Bug 1069157 - GlusterFS: snapshotting of an in-use volume fails due to policy rules for extension
Summary: GlusterFS: snapshotting of an in-use volume fails due to policy rules for ext...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 4.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 7.0 (Kilo)
Assignee: Deepak C Shetty
QA Contact: Dafna Ron
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-24 11:09 UTC by Giulio Fidente
Modified: 2019-09-09 14:36 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
At present, policy rules for volume extension prevent you from taking snapshots of in-use GlusterFS volumes. To work around this, you will have to manually edit those policy rules. To do so, open the Compute service's policy.json file and change "rule:admin_api" entries to "" for "compute_extension:os-assisted-volume-snapshots:create" and "compute_extension:os-assisted-volume-snapshots:delete". Afterwards, restart the Compute API service.
Clone Of:
Environment:
Last Closed: 2015-08-25 09:49:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1308736 0 None None None Never

Description Giulio Fidente 2014-02-24 11:09:34 UTC 
Description of problem:
when using the gluster backend with fuse, snapshotting an "in-use" volume fails with the following in volume.log

2014-02-23 00:52:40.644 882 ERROR cinder.volume.drivers.glusterfs [req-e794363d-a226-41ee-ba88-8a1c4969995f 538f6959240b4d4db75cb3569868c0bf 482602d8975f47d79ec6a8cb70fe8f62] Call to Nova to create snapshot failed
2014-02-23 00:52:40.644 882 ERROR cinder.volume.drivers.glusterfs [req-e794363d-a226-41ee-ba88-8a1c4969995f 538f6959240b4d4db75cb3569868c0bf 482602d8975f47d79ec6a8cb70fe8f62] Policy doesn't allow compute_extension:os-assisted-volume-snapshots:create to be performed. (HTTP 403) (Request-ID: req-26dd4f46-c961-4227-ac07-de685f9938ed)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs Traceback (most recent call last):
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/cinder/volume/drivers/glusterfs.py", line 408, in _create_snapshot
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     connection_info)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/cinder/compute/nova.py", line 130, in create_volume_snapshot
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     create_info=create_info)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/v1_1/contrib/assisted_volume_snapshots.py", line 41, in create
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     return self._create('/os-assisted-volume-snapshots', body, 'snapshot')
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 145, in _create
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     _resp, body = self.api.client.post(url, body=body)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 232, in post
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     return self._cs_request(url, 'POST', **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 213, in _cs_request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 195, in _time_request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     resp, body = self.request(url, method, **kwargs)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs   File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 189, in request
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs     raise exceptions.from_response(resp, body, url, method)
2014-02-23 00:52:40.644 882 TRACE cinder.volume.drivers.glusterfs Forbidden: Policy doesn't allow compute_extension:os-assisted-volume-snapshots:create to be performed. (HTTP 403) (Request-ID: req-26dd4f46-c961-4227-ac07-de685f9938ed)


Version-Release number of selected component (if applicable):
openstack-cinder-2013.2.2-1.el6ost.noarch


Steps to Reproduce:
1. configure cinder with gluster
2. create a volume and boot an instance from it
3. try to create a volume snapshot
Comment 1 Eric Harney 2014-02-24 12:46:02 UTC 
This is a deployment issue.  Nova must have an admin API endpoint configured.  (Or for testing it is also possible to change Nova's policy.json to not require admin_api for this extension.)
Comment 2 Eric Harney 2014-03-12 12:37:56 UTC 
Giulio: How was this deployed?

The main thing here is to make sure that our documentation and deployment mechanisms deploy a Nova admin API endpoint.
Comment 3 Giulio Fidente 2014-03-12 12:39:47 UTC 
this was installed using packstack
Comment 6 Arthur Berezin 2014-03-12 23:46:07 UTC 
As it sounds like a Packstack/Puppet bug in deploying Cinder with Nova Admin API Endpoint, moving to Packstack.
Comment 7 Martin Magr 2014-03-17 09:00:14 UTC 
Eric, is there somewhere an wiki about admin API deployment? The only thing I was able to find using my google-fu was load of blueprints.

The second question assuming that Nova admin API is a new service is: is this service available in Havana also or is it new for Icehouce?
Comment 8 Giulio Fidente 2014-04-09 10:56:29 UTC 
hi Martin, given this will have to be fixed in foreman, shall we move this to openstack-puppet-modules ?
Comment 9 Eric Harney 2014-04-16 15:20:37 UTC 
(In reply to Martin Magr from comment #7)

Deploying the admin API is actually not a requirement I think -- I'll look into this again from the Cinder side.
Comment 12 Sergey Gotliv 2014-09-11 13:29:20 UTC 
This is not a Z-stream material and/or test blocker.
Note You need to log in before you can comment on or make changes to this bug.