_dns_name(service) + url = f"{protocol}://{host}" + return f"{url}/{path.lstrip('/')}" if path else url + def _get_mount_uefi_overrides(self): # This path depends on OVMF packages and for starlingx diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/helm/test_glance.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/helm/test_glance.py index 5153aeed..df545973 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/helm/test_glance.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/helm/test_glance.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2020-2025 Wind River Systems, Inc. +# Copyright (c) 2020-2026 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -96,6 +96,7 @@ class GlanceGetOverrideTest(GlanceHelmTestCase, 'glance_store': { 'https_ca_certificates_file': glance.GlanceHelm.get_ca_file(), }, + 'cinder': mock.ANY, 'file': { 'filesystem_store_datadir': mock.ANY, }, diff --git a/upstream/openstack/python-glance/debian/stx-glance.stable_docker_image b/upstream/openstack/python-glance/debian/stx-glance.stable_docker_image index 79629c69..d3cf48a6 100644 --- a/upstream/openstack/python-glance/debian/stx-glance.stable_docker_image +++ b/upstream/openstack/python-glance/debian/stx-glance.stable_docker_image @@ -7,7 +7,9 @@ DIST_REPOS="OS" UPDATE_SYSTEM_ACCOUNT="yes" NON_UNIQUE_SYSTEM_ACCOUNT="yes" PIP_PACKAGES="\ + os-brick \ pycryptodomex \ + python-cinderclient \ python-swiftclient \ psutil "