← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1625075] [NEW] Shared & public images no working with multi-tenant swift backend

 

Public bug reported:

Hi,

We are seeing issues when trying to using public and shared images when
Glance is configured to use a multi-tenant Swift backend.

Here's what we see :

1. Create a public image in project cf8fc081a9954cef81befb67b4002ce8 
2. Attempt to create instance from image in project 67e22ed6876d432d9e48f9bd2a20a527
3. The instance creation fails, with the following log line in the Glance API 

Object GET failed:
https://objectstore.domain.corp:443/v1/AUTH_67e22ed6876d432d9e48f9bd2a20a527
/glance_6e84cb8d-7f09-4f78-8363-a6005e0c51d2/6e84cb8d-
7f09-4f78-8363-a6005e0c51d2 404 Not Found

The issue appears to be that the storage url in the swift store driver
is determined from the catalog in the context of the current request
(which is scoped to the project we are creating the instance in) not
project where the image is created.

Looking at the changes introduced here
https://git.openstack.org/cgit/openstack/glance_store/commit/?id=68762058cc5d063f3a846b495af03150e648224f
it seems to us that storage_url can only contain the account
AUTH_[current_context_project_id] and in this case its not clear how a
public or shared image from another project can be retrieved from Swift.

Since this is pretty fundamental for the use case we can only assume we are missing some configuration option. The direct url in Glance is stored as direct_url='swift+config://swift-global/glance_c7396e07-484c-4ef3-b54c-9b6ea0cb367e/c7396e07-484c-4ef3-b54c-9b6ea0cb367e' and 
 since the driver and location seem to have no information on the image other than the image id its not clear how it could make the distinction between public/shared images and private ones or determine the project if of the shared image. 

The only way we can get this to work is first to create an instance on
each hypervisor in the project of the shared image. When we do this
creating instances in a second project work because the image is cached
on the hypervisor - obviously this is not a viable workaround.

Any information on how to get this scenario working would be much
appreciated.

Thanks

Andrew

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1625075

Title:
  Shared & public images no working with multi-tenant swift backend

Status in Glance:
  New

Bug description:
  Hi,

  We are seeing issues when trying to using public and shared images
  when Glance is configured to use a multi-tenant Swift backend.

  Here's what we see :

  1. Create a public image in project cf8fc081a9954cef81befb67b4002ce8 
  2. Attempt to create instance from image in project 67e22ed6876d432d9e48f9bd2a20a527
  3. The instance creation fails, with the following log line in the Glance API 

  Object GET failed:
  https://objectstore.domain.corp:443/v1/AUTH_67e22ed6876d432d9e48f9bd2a20a527
  /glance_6e84cb8d-7f09-4f78-8363-a6005e0c51d2/6e84cb8d-
  7f09-4f78-8363-a6005e0c51d2 404 Not Found

  The issue appears to be that the storage url in the swift store driver
  is determined from the catalog in the context of the current request
  (which is scoped to the project we are creating the instance in) not
  project where the image is created.

  Looking at the changes introduced here
  https://git.openstack.org/cgit/openstack/glance_store/commit/?id=68762058cc5d063f3a846b495af03150e648224f
  it seems to us that storage_url can only contain the account
  AUTH_[current_context_project_id] and in this case its not clear how a
  public or shared image from another project can be retrieved from
  Swift.

  Since this is pretty fundamental for the use case we can only assume we are missing some configuration option. The direct url in Glance is stored as direct_url='swift+config://swift-global/glance_c7396e07-484c-4ef3-b54c-9b6ea0cb367e/c7396e07-484c-4ef3-b54c-9b6ea0cb367e' and 
   since the driver and location seem to have no information on the image other than the image id its not clear how it could make the distinction between public/shared images and private ones or determine the project if of the shared image. 

  The only way we can get this to work is first to create an instance on
  each hypervisor in the project of the shared image. When we do this
  creating instances in a second project work because the image is
  cached on the hypervisor - obviously this is not a viable workaround.

  Any information on how to get this scenario working would be much
  appreciated.

  Thanks

  Andrew

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1625075/+subscriptions


Follow ups