Bug 2050773
| Summary: | [OSP 17] accept transfer policy breaks volume transfer workflow | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Brian Rosmaita <brian.rosmaita> |
| Component: | openstack-cinder | Assignee: | Brian Rosmaita <brian.rosmaita> |
| Status: | CLOSED ERRATA | QA Contact: | Tzach Shefi <tshefi> |
| Severity: | medium | Docs Contact: | Andy Stillman <astillma> |
| Priority: | urgent | ||
| Version: | 17.0 (Wallaby) | CC: | jamsmith, ltoscano, mgeary, rheslop |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-cinder-18.2.1-0.20220705150903.1776695.el9ost | Doc Type: | Bug Fix |
| Doc Text: |
Before this update, if an operator defined a custom value for the `volume:accept_transfer` policy that referred to the project_id of the user making the volume transfer accept request, the request would fail. This update removes a duplicate policy check that incorrectly compared the project_id of the requestor to the project_id associated with the volume before transfer. The check done at the Block Storage API layer will now function as expected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-21 12:18:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1326396 | ||
|
Description
Brian Rosmaita
2022-02-04 15:49:05 UTC
Fix is in openstack-cinder-18.1.1-0.20220128050359.30578a7.el9osttrunk ( https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1867007 ), which has the 'rhos-17.0-rhel-9-trunk-candidate' tag. Verified on:
openstack-cinder-18.2.1-0.20220605050357.9a473fd.el9ost.noarch
Create two projects:
(overcloud) [stack@undercloud-0 ~]$ openstack project list
/usr/lib/python3.9/site-packages/ansible/_vendor/__init__.py:42: UserWarning: One or more Python packages bundled by this ansible-core distribution were already loaded (pyparsing). This may result in undefined behavior.
warnings.warn('One or more Python packages bundled by this ansible-core distribution were already '
+----------------------------------+--------------------------------------+
| ID | Name |
+----------------------------------+--------------------------------------+
| 0f33aca2085a42ddb303830c6b39c665 | tempest-ObjectTempUrlTest-1399483024 |
| 13bb617fb94f400f9c154f15e60fe231 | alt_demo |
| 14dd78157d004ec88949cc893e0d2de2 | service |
| 4675943a151f460b85601116bcfac13d | bar |<
| 5ddbaef8a9674bbdbc3fe3a1335d44f7 | admin |
| 8ea12d6ce1bf4ab3990395fdc4a80fea | tempest-ObjectTempUrlTest-588597606 |
| 953821faff4941deae7fd7891ae572e8 | foo |<
| c7225b33718e42e1bd97715c4368d30b | demo |
| e2683299014b4121aec62a1d7613d1b1 | tempest-ObjectTempUrlTest-812009441 |
+----------------------------------+--------------------------------------+
Create two users one in each project:
(overcloud) [stack@undercloud-0 ~]$ openstack user list
/usr/lib/python3.9/site-packages/ansible/_vendor/__init__.py:42: UserWarning: One or more Python packages bundled by this ansible-core distribution were already loaded (pyparsing). This may result in undefined behavior.
warnings.warn('One or more Python packages bundled by this ansible-core distribution were already '
+----------------------------------+-----------------------------------------------------+
| ID | Name |
+----------------------------------+-----------------------------------------------------+
| 431a13a569294fc1ab73ef879ac44552 | admin |
..
| ea6ea02a9a8748a6b5124f5a9b487bd2 | foouser |
| b10c7ca1b03145af8c762ba7f2846b25 | baruser |
+----------------------------------+-----------------------------------------------------+
WIth foouser, create a volume:
overcloud) [stack@undercloud-0 ~]$ cinder create 1 --name FooVolume
+------------------------------+--------------------------------------+
| Property | Value |
+------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-07-11T10:44:07.000000 |
| description | None |
| encrypted | False |
| id | 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 |
| metadata | {} |
| multiattach | False |
| name | FooVolume |
| os-vol-tenant-attr:tenant_id | 953821faff4941deae7fd7891ae572e8 |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| updated_at | None |
| user_id | ea6ea02a9a8748a6b5124f5a9b487bd2 |
| volume_type | tripleo_default |
+------------------------------+--------------------------------------+
(overcloud) [stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+-----------+------+-----------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-----------+------+-----------------+----------+-------------+
| 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 | available | FooVolume | 1 | tripleo_default | false | |
+--------------------------------------+-----------+-----------+------+-----------------+----------+-------------+
Foouser initiates a volume transfer:
[stack@undercloud-0 ~]$ cinder transfer-create FooVolume --name TransferFooVolume
+------------------------+--------------------------------------+
| Property | Value |
+------------------------+--------------------------------------+
| accepted | False |
| auth_key | cc601f3f0fe7dcf0 |
| created_at | 2022-07-11T10:56:19.509302 |
| destination_project_id | None |
| id | fe0d4de6-08cd-435f-b584-6488d0e0746a |
| name | TransferFooVolume |
| no_snapshots | False |
| source_project_id | 953821faff4941deae7fd7891ae572e8 |
| volume_id | 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 |
+------------------------+--------------------------------------+
[stack@undercloud-0 ~]$ cinder transfer-list
+--------------------------------------+--------------------------------------+-------------------+
| ID | Volume ID | Name |
+--------------------------------------+--------------------------------------+-------------------+
| fe0d4de6-08cd-435f-b584-6488d0e0746a | 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 | TransferFooVolume |
+--------------------------------------+--------------------------------------+-------------------+
Baruser accepts the volume transfer:
(overcloud) [stack@undercloud-0 ~]$ cinder transfer-accept fe0d4de6-08cd-435f-b584-6488d0e0746a cc601f3f0fe7dcf0
+-----------+--------------------------------------+
| Property | Value |
+-----------+--------------------------------------+
| id | fe0d4de6-08cd-435f-b584-6488d0e0746a |
| name | TransferFooVolume |
| volume_id | 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 |
+-----------+--------------------------------------+
Yay volume is transferred:
(overcloud) [stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+------------+------+-----------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+------------+------+-----------------+----------+-------------+
| 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 | available | FooVolume | 1 | tripleo_default | false | |
Lets confirm ownership:
(overcloud) [stack@undercloud-0 ~]$ cinder show 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2
+------------------------------+--------------------------------------+
| Property | Value |
+------------------------------+--------------------------------------+
| attached_servers | [] |
| attachment_ids | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-07-11T10:44:07.000000 |
| description | None |
| encrypted | False |
| id | 3ab1dcfb-a9f9-45e3-8801-f16afc88eeb2 |
| metadata | |
| multiattach | False |
| name | FooVolume |
| os-vol-tenant-attr:tenant_id | 4675943a151f460b85601116bcfac13d |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| updated_at | 2022-07-11T11:06:21.000000 |
| user_id | b10c7ca1b03145af8c762ba7f2846b25 | -> Yep user ID changed from the original foouser to baruser.
| volume_type | tripleo_default |
+------------------------------+--------------------------------------+
Cinder volume transfer works as expected, good to verify.
Suggested revision for the doc text ... change the second sentence from This update removes a duplicate policy check that incorrectly compared the project_id of the requestor to the project_id associated with the volume before transfer has been removed. to This update removes a duplicate policy check that incorrectly compared the project_id of the acceptor to the project_id associated with the volume before transfer. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:6543 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |