Bug 1744112
| Summary: | [OSP13] We don't block retyping of an encrypted volume to multi-attach encrypted volume | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Tzach Shefi <tshefi> |
| Component: | openstack-cinder | Assignee: | Eric Harney <eharney> |
| Status: | CLOSED ERRATA | QA Contact: | Tzach Shefi <tshefi> |
| Severity: | medium | Docs Contact: | Chuck Copello <ccopello> |
| Priority: | medium | ||
| Version: | 13.0 (Queens) | CC: | abishop, acanan, ccopello, eharney, jobernar, marjones, mgarciac |
| Target Milestone: | z11 | Keywords: | Reopened, Triaged, ZStream |
| Target Release: | 13.0 (Queens) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-cinder-12.0.10-2.el7ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1729755 | Environment: | |
| Last Closed: | 2020-03-13 11:09:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1729755 | ||
| Bug Blocks: | |||
|
Description
Tzach Shefi
2019-08-21 11:39:27 UTC
@Jon, assigning to you as you have the OSP-15 version of this bz. Feel free to ask for help getting the fix backported to the earlier release. Tested on:
openstack-cinder-12.0.10-2.el7ost.noarch
Created two backends:
(overcloud) [stack@puma51 ~]$ cinder extra-specs-list
+--------------------------------------+---------+----------------------------------------------------------------------+
| ID | Name | extra_specs |
+--------------------------------------+---------+----------------------------------------------------------------------+
| 5d5caec0-738b-421e-aa6b-5f9df061d3cb | enc_ma | {'volume_backend_name': 'tripleo_iscsi', 'multiattach': '<is> True'} |
| 6b187af5-fc0f-4eb6-8f9f-fea97ede359b | enc | {'volume_backend_name': 'tripleo_iscsi'} |
| ab130a7e-bf02-40b0-b551-c84aee7f40dc | tripleo | {} |
Create an encrypted volume from an image
(overcloud) [stack@puma51 ~]$ cinder create 5 --volume-type enc --name EncVol1
(overcloud) [stack@puma51 ~]$ cinder show EncVol1
+--------------------------------+---------------------------------------+
| Property | Value |
+--------------------------------+---------------------------------------+
| attached_servers | [] |
| attachment_ids | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2020-03-09T09:45:39.000000 |
| description | None |
| encrypted | True |
| id | 42b2ba66-6938-4c2d-a464-a35d534160a3 |
| metadata | |
| migration_status | None |
| multiattach | False |
| name | EncVol1 |
| os-vol-host-attr:host | hostgroup@tripleo_iscsi#tripleo_iscsi |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | c1479695d5cf43b1a854f600226dad39 |
| replication_status | None |
| size | 5 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| updated_at | 2020-03-09T09:45:42.000000 |
| user_id | cb29148baa654f739c78ed4f92cb6e2b |
| volume_type | enc |
+--------------------------------+---------------------------------------+
Now lets try to retype this to enc_ma it should fail
(overcloud) [stack@puma51 ~]$ cinder retype 42b2ba66-6938-4c2d-a464-a35d534160a3 enc_ma --migration-policy on-demand
Retype still happens when it should be blocked
(overcloud) [stack@puma51 ~]$ cinder list
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| 42b2ba66-6938-4c2d-a464-a35d534160a3 | retyping | EncVol1 | 5 | enc | false | |
| d97dce16-d2e1-4a00-b1ee-24c2c8dd2073 | available | EncVol1 | 5 | enc_ma | false | |
(overcloud) [stack@puma51 ~]$ cinder list
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| 42b2ba66-6938-4c2d-a464-a35d534160a3 | available | EncVol1 | 5 | enc_ma | false | |
| d97dce16-d2e1-4a00-b1ee-24c2c8dd2073 | deleting | EncVol1 | 5 | enc_ma | false | |
(overcloud) [stack@puma51 ~]$ cinder list
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-----------+------+-------------+----------+--------------------------------------+
| 42b2ba66-6938-4c2d-a464-a35d534160a3 | available | EncVol1 | 5 | enc_ma | false | |
Failed to verify, vol shouldn't migrate from enc to none supported enc_ma
(overcloud) [stack@puma51 ~]$ cinder show 42b2ba66-6938-4c2d-a464-a35d534160a3
+--------------------------------+---------------------------------------+
| Property | Value |
+--------------------------------+---------------------------------------+
| attached_servers | [] |
| attachment_ids | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2020-03-09T09:45:39.000000 |
| description | None |
| encrypted | True | So volume is encrypted, but look down multipath is false.
| id | 42b2ba66-6938-4c2d-a464-a35d534160a3 |
| metadata | |
| migration_status | success | -> migrated "successfully" when it should have been blocked.
| multiattach | False |
| name | EncVol1 |
| os-vol-host-attr:host | hostgroup@tripleo_iscsi#tripleo_iscsi |
| os-vol-mig-status-attr:migstat | success |
| os-vol-mig-status-attr:name_id | d97dce16-d2e1-4a00-b1ee-24c2c8dd2073 |
| os-vol-tenant-attr:tenant_id | c1479695d5cf43b1a854f600226dad39 |
| replication_status | None |
| size | 5 |
| snapshot_id | None |
| source_volid | None |
| status | available | -> it might very well be but not sure what's inside if still valid data.
| updated_at | 2020-03-09T10:09:57.000000 |
| user_id | cb29148baa654f739c78ed4f92cb6e2b |
| volume_type | enc_ma | -> not good changed from enc to enc_ma which is supported.
+--------------------------------+---------------------------------------+
Just for reference here I wanted to create/show a enc_ma volume just to check that ma = true.
Things got interesting, I was blocked from creating such a volume which is great:
(overcloud) [stack@puma51 ~]$ cinder create 1 --volume-type enc_ma --name enc_maVol1
ERROR: Invalid volume: Multiattach cannot be used with encrypted volumes. (HTTP 400) (Request-ID: req-ee8a1c1c-4a2d-4890-baaf-bf5f4c0cb995)
However again I wasn't blocked from migrating a supported enc volume to this none supported enc_ma.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0764 |