yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #72792
[Bug 1737513] Re: img_signature_hash_method and img_signature are inherited when creating a snapshot
** Changed in: nova
Importance: Undecided => Medium
** Also affects: nova/pike
Importance: Undecided
Status: New
** Changed in: nova/pike
Assignee: (unassigned) => Brianna Poulos (brianna-poulos)
** Changed in: nova/pike
Importance: Undecided => Medium
** Changed in: nova/pike
Status: New => In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1737513
Title:
img_signature_hash_method and img_signature are inherited when
creating a snapshot
Status in OpenStack Compute (nova):
Fix Released
Status in OpenStack Compute (nova) pike series:
In Progress
Bug description:
Description
===========
If present both img_signature_hash_method and img_signature from the
original image are used when creating a snapshot image in Glance. This
will cause a failure when we update the image with actual content
during the snapshot creation process as this original signature
obviously no longer applies to the snapshot of the instance.
https://github.com/openstack/nova/blob/adedd4064765f688ea6426a952e73bb4469504f2/nova/compute/api.py#L2695-L2718
https://github.com/openstack/nova/blob/adedd4064765f688ea6426a952e73bb4469504f2/nova/virt/libvirt/driver.py#L1765-L1769
Both of these properties should be added to the
non_inheritable_image_properties configurable and a test added to the
the barbican tempest plugin to verify this behaviour.
https://github.com/openstack/nova/blob/1f29d4283aeeaa6d3cc42eaf72fdb9e2ae417caf/nova/conf/compute.py#L56-L72
Steps to reproduce
==================
1. Boot an instance using a signed image:
nova boot --flavor 1 --image <image-id> signed_instance
2. Attempt to create a snapshot of this instance:
nova image-create <instance-uuid> <snapshot-name>
Expected result
===============
Snapshot taken successfully.
Actual result
=============
Snapshot fails.
Environment
===========
1. Exact version of OpenStack you are running. See the following
list for all releases: http://docs.openstack.org/releases/
Master (Queens)
2. Which hypervisor did you use?
(For example: Libvirt + KVM, Libvirt + XEN, Hyper-V, PowerKVM, ...)
What's the version of that?
N/A
2. Which storage type did you use?
(For example: Ceph, LVM, GPFS, ...)
What's the version of that?
N/A
3. Which networking type did you use?
(For example: nova-network, Neutron with OpenVSwitch, ...)
N/A
Logs & Configs
==============
n-cpu log:
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] Traceback (most recent call last):
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 231, in decorated_function
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] *args, **kwargs)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 3261, in snapshot_instance
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] task_states.IMAGE_SNAPSHOT)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 3293, in _snapshot_instance
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] update_task_state)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 1769, in snapshot
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image_file)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/api.py", line 132, in update
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] purge_props=purge_props)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 528, in update
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] _reraise_translated_image_exception(image_id)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 845, in _reraise_translated_image_exception
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] six.reraise(type(new_exc), new_exc, exc_trace)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 526, in update
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image = self._update_v2(context, sent_service_image_meta, data)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 545, in _update_v2
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image = self._upload_data(context, image_id, data)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 430, in _upload_data
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] self._client.call(context, 2, 'upload', image_id, data)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 175, in call
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] result = getattr(controller, method)(*args, **kwargs)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 545, in inner
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return RequestIdProxy(wrapped(*args, **kwargs))
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 232, in upload
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] resp, body = self.http_client.put(url, headers=hdrs, data=body)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 313, in put
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return self.request(url, 'PUT', **kwargs)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 349, in request
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return self._handle_response(resp)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 98, in _handle_response
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] raise exc.from_response(resp, resp.content)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] ImageBadRequest: Request of image 75d1a99d-a19e-42fe-a766-6311fc57f583 got BadRequest response: 400 Bad Request: Signature verification failed for image 75d1a99d-a19e-42fe-a766-6311fc57f583: Signature verification failed (HTTP 400)
Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3]
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1737513/+subscriptions
References
