Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2175217

Summary: [16.2] Multiattach volumes should be created by volume type only
Product: Red Hat OpenStack Reporter: jhardee
Component: openstack-cinderAssignee: Rajat Dhasmana <rdhasman>
Status: CLOSED ERRATA QA Contact: Yosi Ben Shimon <ybenshim>
Severity: medium Docs Contact: Ian Frangs <ifrangs>
Priority: medium    
Version: 16.2 (Train)CC: brian.rosmaita, eharney, ifrangs, jelynch, ltoscano, mariel, rdhasman
Target Milestone: z6Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-15.6.1-2.20230906144854.299553a.el8ost Doc Type: Bug Fix
Doc Text:
Before this update, the Block Storage API supported the creation of a Block Storage multi-attach volume by passing a parameter in the `volume-create` request, even though this method of creating a multi-attach volume was deprecated for removal. This method can lead to data loss when creating a multi-attach volume on a back end that does not support multi-attach volumes. + The `openstack` and `cinder` CLI only supported creating a multi-attach volume by using a multi-attach volume-type. + With this update, the Block Storage API also only supports creating a multi-attach volume by using a multi-attach volume-type. Some Block Storage API requests that used to work will be rejected with a 400 (Bad Request) response code and an error message.
 Story Points: ---
Clone Of:
: 2184834 (view as bug list) Environment:
Last Closed: 2023-11-08 19:18:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2184834, 2184844    
Bug Blocks:    

Description jhardee 2023-03-03 15:14:33 UTC 
Description of problem:
The multiattach functionality is restricted to a multiattach volume type that must be created by an admin. A cinder API bug allows non-admin users to create multiattach volumes without the multiattach volume type which can corrupt their data


Version-Release number of selected component (if applicable):
RHOSP 16.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
User can accidentally corrupt data by creating a multiattach volume without the correct volume type.


Expected results:


Additional info:

https://bugs.launchpad.net/cinder/+bug/2008259

Customer mentioned the community released a patch to fix this. Will  you please include the patch in RHOSP 16.2?

https://review.opendev.org/c/openstack/cinder/+/874865
Comment 1 jhardee 2023-03-06 19:05:22 UTC 
Any informatoin that I can pass along to the customer?
Comment 17 Brian Rosmaita 2023-07-27 18:17:31 UTC 
Set fixed-in version to openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk, which is tagged 'rhos-16.2-rhel-8-trunk-candidate'.
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2614550
Comment 22 Yosi Ben Shimon 2023-10-04 17:00:53 UTC 
Tested on:
Red Hat OpenStack Platform release 16.2.6 (Train)
openstack-cinder-15.6.1-2.20230906144854.299553a.el8ost.noarch

When tried to create a volume with "multiattach" parameter, got error 400 (bad request):

(overcloud) [stack@undercloud-0 ~]$ openstack token issue -f value -c id
gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw

(overcloud) [stack@undercloud-0 ~]$ curl -g -i -X POST http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-cinderclient" -H "X-Auth-Token: gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw" -d '{"volume": {"size": 1, "consistencygroup_id": null, "snapshot_id": null, "name": "test_vol", "description": null, "volume_type": null, "availability_zone": null, "metadata": {}, "imageRef": null, "source_volid": null, "backup_id": null, "multiattach": "True"}}'          
HTTP/1.1 400 Bad Request
Date: Wed, 04 Oct 2023 16:53:19 GMT
Server: Apache
Content-Length: 261
OpenStack-API-Version: volume 3.0
Vary: OpenStack-API-Version
x-compute-request-id: req-ac083a6a-be31-4a4c-93df-be63d3ae9198
x-openstack-request-id: req-ac083a6a-be31-4a4c-93df-be63d3ae9198
Content-Type: application/json

{"badRequest": {"code": 400, "message": "multiattach parameter has been removed. The default behavior is to use multiattach enabled volume types. Contact your administrator to create a multiattach enabled volume type and use it to create multiattach volumes."}}



Tried using a multiattach "volume_type" and the volume was created successfully (with multiattach=true).

(overcloud) [stack@undercloud-0 ~]$ curl -g -i -X POST http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-Token: gAAAAABlHZhwQDAn3Op8cXeNHs6wwndZPgnqmzoeKBCn-ogmK4MxMHzQTZhMpSet4Taqqluj0YsR5c2nqYI9X4UB50w7hYTdMU1Kz2gkwZ9UCuTsaexAKFaOlaBesogKiKpr6w2Tb1NM1JABBHkpbfzNT1MIX2THOX9PLA0uVYXnVgp0p-SE4rw" -d '{"volume": {"size": 1, "consistencygroup_id": null, "snapshot_id": null, "name": "test_vol", "description": null, "volume_type": "multiattach", "availability_zone": null, "metadata": {}, "imageRef": null, "source_volid": null, "backup_id": null}}'                       
HTTP/1.1 202 Accepted
Date: Wed, 04 Oct 2023 16:53:28 GMT
Server: Apache
Content-Length: 797
x-compute-request-id: req-d1350f1b-822c-44cd-abeb-0e3ed94c0501
OpenStack-API-Version: volume 3.0
Vary: OpenStack-API-Version
x-openstack-request-id: req-d1350f1b-822c-44cd-abeb-0e3ed94c0501
Content-Type: application/json

{"volume": {"id": "abf24b23-0d8e-435c-86ce-47e8da3d4c19", "status": "creating", "size": 1, "availability_zone": "nova", "created_at": "2023-10-04T16:53:28.820644", "updated_at": null, "attachments": [], "name": "test_vol", "description": null, "volume_type": "multiattach", "snapshot_id": null, "source_volid": null, "metadata": {}, "links": [{"rel": "self", "href": "http://10.0.0.114:8776/v3/dcc48eab28374585a082da0653bfaac0/volumes/abf24b23-0d8e-435c-86ce-47e8da3d4c19"}, {"rel": "bookmark", "href": "http://10.0.0.114:8776/dcc48eab28374585a082da0653bfaac0/volumes/abf24b23-0d8e-435c-86ce-47e8da3d4c19"}], "user_id": "c7e68646e35d430abf3d276d46046381", "bootable": "false", "encrypted": false, "replication_status": null, "consistencygroup_id": null, "multiattach": true, "migration_status": null}}


Moving to VERIFIED
Comment 24 Brian Rosmaita 2023-10-10 11:55:19 UTC 
@mariel This is a change in API behavior, so I think it should be documented.  No need for a spike, you can use the text from BZ #2184834.
Comment 33 errata-xmlrpc 2023-11-08 19:18:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6307