-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhos-17.1.11
-
None
-
False
-
-
False
-
?
-
rhos-storage-cinder
-
None
-
-
-
-
Important
To Reproduce Steps to reproduce the behavior:
Exact steps to reproduce are unclear: customer reported that problem manifested itself after RHOSP 17.1 minor update. But it is not 100% clear what happened during minor update and if minor update was the trigger in the first place.
Practically speaking, Glance image creation was blocked completely, in the logs there were the following messages:
2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi [req-e4928b33-17e3-4e1f-b818-ca14b2667439 cf5aa8c58a3e4900b1f93943e986d421 c816f27e6c1446ff9d62f4ac4daa41a9 - default default] Exception connecting to 10.106.20.105:3260: PermissionError: [Errno 13] Permission denied: '/var/lib/cinder/tmp/os-brick-connect_to_iscsi_portal-OMITTED' 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi Traceback (most recent call last): 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/os_brick/initiator/connectors/iscsi.py", line 592, in _connect_vol 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi session, manual_scan = self._connect_to_iscsi_portal(props) 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/os_brick/initiator/connectors/iscsi.py", line 1012, in _connect_to_iscsi_portal 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi return method(connection_properties) 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/os_brick/initiator/connectors/base.py", line 67, in inner 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi with lockutils.lock(name, lock_file_prefix, external, lpath, 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib64/python3.9/contextlib.py", line 119, in __enter__ 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi return next(self.gen) 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/oslo_concurrency/lockutils.py", line 270, in lock 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi ext_lock.acquire(delay=delay) 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/fasteners/process_lock.py", line 151, in acquire 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi self._do_open() 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi File "/usr/lib/python3.9/site-packages/fasteners/process_lock.py", line 123, in _do_open 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi self.lockfile = open(self.path, 'a') 2025-11-14 10:05:50.269 24 ERROR os_brick.initiator.connectors.iscsi PermissionError: [Errno 13] Permission denied: '/var/lib/cinder/tmp/os-brick-connect_to_iscsi_portal-OMITTED'
This problem was coming from existing files sitting in /var/lib/cinder/tmp/ folder: they were owned by root user, so Glance wasn't able to open them in proper mode. I am not sure if this is broken Cinder/Glance integration when they enforce inconsistent ownership, or something that was broken during upgrade.
Since this has potentially wide impact, I am setting Important severity.
Expected behavior
Glance shouldn't be blocked from creating an image by incorrect file permissions
Bug impact
Major: it is not common to have Cinder iSCSI-backed Glance store, but we have some customers using it and they may be affected
Known workaround
We solved it by removing files with inconsistent ownership. I am not sure if it is right workaround, or not.
Additional context
Sosreports and outputs are attached to the case
