1943639 – [16.1] Creating an encrypted bootable volume from an unencrypted glance image causes the resulting instance to fail to boot.

Bug 1943639 - [16.1] Creating an encrypted bootable volume from an unencrypted glance image causes the resulting instance to fail to boot.

Summary: [16.1] Creating an encrypted bootable volume from an unencrypted glance image...

Keywords:
Status:	ON_DEV
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z10
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Cinder Bugs List
QA Contact:	Evelina Shames
Docs Contact:	Andy Stillman
URL:
Whiteboard:
Depends On:	1936564
Blocks:	1943598
TreeView+	depends on / blocked

Reported:	2021-03-26 17:31 UTC by Sofia Enriquez
Modified:	2023-07-29 08:27 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1936564
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	783135	0	None	ABANDONED	Fix creating encrypted volume from unencrypt image	2022-10-04 14:31:49 UTC
Red Hat Issue Tracker	OSP-1431	0	None	None	None	2022-01-10 18:26:00 UTC

Description Sofia Enriquez 2021-03-26 17:31:21 UTC

+++ This bug was initially created as a clone of Bug #1936564 +++

Description of problem:

Starting an instance based on the encrypted volume causes the guest
boot process to fail with an error indicating that the guest could
not mount its root filesystem. However, creating and booting a
volume based on the same glance image but using a non-encrypted
volume works without issue. 

In addition, increasing the size of the encrypted volume to greater
than the images size also allows the instance to boot correctly
from an encrypted volume.

Introducing the LUKS header into the encrypted volume that this is 
truncating the image data leaving an incomplete boot image. If that
is indeed the case, then the desired outcome should be an
error/exception indicating that the target volume size is too small
to hold the encrypted image instead of silently failing and leaving
incomplete data.

Version-Release number of selected component (if applicable):

13z16

How reproducible:

- Every time

Steps to Reproduce:

1. Upload unencrypted glance image specifying the image size
2. Create encrypted volume from that image specifying the volume size
equal to the image size
3. Attempt to boot the encrypted volume

Actual results:

Boot fails but Cinder doesn't show errors or warnings.

When creating an encrypted RBD volume from an image, the flow is
something like:

qemu-img create <encrypted file>
qemu-img convert <image> <encrypted file>
rbd import <encrypted file>

but, the create specifies a size based on the volume size, i.e. 1024MB
for a 1GB volume.

Then the convert from raw to LUKS assumes that a 1024MB image being
converted into that file would fit into that encrypted file -- but it
doesn't fit because capacity is lost due to the LUKS headers.  qemu-img
convert here truncates data but doesn't fail when doing so.

rbd import then succeeds and the end of the image/volume is missing when
the volume is attached.

Expected results from the reporter:

Indicate an error condition during volume creation in step 2 if the boot
volume size specified is insufficient to hold the full encrypted image.

Additional info:

I have reproduced the same issue using the latest OSP16.1 and a RHEL image
and it fails to boot too so this is not specific to the customer's non-RHEL
based guest image.

- CEPH RBD configuration with a CEPH 4.X storage cluster.

- Glance image is on CEPH as well.

Note You need to log in before you can comment on or make changes to this bug.