OpenStack-Ansible

Glance cinder store missing some configuration

Bug #1833725 reported by Craig McIntyre
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Craig McIntyre

Bug Description

Environment:
Underlay o/s: Ubuntu Bionic 18.04.1
Zadara Storage for Cinder Backend using iSER

$ cat /etc/openstack-release
# Ansible managed

DISTRIB_ID="OSA"
DISTRIB_RELEASE="18.1.5"
DISTRIB_CODENAME="Rocky"
DISTRIB_DESCRIPTION="OpenStack-Ansible"

Issue:

When attempting to configure glance store for cinder to implement volume backed images [0] an error is being generated:

ERROR glance_store._drivers.cinder [req-ef571fe7-30bb-47e1-a38a-4fad58d60db7 3c12181dfb2e4859b77fffc6fcbc004d d0f393aa78fc4100a2279f5b7ef1963a - default default] Failed to write to volume 1a33116f-8285-4073-ad7a-6f9cd5bbcfc2.: FailedToDropPrivileges: privsep helper command exited non-zero (1)

More complete debug log here:

http://paste.openstack.org/show/753258/

Diagnostic steps:

Following discussions in #openstack-cinder and #openstack-glance it was noted that the rootwrap files are missing and need adding [1]

Adding these files progresses a little further but highlights an issue with the glance user not being a sudoer

Jun 06 14:41:25 localhost.localdomain sudo[11743]: pam_unix(sudo:auth): conversation failed
Jun 06 14:41:25 localhost.localdomain sudo[11743]: pam_unix(sudo:auth): auth could not identify password for [glance]
Jun 06 14:41:25 localhost.localdomain sudo[11743]: glance : user NOT in sudoers

After manually creating the glance_sudoers file the process progresses a little further then errors out about olso_rootwrap not being found

"WARNING oslo.privsep.daemon [-] privsep log: ImportError: No module named oslo_rootwrap.cmd"

manually installed oslo_rootwrap 5.14.1 [2] as per release notes [3]

Process progresses further but results in an error connecting to iscsi backend - this is a known issue of iSCSI in containers.

Re-deploying glance on metal with network connectivity to the back end storage allowed the process to complete.

[0] https://docs.openstack.org/cinder/rocky/admin/blockstorage-volume-backed-image.html
[1] https://github.com/openstack/glance_store/tree/stable/rocky/etc/glance
[2] https://pypi.org/project/oslo.rootwrap/5.14.1/
[3] https://releases.openstack.org/rocky/#library-projects

Result:

Some files need creating as part of the os_glance role playbook

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_glance (master)

Fix proposed to branch: master
Review: https://review.opendev.org/667704

Changed in openstack-ansible:
assignee: nobody → Craig McIntyre (ceemac)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_glance (master)

Reviewed: https://review.opendev.org/667704
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_glance/commit/?id=2636d7eaea6a22ccde8510b2de3d52de269a6445
Submitter: Zuul
Branch: master

commit 2636d7eaea6a22ccde8510b2de3d52de269a6445
Author: Craig McIntyre <email address hidden>
Date: Wed Jun 26 19:24:42 2019 +0100

    Add missing pre-reqs for glance cinder store

    There are a number of missing dependencies in the role when using cinder
    store with glance. Specifically rootwrap is required for elevating access
    when using os-brick to connect to cinder iscsi/fc volume back end storage.
    This patch addresses the following:

     - olso.rootwrap is not included in glance_pip_packages

     - files/rootwrap.d/glance_cinder_store.filters is missing

     - glance user is not added to sudoers

    glance_pip_packages updated, missing rootwrap.d and sudoer files now dropped in to
    Their required locations by glance_post_install.yml task

    Change-Id: I55162bc2bf3cbb8858950e4abcf60a3de9929008
    Closes-Bug: #1833725

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance train-eol

This issue was fixed in the openstack/openstack-ansible-os_glance train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance ussuri-eol

This issue was fixed in the openstack/openstack-ansible-os_glance ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance yoga-eom

This issue was fixed in the openstack/openstack-ansible-os_glance yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance victoria-eom

This issue was fixed in the openstack/openstack-ansible-os_glance victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance wallaby-eom

This issue was fixed in the openstack/openstack-ansible-os_glance wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance xena-eom

This issue was fixed in the openstack/openstack-ansible-os_glance xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.