← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1465656] [NEW] Booting encrypted volume with whole image fails

 

Public bug reported:

When booting from an encrypted volume created from a whole image (i.e.
not a three-part image), Nova reports that the instance has booted
successfully. However, simply examining the console or attempting to ssh
into the instance reveals that it failed to boot.

Expected Behavior:
1. We should be able to boot from an encrypted volume containing a whole part image.
2. If booting from this volume fails, Nova should throw an error and alert the end user.

Actual Behavior:
1. Instance does not successfully boot from volume.
2. Nova provides no indication that booting has failed.

How to Reproduce behavior:
1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
2. Add the image to Glance using the CLI:
glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw  --is_public=true --file=cirros-0.3.3-x86_64.raw
3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
Provider =  nova.volume.encryptors.luks.LuksEncryptor
Control Location =  front-end
Cipher =  aes-xts-plain64
Key Size: = 512
4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.).

You should observe that, although there are no errors presented to the
end user, the instance clearly does not boot. Additionally, be way of a
control, you can repeat these steps without creating an encrypted volume
type and observe that the instance boots successfully.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1465656

Title:
  Booting encrypted volume with whole image fails

Status in OpenStack Compute (Nova):
  New

Bug description:
  When booting from an encrypted volume created from a whole image (i.e.
  not a three-part image), Nova reports that the instance has booted
  successfully. However, simply examining the console or attempting to
  ssh into the instance reveals that it failed to boot.

  Expected Behavior:
  1. We should be able to boot from an encrypted volume containing a whole part image.
  2. If booting from this volume fails, Nova should throw an error and alert the end user.

  Actual Behavior:
  1. Instance does not successfully boot from volume.
  2. Nova provides no indication that booting has failed.

  How to Reproduce behavior:
  1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
  2. Add the image to Glance using the CLI:
  glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw  --is_public=true --file=cirros-0.3.3-x86_64.raw
  3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
  Provider =  nova.volume.encryptors.luks.LuksEncryptor
  Control Location =  front-end
  Cipher =  aes-xts-plain64
  Key Size: = 512
  4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
  5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.).

  You should observe that, although there are no errors presented to the
  end user, the instance clearly does not boot. Additionally, be way of
  a control, you can repeat these steps without creating an encrypted
  volume type and observe that the instance boots successfully.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1465656/+subscriptions


Follow ups

References