Bug 1801282

Summary: Nova allows direct boot of an image created from an encrypted cinder volume
Product: Red Hat OpenStack Reporter: Brian Rosmaita <brian.rosmaita>
Component: openstack-novaAssignee: Lee Yarwood <lyarwood>
Status: CLOSED DUPLICATE QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: medium Docs Contact:
Priority: low    
Version: 16.0 (Train)CC: dasmith, eglynn, jhakimra, kchamart, sbauza, sgordon, vromanso
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-14 11:37:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian Rosmaita 2020-02-10 14:53:56 UTC 
Description of problem:
Cinder allows users to upload encrypted volumes as images.  Nova does not support direct boot of such images; the workflow is that such images should only be used for boot-from-volume.  If a user tries the unsupported path, however, Nova will boot an instance that goes 'active' and is unusable.  It would be better if the instance did not go 'active'.  (Ideally this could be rejected at the API layer as some kind of 4xx.)


Version-Release number of selected component (if applicable):
Observed in 16 (Train), 

How reproducible: always


Steps to Reproduce:
1. in cinder: create an volume V-1 of an encrypted volume type
2. in cinder: upload V-1 as an image to Glance; call this image I-1
3. in nova: boot an instance S-1 from I-1

Actual results:
S-1 goes 'active'

Expected results:
Since this isn't a supported action, S-1 should should not go 'active' (either by never being created, or by going to some other appropriate status).
Comment 1 Lee Yarwood 2020-02-14 11:37:21 UTC 
Lets continue to use bug 1801255 to track this.

*** This bug has been marked as a duplicate of bug 1801255 ***