Bug 2175217

Summary: [16.2] Multiattach volumes should be created by volume type only
Product: Red Hat OpenStack Reporter: jhardee
Component: openstack-cinderAssignee: Rajat Dhasmana <rdhasman>
Status: MODIFIED --- QA Contact: Evelina Shames <eshames>
Severity: medium Docs Contact: Andy Stillman <astillma>
Priority: medium    
Version: 16.2 (Train)CC: brian.rosmaita, eharney, ltoscano, rdhasman
Target Milestone: z6Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk Doc Type: Bug Fix
Doc Text:
Cause: In OSP 13, the ability to create a multiattach volume by passing a request parameter in the volume-create request was deprecated for removal as unsafe. The preferred method for creating a multiattach volume is to use a volume-type that enables multiattach. Consequence: Creating a multattach volume on a backend that does not provide proper multiattach support can lead to data loss. Fix: It is no longer possible to create a multiattach volume independently of using a volume-type that allows multiattach. Result: Some Block Storage API requests that were previously acceptable will be rejected with a 400 (Bad Request) response code accompanied by an informative error message.
Story Points: ---
Clone Of:
: 2184834 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2184834, 2184844    
Bug Blocks:    

Description jhardee 2023-03-03 15:14:33 UTC
Description of problem:
The multiattach functionality is restricted to a multiattach volume type that must be created by an admin. A cinder API bug allows non-admin users to create multiattach volumes without the multiattach volume type which can corrupt their data


Version-Release number of selected component (if applicable):
RHOSP 16.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
User can accidentally corrupt data by creating a multiattach volume without the correct volume type.


Expected results:


Additional info:

https://bugs.launchpad.net/cinder/+bug/2008259

Customer mentioned the community released a patch to fix this. Will  you please include the patch in RHOSP 16.2?

https://review.opendev.org/c/openstack/cinder/+/874865

Comment 1 jhardee 2023-03-06 19:05:22 UTC
Any informatoin that I can pass along to the customer?

Comment 17 Brian Rosmaita 2023-07-27 18:17:31 UTC
Set fixed-in version to openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk, which is tagged 'rhos-16.2-rhel-8-trunk-candidate'.
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2614550