Glance added the support for interoperable image imports. Image uploads are done using a two-step approach: first uploading it to the Glance API using a local staging area, and then triggering an upload from the staging area to the storage backend.
In the case of an HA setup (ie with 3 controller nodes) this requires a shared consistent filesystem across the controller nodes. Otherwise it might happen that the image is uploaded to one node, and triggering the import is executed on a different node - where the image does not exist.
Therefore we need to disable this by default, thus operators need to enable it explicitly if they have a shared filesystem across the controller nodes (for example using NFS).
We need to do:
1. Set enabled_import_methods = web-download by default in glance-api.conf
2. Make this option changeable in t-h-t
3. Document this
Moving to POST because upstream reviews have been approved on master (although one has not merged due to CI gate issues). Patches have been proposed to stable/queens.
Adding some more detail on the description. We definitely need to get the proper default in because there is another implication of the out of the box settings.
The shared filesystem will only come into picture if customer wants to use a new feature (image import with glance-direct method). It doesn't have any impact with traditional way of creating the image.
In the HA setup, there is default support to use the root disk for staging. So if a customer does use the image import features, there is a clear risk that the root disk will fill and cause issues. The intended approach for OSP-13 is to disable it and customers can opt-in and will see the docs for adding the shared file system for HA configs.
All (3 of 3) patches have been proposed downstream.
One of the upstream patches was incorrect, and an update has been posted.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.