Update docs for client.cinder to support COW snapshots

This is to support copy on write snapshots: ``` Performing standard snapshot because direct snapshot failed: no write permission on storage pool images: nova.exception.Forbidden: no write permission on storage pool images ``` when using ceph for nova ephemeral storage. My preferrence is for a standardised configuration rather than another if you use this feature, do this.
stackhpc · Nov 14, 2024 · eebe32a · eebe32a
1 parent 4026c4e
commit eebe32a
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 3 deletions.
diff --git a/doc/source/configuration/cephadm.rst b/doc/source/configuration/cephadm.rst
@@ -243,7 +243,7 @@ for Cinder, Cinder backup, Glance, and Nova in Kolla Ansible.
      - name: client.cinder
        caps:
          mon: "profile rbd"
-         osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images"
+         osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd pool=images"
          mgr: "profile rbd pool=volumes, profile rbd pool=vms"
      - name: client.cinder-backup
        caps:

diff --git a/etc/kayobe/environments/aufn-ceph/cephadm.yml b/etc/kayobe/environments/aufn-ceph/cephadm.yml
@@ -46,7 +46,7 @@ cephadm_keys:
   - name: client.cinder
     caps:
       mon: "profile rbd"
-      osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images"
+      osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd pool=images"
       mgr: "profile rbd pool=volumes, profile rbd pool=vms"
     state: present
   - name: client.cinder-backup

diff --git a/etc/kayobe/environments/ci-multinode/cephadm.yml b/etc/kayobe/environments/ci-multinode/cephadm.yml
@@ -47,7 +47,7 @@ cephadm_keys:
   - name: client.cinder
     caps:
       mon: "profile rbd"
-      osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images"
+      osd: "profile rbd pool=volumes, profile rbd pool=vms, profile rbd pool=images"
       mgr: "profile rbd pool=volumes, profile rbd pool=vms"
     state: present
   - name: client.cinder-backup

diff --git a/releasenotes/notes/adjust-ceph-permissions-on-images-for-cinder-user-3154b995916ee27e.yaml b/releasenotes/notes/adjust-ceph-permissions-on-images-for-cinder-user-3154b995916ee27e.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    Adjusts the documented permissions for the images pool for the cinder user.
+    This is to support copy on write snaphots of vms using ceph backed
+    ephemeral storage. Existing deployments will need to manually adjust these
+    values using the CLI (the collection is currently not smart enough to do this):
+    ``ceph auth caps client.cinder mon 'profile rbd' osd 'profile rbd
+    pool=volumes, profile rbd pool=vms, profile rbd pool=images' mgr 'profile
+    rbd pool=volumes, profile rbd pool=vms'``.