Cinder ignores some glanceclient errors (such as failed checksum validation) when creating volumes from images. https://bugs.launchpad.net/cinder/+bug/1799221
Upstream patch has been submitted by someone else, so we need to track its progress and handle the backports.
This isn't going to be a simple backport from Rocky to Queens upstream. See https://bugs.launchpad.net/cinder/+bug/1799221/comments/12 for more info.
Tip to self for verification steps follow: https://bugzilla.redhat.com/show_bug.cgi?id=1664687#c10
Minor note: there's no 'multihash' (os_hash_algo + os_hash_value) in Queens Glance, so you'll have to just modify the 'checksum' field.
Verified on: openstack-cinder-12.0.4-8.el7ost.noarch Thanks Brian per your tip :) Uploaded image to glance: #glance image-create --disk-format qcow2 --container-format bare --name cirros.bad --file cirros-0.3.5-i386-disk.img I then changed checksum via SQL access Before change: | a43dba56-4732-4ca0-9050-c849cb6252ed | cirros.bad | 40602 | active | 2019-02-28 13:19:52 | 2019-02-28 13:19:53 | NULL | 0 | qcow2 | bare | 0e4128f7bacfd887b8dbf450b46357bc | e7979f642cfa40e8872bdd11ce912505 | 0 | 0 | 0 | NULL | shared | MariaDB [glance]> update images set checksum="0e4128f7bacfd887b8dbf450b4635zzz" where name="cirros.bad"; | a43dba56-4732-4ca0-9050-c849cb6252ed | cirros.bad | 40602 | active | 2019-02-28 13:19:52 | 2019-02-28 13:19:53 | NULL | 0 | qcow2 | bare | 0e4128f7bacfd887b8dbf450b4635zzz | e7979f642cfa40e8872bdd11ce912505 | 0 | 0 | 0 | NULL | shared | Now try to create a volume to said image, should fail #cinder create 1 --image cirros.bad -> | id | c034d180-b04a-4927-8b89-5b605603e41f Cinder list -> c034d180-b04a-4927-8b89-5b605603e41f | error | - | 1 | - | false | | Cinder create fails as expected. logs reports the expected error, so were good to verify -> /var/log/containers/cinder/cinder-volume.log:1313:2019-02-28 13:27:14.599 70 ERROR oslo_messaging.rpc.server ImageDownloadFailed: Failed to download image a43dba56-4732-4ca0-9050-c849cb6252ed, reason: IOError: 32 Corrupt image download. Checksum was 0e4128f7bacfd887b8dbf450b46357bc expected 0e4128f7bacfd887b8dbf450b4635zzz
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0560