Bug 1069157

Summary: GlusterFS: snapshotting of an in-use volume fails due to policy rules for extension
Product: Red Hat OpenStack Reporter: Giulio Fidente <gfidente>
Component: openstack-cinderAssignee: Deepak C Shetty <deepakcs>
Status: CLOSED UPSTREAM QA Contact: Dafna Ron <dron>
Severity: high Docs Contact:
Priority: medium    
Version: 4.0CC: aortega, bkopilov, ddomingo, derekh, eharney, gfidente, lyarwood, mmagr, nbarcet, ndipanov, sankarshan, scohen, sgotliv, yeylon
Target Milestone: ---   
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
At present, policy rules for volume extension prevent you from taking snapshots of in-use GlusterFS volumes. To work around this, you will have to manually edit those policy rules. To do so, open the Compute service's policy.json file and change "rule:admin_api" entries to "" for "compute_extension:os-assisted-volume-snapshots:create" and "compute_extension:os-assisted-volume-snapshots:delete". Afterwards, restart the Compute API service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-25 09:49:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Giulio Fidente 2014-02-24 11:09:34 UTC 
Description of problem:
when using the gluster backend with fuse, snapshotting an "in-use" volume fails with the following in volume.log

2014-02-23 00:52:40.644 882 ERROR cinder.volume.drivers.glusterfs [req-e794363d-a226-41ee-ba88-8a1c4969995f 538f6959240b4d4db75cb3569868c0bf 482602d8975f47d79ec6a8cb70fe8f62] Call to Nova to create snapshot failed
2014-02-23 00:52:40.644 882 ERROR cinder.volume.drivers.glusterfs [req-e794363d-a226-41ee-ba88-8a1c4969995f 538f6959240b4d4db75cb3569868c0bf 482602d8975f47d79ec6a8cb70fe8f62] Policy doesn't allow compute_extension:os-assisted-volume-snapshots:create to be performed. (HTTP 403) (Request-ID: req-26dd4f46-c961-4227-ac07-de685f9938ed)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs Traceback (most recent call last):
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/cinder/volume/drivers/glusterfs.py", line 408, in _create_snapshot
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     connection_info)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/cinder/compute/nova.py", line 130, in create_volume_snapshot
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     create_info=create_info)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/v1_1/contrib/assisted_volume_snapshots.py", line 41, in create
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     return self._create('/os-assisted-volume-snapshots', body, 'snapshot')
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 145, in _create
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     _resp, body = self.api.client.post(url, body=body)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 232, in post
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     return self._cs_request(url, 'POST', **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 213, in _cs_request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 195, in _time_request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     resp, body = self.request(url, method, **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 189, in request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     raise exceptions.from_response(resp, body, url, method)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs Forbidden: Policy doesn't allow compute_extension:os-assisted-volume-snapshots:create to be performed. (HTTP 403) (Request-ID: req-26dd4f46-c961-4227-ac07-de685f9938ed)


Version-Release number of selected component (if applicable):
openstack-cinder-2013.2.2-1.el6ost.noarch


Steps to Reproduce:
1. configure cinder with gluster
2. create a volume and boot an instance from it
3. try to create a volume snapshot
Comment 1 Eric Harney 2014-02-24 12:46:02 UTC 
This is a deployment issue.  Nova must have an admin API endpoint configured.  (Or for testing it is also possible to change Nova's policy.json to not require admin_api for this extension.)
Comment 2 Eric Harney 2014-03-12 12:37:56 UTC 
Giulio: How was this deployed?

The main thing here is to make sure that our documentation and deployment mechanisms deploy a Nova admin API endpoint.
Comment 3 Giulio Fidente 2014-03-12 12:39:47 UTC 
this was installed using packstack
Comment 6 Arthur Berezin 2014-03-12 23:46:07 UTC 
As it sounds like a Packstack/Puppet bug in deploying Cinder with Nova Admin API Endpoint, moving to Packstack.
Comment 7 Martin Magr 2014-03-17 09:00:14 UTC 
Eric, is there somewhere an wiki about admin API deployment? The only thing I was able to find using my google-fu was load of blueprints.

The second question assuming that Nova admin API is a new service is: is this service available in Havana also or is it new for Icehouce?
Comment 8 Giulio Fidente 2014-04-09 10:56:29 UTC 
hi Martin, given this will have to be fixed in foreman, shall we move this to openstack-puppet-modules ?
Comment 9 Eric Harney 2014-04-16 15:20:37 UTC 
(In reply to Martin Magr from comment #7)

Deploying the admin API is actually not a requirement I think -- I'll look into this again from the Cinder side.
Comment 12 Sergey Gotliv 2014-09-11 13:29:20 UTC 
This is not a Z-stream material and/or test blocker.