Bug 1967606
| Summary: | [OSP 16.2] Unable to boot SEV based instances from blank volume | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Lee Yarwood <lyarwood> |
| Component: | openstack-nova | Assignee: | Alex Stupnikov <astupnik> |
| Status: | CLOSED UPSTREAM | QA Contact: | OSP DFG:Compute <osp-dfg-compute> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | astupnik, dasmith, eglynn, jhakimra, kchamart, sbauza, sgordon, vromanso |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-28 20:32:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This problem is rather cosmetic: memory encryption is only supported for instances with ephemeral root disks created from images. Documentation: https://docs.openstack.org/nova/latest/admin/sev.html Quote: In all cases, SEV instances can only be booted from images which have the hw_firmware_type property set to uefi, and only when the machine type is set to q35. This can be set per image by setting the image property hw_machine_type=q35, or per compute node by the operator via libvirt.hw_machine_type as explained above. As a result, we are talking about flavor/image check not being able to handle cinder volume-based image objects properly, but affected operations itsself should have failed anyway. This is not high-severity problem and looks like ambiguous error message to me. |
Description of problem: More image_meta.name use in hardware.py causing failures when presented with an empty ImageMeta object: $ openstack flavor show m1.sev_med +----------------------------+--------------------------------------+ | Field | Value | +----------------------------+--------------------------------------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | access_project_ids | None | | description | None | | disk | 2 | | extra_specs | {'hw:mem_encryption': 'True'} | | id | 3952db4d-e71a-4669-9bb7-666adaef6c36 | | name | m1.sev_med | | os-flavor-access:is_public | True | | properties | hw:mem_encryption='True' | | ram | 2048 | | rxtx_factor | 1.0 | | swap | 0 | | vcpus | 4 | +----------------------------+--------------------------------------+ $ openstack volume create --bootable --size 1 blank $ openstack server create --volume blank --flavor m1.sev_med --network private test Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible. <class 'NotImplementedError'> (HTTP 500) (Request-ID: req-c6d1a319-b4b0-4d1f-869c-dcbec2fd2554) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi [req-c6d1a319-b4b0-4d1f-869c-dcbec2fd2554 cd40fe796ff84e3a8ba5e473a6d61f05 025f8a0d412642f693782ae20ba415ec - default default] Unexpected exception in API method: NotImplementedError: Cannot load 'name' in the base class 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi Traceback (most recent call last): 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/api/openstack/wsgi.py", line 671, in wrapped 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi return f(*args, **kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/api/validation/__init__.py", line 110, in wrapper 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi return func(*args, **kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/api/validation/__init__.py", line 110, in wrapper 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi return func(*args, **kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/api/validation/__init__.py", line 110, in wrapper 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi return func(*args, **kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi [Previous line repeated 9 more times] 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/api/openstack/compute/servers.py", line 712, in create 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi **create_kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/hooks.py", line 154, in inner 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi rv = f(*args, **kwargs) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 1932, in create 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi requested_hypervisor_hostname=requested_hypervisor_hostname) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 1411, in _create_instance 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi block_device_mapping.root_bdm(), validate_numa=False) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 912, in _checks_for_create_and_rebuild 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi validate_numa=validate_numa) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 577, in _validate_flavor_image 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi root_bdm, validate_numa) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 723, in _validate_flavor_image_nostatus 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi validate_pci=validate_pci) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 747, in _validate_flavor_image_numa_pci 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi API._validate_flavor_image_mem_encryption(instance_type, image_meta) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/compute/api.py", line 778, in _validate_flavor_image_mem_encryption 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi hardware.get_mem_encryption_constraint(instance_type, image) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/virt/hardware.py", line 1273, in get_mem_encryption_constraint 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi _check_mem_encryption_uses_uefi_image(requesters, image_meta) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/nova/virt/hardware.py", line 1310, in _check_mem_encryption_uses_uefi_image 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi 'image_name': image_meta.name} 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/oslo_versionedobjects/base.py", line 67, in getter 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi self.obj_load_attr(name) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi File "/usr/lib/python3.6/site-packages/oslo_versionedobjects/base.py", line 603, in obj_load_attr 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi _("Cannot load '%s' in the base class") % attrname) 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi NotImplementedError: Cannot load 'name' in the base class 2021-06-03 12:29:28.207 12 ERROR nova.api.openstack.wsgi Version-Release number of selected component (if applicable): OSP 16.2 How reproducible: Always. Steps to Reproduce: 1. Attempt to boot a SEV based instance from a blank volume. Actual results: n-api returns 500 after a NotImplementedError is raised. Expected results: This shouldn't technically work as hw_firmware_type=uefi is required in the embedded image metadata of the volume but at the same time we shouldn't return 500. Additional info: