[Glance] Interoperable image import should be disabled by default on 3 node HA setup

Bug #1765439 reported by Pranali Deore on 2018-04-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Undecided
Alan Bishop

Bug Description

Glance added the support for interoperable image imports. Image uploads are done using a two-step approach: first uploading it to the Glance API using a local staging area, and then triggering an upload from the staging area to the storage backend.

In the case of an HA setup (ie with 3 controller nodes) this requires a shared consistent filesystem across the controller nodes. Otherwise it might happen that the image is uploaded to one node, and triggering the import is executed on a different node - where the image does not exist.

Therefore we need to disable this by default, thus operators need to enable it explicitly if they have a shared filesystem across the controller nodes (for example using NFS).

We need to do:
1. Set enabled_import_methods = web-download by default in glance-api.conf
2. Make this option changeable in t-h-t

Changed in tripleo:
assignee: nobody → Pranali Deore (pranali-deore)

Fix proposed to branch: master
Review: https://review.openstack.org/562930

Changed in tripleo:
status: New → In Progress
description: updated
description: updated

Fix proposed to branch: master
Review: https://review.openstack.org/567667

Changed in tripleo:
assignee: Pranali Deore (pranali-deore) → Alan Bishop (alan-bishop)
Changed in tripleo:
assignee: Alan Bishop (alan-bishop) → Pranali Deore (pranali-deore)
Changed in tripleo:
assignee: Pranali Deore (pranali-deore) → Alan Bishop (alan-bishop)

Reviewed: https://review.openstack.org/567667
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=31475839502059587af67ae05f11414a84f9400e
Submitter: Zuul
Branch: master

commit 31475839502059587af67ae05f11414a84f9400e
Author: Alan Bishop <email address hidden>
Date: Thu May 10 14:08:06 2018 -0400

    Add ability to control Glance's enabled_import_methods

    Add GlanceEnabledImportMethods parameter, and set the default value to
    restrict Glance from using its 'glance-direct' import method. The
    glance-direct method requires a special configuration when deployed in
    an HA environment, and that capability will be added in a later release.

    Closes-Bug: #1765439
    Depends-On: https://review.openstack.org/568366
    Change-Id: I7038601d7505a60df2a1fb7fd8db818efa105341

Changed in tripleo:
status: In Progress → Fix Released

Change abandoned by Pranali Deore (<email address hidden>) on branch: master
Review: https://review.openstack.org/562930
Reason: Abandoning this due to too many patch sets which might be little bit confusing for reviewers.

I'll submit new fresh patch for this.

Reviewed: https://review.openstack.org/567833
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=7a673f6d697ff4741cd71d1ab1210d4ae96a76c7
Submitter: Zuul
Branch: stable/queens

commit 7a673f6d697ff4741cd71d1ab1210d4ae96a76c7
Author: Alan Bishop <email address hidden>
Date: Thu May 10 14:08:06 2018 -0400

    Add ability to control Glance's enabled_import_methods

    Add GlanceEnabledImportMethods parameter, and set the default value to
    restrict Glance from using its 'glance-direct' import method. The
    glance-direct method requires a special configuration when deployed in
    an HA environment, and that capability will be added in a later release.

    Closes-Bug: #1765439
    Depends-On: https://review.openstack.org/568550
    Change-Id: I7038601d7505a60df2a1fb7fd8db818efa105341
    (cherry picked from commit 383836ad33a07a17ebe4cd870c2560b5923d9a61)

tags: added: in-stable-queens

Reviewed: https://review.openstack.org/569970
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=a089310bf3269339ddec36e8ba021b67a18abfd0
Submitter: Zuul
Branch: master

commit a089310bf3269339ddec36e8ba021b67a18abfd0
Author: Pranali Deore <email address hidden>
Date: Tue May 22 17:12:43 2018 +0530

    Add support of shared staging location for glance-direct

    In the case of an HA setup (ie with 3 controller nodes) if image
    import method is 'glance-direct', it would require a shared
    consistent staging location on the controller nodes otherwise it
    might happen that the image is uploaded to one node and triggering
    the import is executed on a different node - where the image does not
    exist.

    Hence when import method 'glance-direct' is needed, operators need to
    enable it explicitly with enabling NFS across the controller nodes
    to share the staging.

    Change-Id: I9a5bff5e5d0c3e109b73d691cc9088904a0401ac
    Closes-Bug: #1765439

Reviewed: https://review.openstack.org/570752
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=41f3cad8f6ca1ae0e0c5a71cc7a9a8a31f478cba
Submitter: Zuul
Branch: stable/queens

commit 41f3cad8f6ca1ae0e0c5a71cc7a9a8a31f478cba
Author: Pranali Deore <email address hidden>
Date: Tue May 22 17:12:43 2018 +0530

    Add support of shared staging location for glance-direct

    In the case of an HA setup (ie with 3 controller nodes) if image
    import method is 'glance-direct', it would require a shared
    consistent staging location on the controller nodes otherwise it
    might happen that the image is uploaded to one node and triggering
    the import is executed on a different node - where the image does not
    exist.

    Hence when import method 'glance-direct' is needed, operators need to
    enable it explicitly with enabling NFS across the controller nodes
    to share the staging.

    Change-Id: I9a5bff5e5d0c3e109b73d691cc9088904a0401ac
    Closes-Bug: #1765439
    (cherry picked from commit a089310bf3269339ddec36e8ba021b67a18abfd0)
    Conflicts:
            puppet/services/glance-api.yaml

This issue was fixed in the openstack/tripleo-heat-templates 8.0.3 release.

This issue was fixed in the openstack/tripleo-heat-templates 9.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers