From 9e5ab9a6c19febbc5d5ecbd45020981bddd9885f Mon Sep 17 00:00:00 2001
From: Mateus Nascimento <mateus.soaresdonascimento@windriver.com>
Date: Wed, 26 Feb 2025 12:41:00 -0300
Subject: [PATCH] Fix creation of bootable volume error in Caracal

Fixes an issue in Caracal where setting a volume's bootable property
fails due to uninitialized oslo_privesp daemon inside cinder-volume
container.
This is a temporary workaround to set cinder-volume as privileged in
cinder static overrides. The details of the fix and associated task are
also in Openstack Storyboard.

Test Plan:
- PASS: Apply stx-openstack with changes.
- PASS: Verify bootable volume creation.

Closes-Bug: 2100010

Reference: https://storyboard.openstack.org/#!/story/2011307

Change-Id: I39cbdcb85ad81a66da7e4331cc1a543cb8416d68
Signed-off-by: Mateus Nascimento <mateus.soaresdonascimento@windriver.com>
(cherry picked from commit b49af69dc15c320c12e2d165b1af3954e9632ac1)
---
 .../manifests/cinder/cinder-static-overrides.yaml            | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/cinder-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/cinder-static-overrides.yaml
index 5c5f9317..80196490 100644
--- a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/cinder-static-overrides.yaml
+++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/cinder-static-overrides.yaml
@@ -67,6 +67,11 @@ pod:
       - key: openstack-compute-node
         operator: Exists
         effect: NoSchedule
+  security_context:
+    cinder_volume:
+      container:
+        cinder_volume:
+          privileged: true
 network:
   api:
     ingress: