yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #33779
[Bug 1465656] [NEW] Booting encrypted volume with whole image fails
Public bug reported:
When booting from an encrypted volume created from a whole image (i.e.
not a three-part image), Nova reports that the instance has booted
successfully. However, simply examining the console or attempting to ssh
into the instance reveals that it failed to boot.
Expected Behavior:
1. We should be able to boot from an encrypted volume containing a whole part image.
2. If booting from this volume fails, Nova should throw an error and alert the end user.
Actual Behavior:
1. Instance does not successfully boot from volume.
2. Nova provides no indication that booting has failed.
How to Reproduce behavior:
1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
2. Add the image to Glance using the CLI:
glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw --is_public=true --file=cirros-0.3.3-x86_64.raw
3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
Provider = nova.volume.encryptors.luks.LuksEncryptor
Control Location = front-end
Cipher = aes-xts-plain64
Key Size: = 512
4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.).
You should observe that, although there are no errors presented to the
end user, the instance clearly does not boot. Additionally, be way of a
control, you can repeat these steps without creating an encrypted volume
type and observe that the instance boots successfully.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1465656
Title:
Booting encrypted volume with whole image fails
Status in OpenStack Compute (Nova):
New
Bug description:
When booting from an encrypted volume created from a whole image (i.e.
not a three-part image), Nova reports that the instance has booted
successfully. However, simply examining the console or attempting to
ssh into the instance reveals that it failed to boot.
Expected Behavior:
1. We should be able to boot from an encrypted volume containing a whole part image.
2. If booting from this volume fails, Nova should throw an error and alert the end user.
Actual Behavior:
1. Instance does not successfully boot from volume.
2. Nova provides no indication that booting has failed.
How to Reproduce behavior:
1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
2. Add the image to Glance using the CLI:
glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw --is_public=true --file=cirros-0.3.3-x86_64.raw
3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
Provider = nova.volume.encryptors.luks.LuksEncryptor
Control Location = front-end
Cipher = aes-xts-plain64
Key Size: = 512
4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.).
You should observe that, although there are no errors presented to the
end user, the instance clearly does not boot. Additionally, be way of
a control, you can repeat these steps without creating an encrypted
volume type and observe that the instance boots successfully.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1465656/+subscriptions
Follow ups
References