[glance] Fix Cinder Store option over HTTPS

When Glance store is configured to use Cinder and the OpenStack APIs are configured with TLS enabled, image creation fails since the stx-openstack plugins are not properly setting the cinder configuration. When Glance->Cinder support was added in [1], code was not prepared to support this TLS scenario properly. This change modifies the plugins, such that when a TLS deployment is happening, glance-api.connf will receive the following updates: * conf.glance.cinder.cinder_ca_certificates_file will point to the proper openstack ca cert path inside the container * conf.glance.cinder.cinder_store_auth_address URL will be updated accordingly, when the system has an endpoint_domain configured for OpenStack services [1] 63e5ff3718 TEST PLAN: [PASS] build stx-openstack packages and tarball Glance -> Cinder -> NetApp iSCSI + FC (AIO Duplex): [PASS] stx-openstack upload [PASS] Glance overrides to set Cinder backend [PASS] Cinder override to set Volume priority to NetAPP iSCSI (primary) + NetApp FC (secondary) [PASS] HTPPS enabling with endpoint_domain configured [PASS] stx-openstack apply [PASS] Create Glance image in NetApp iSCSI (primary) Cinder volume [PASS] Create Cinder iSCSI volume from image and boot Nova VM Closes-Bug: 2148095 Change-Id: I19e148eaa55438c90daf03b1ef5f07220ff79330 Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
2026-04-11 23:02:41 -03:00
parent 054ec8314d
commit 9712aa2677
1 changed files with 16 additions and 0 deletions
--- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py
+++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/glance.py
@@ -14,6 +14,7 @@ from k8sapp_openstack.common import constants as app_constants
 from k8sapp_openstack.helm import openstack
 from k8sapp_openstack.utils import _get_value_from_application
 from k8sapp_openstack.utils import get_available_volume_backends
+from k8sapp_openstack.utils import get_external_service_url
 from k8sapp_openstack.utils import get_image_rook_ceph
 from k8sapp_openstack.utils import get_storage_backends_priority_list
 from k8sapp_openstack.utils import is_ceph_backend_available
@@ -297,6 +298,18 @@ class GlanceHelm(openstack.OpenstackBaseHelm):
            }

        if self._is_openstack_https_ready(self.SERVICE_NAME):
+            # Configure the proper Keystone URL for the certificate in use
+            external_keystone_url = get_external_service_url(self.dbapi, 'keystone', True)
+            if external_keystone_url:
+                keystone_versioned_url = f"{external_keystone_url}/{app_constants.KEYSTONE_CURRENT_VERSION}"
+                conf = self._update_overrides(conf, {
+                    'glance': {
+                        'cinder': {
+                            'cinder_store_auth_address': keystone_versioned_url,
+                        },
+                    },
+                })
+
            conf = self._update_overrides(conf, {
                'glance': {
                    'keystone_authtoken': {
@@ -305,6 +318,9 @@ class GlanceHelm(openstack.OpenstackBaseHelm):
                    'glance_store': {
                        'https_ca_certificates_file': self.get_ca_file(),
                    },
+                    'cinder': {
+                        'cinder_ca_certificates_file': self.get_ca_file(),
+                    },
                },
                'glance_registry': {
                    'keystone_authtoken': {