Bug 2175217 - [16.2] Multiattach volumes should be created by volume type only
Summary: [16.2] Multiattach volumes should be created by volume type only
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 16.2 (Train)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z6
: 16.2 (Train on RHEL 8.4)
Assignee: Rajat Dhasmana
QA Contact: Yosi Ben Shimon
Ian Frangs
URL:
Whiteboard:
Depends On: 2184834 2184844
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-03 15:14 UTC by jhardee
Modified: 2023-11-08 19:19 UTC (History)
7 users (show)

Fixed In Version: openstack-cinder-15.6.1-2.20230906144854.299553a.el8ost
Doc Type: Bug Fix
Doc Text:
Before this update, the Block Storage API supported the creation of a Block Storage multi-attach volume by passing a parameter in the `volume-create` request, even though this method of creating a multi-attach volume was deprecated for removal. This method can lead to data loss when creating a multi-attach volume on a back end that does not support multi-attach volumes. + The `openstack` and `cinder` CLI only supported creating a multi-attach volume by using a multi-attach volume-type. + With this update, the Block Storage API also only supports creating a multi-attach volume by using a multi-attach volume-type. Some Block Storage API requests that used to work will be rejected with a 400 (Bad Request) response code and an error message.
Clone Of:
: 2184834 (view as bug list)
Environment:
Last Closed: 2023-11-08 19:18:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 2008259 0 None None None 2023-03-03 15:49:12 UTC
OpenStack gerrit 874865 0 None NEW Remove multiatttach request parameter 2023-03-13 08:55:58 UTC
Red Hat Issue Tracker OSP-22857 0 None None None 2023-03-03 15:15:19 UTC
Red Hat Product Errata RHBA-2023:6307 0 None None None 2023-11-08 19:19:07 UTC

Internal Links: 2184840 2184844

Description jhardee 2023-03-03 15:14:33 UTC 
Description of problem:
The multiattach functionality is restricted to a multiattach volume type that must be created by an admin. A cinder API bug allows non-admin users to create multiattach volumes without the multiattach volume type which can corrupt their data


Version-Release number of selected component (if applicable):
RHOSP 16.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
User can accidentally corrupt data by creating a multiattach volume without the correct volume type.


Expected results:


Additional info:

https://bugs.launchpad.net/cinder/+bug/2008259

Customer mentioned the community released a patch to fix this. Will  you please include the patch in RHOSP 16.2?

https://review.opendev.org/c/openstack/cinder/+/874865
Comment 1 jhardee 2023-03-06 19:05:22 UTC 
Any informatoin that I can pass along to the customer?
Comment 17 Brian Rosmaita 2023-07-27 18:17:31 UTC 
Set fixed-in version to openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk, which is tagged 'rhos-16.2-rhel-8-trunk-candidate'.
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2614550
Comment 22 Yosi Ben Shimon 2023-10-04 17:00:53 UTC 
Tested on:
Red Hat OpenStack Platform release 16.2.6 (Train)
openstack-cinder-15.6.1-2.20230906144854.299553a.el8ost.noarch

When tried to create a volume with "multiattach" parameter, got error 400 (bad request):

(overcloud) [stack@undercloud-0 ~]$ openstack token issue -f value -c id
gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw

(overcloud) [stack@undercloud-0 ~]$ curl -g -i -X POST http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-cinderclient" -H "X-Auth-Token: gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw" -d '{"volume": {"size": 1, "consistencygroup_id": null, "snapshot_id": null, "name": "test_vol", "description": null, "volume_type": null, "availability_zone": null, "metadata": {}, "imageRef": null, "source_volid": null, "backup_id": null, "multiattach": "True"}}'          
HTTP/1.1 400 Bad Request
Date: Wed, 04 Oct 2023 16:53:19 GMT
Server: Apache
Content-Length: 261
OpenStack-API-Version: volume 3.0
Vary: OpenStack-API-Version
x-compute-request-id: req-ac083a6a-be31-4a4c-93df-be63d3ae9198
x-openstack-request-id: req-ac083a6a-be31-4a4c-93df-be63d3ae9198
Content-Type: application/json

{"badRequest": {"code": 400, "message": "multiattach parameter has been removed. The default behavior is to use multiattach enabled volume types. Contact your administrator to create a multiattach enabled volume type and use it to create multiattach volumes."}}



Tried using a multiattach "volume_type" and the volume was created successfully (with multiattach=true).

(overcloud) [stack@undercloud-0 ~]$ curl -g -i -X POST http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-Token: gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw" -d '{"volume": {"size": 1, "consistencygroup_id": null, "snapshot_id": null, "name": "test_vol", "description": null, "volume_type": "multiattach", "availability_zone": null, "metadata": {}, "imageRef": null, "source_volid": null, "backup_id": null}}'                       
HTTP/1.1 202 Accepted
Date: Wed, 04 Oct 2023 16:53:28 GMT
Server: Apache
Content-Length: 797
x-compute-request-id: req-d1350f1b-822c-44cd-abeb-0e3ed94c0501
OpenStack-API-Version: volume 3.0
Vary: OpenStack-API-Version
x-openstack-request-id: req-d1350f1b-822c-44cd-abeb-0e3ed94c0501
Content-Type: application/json

{"volume": {"id": "abf24b23-0d8e-435c-86ce-47e8da3d4c19", "status": "creating", "size": 1, "availability_zone": "nova", "created_at": "2023-10-04T16:53:28.820644", "updated_at": null, "attachments": [], "name": "test_vol", "description": null, "volume_type": "multiattach", "snapshot_id": null, "source_volid": null, "metadata": {}, "links": [{"rel": "self", "href": "http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes/abf24b23-0d8e-435c-86ce-47e8da3d4c19"}, {"rel": "bookmark", "href": "http://10.0.0.114:8776/dcc48eab28374585a082da0653bfaac0/volumes/abf24b23-0d8e-435c-86ce-47e8da3d4c19"}], "user_id": "c7e68646e35d430abf3d276d46046381", "bootable": "false", "encrypted": false, "replication_status": null, "consistencygroup_id": null, "multiattach": true, "migration_status": null}}


Moving to VERIFIED
Comment 24 Brian Rosmaita 2023-10-10 11:55:19 UTC 
@mariel This is a change in API behavior, so I think it should be documented.  No need for a spike, you can use the text from BZ #2184834.
Comment 33 errata-xmlrpc 2023-11-08 19:18:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6307
Note You need to log in before you can comment on or make changes to this bug.