yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1775418] Re: Swap volume of multiattached volume will corrupt data

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1775418@xxxxxxxxxxxxxxxxxx>
Date: Thu, 30 May 2019 17:47:40 -0000
Reply-to: Bug 1775418 <1775418@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/572790
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=5a1d159d142997bb4288d4bf86d4e144334905cd
Submitter: Zuul
Branch:    master

commit 5a1d159d142997bb4288d4bf86d4e144334905cd
Author: Matt Riedemann <mriedem.os@xxxxxxxxx>
Date:   Wed Jun 6 10:32:37 2018 -0400

    Block swap volume on volumes with >1 rw attachment
    
    If we're swapping from a multiattach volume that has more than one
    read/write attachment, another server on the secondary attachment could
    be writing to the volume which is not getting copied into the volume to
    which we're swapping, so we could have data loss during the swap.
    
    This change does volume read/write attachment counting for the volume
    we're swapping from and if there is more than one read/write attachment
    on the volume, the swap volume operation fails with a 400 BadRequest
    error.
    
    Depends-On: https://review.openstack.org/573025/
    Closes-Bug: #1775418
    Change-Id: Icd7fcb87a09c35a13e4e14235feb30a289d22778


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1775418

Title:
  Swap volume of multiattached volume will corrupt data

Status in Cinder:
  New
Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) queens series:
  Triaged
Status in OpenStack Compute (nova) rocky series:
  New
Status in OpenStack Compute (nova) stein series:
  New

Bug description:
  We currently permit the following:

  Create multiattach volumes a and b
  Create servers 1 and 2
  Attach volume a to servers 1 and 2
  swap_volume(server 1, volume a, volume b)

  In fact, we have a tempest test which tests exactly this sequence:
  api.compute.admin.test_volume_swap.TestMultiAttachVolumeSwap.test_volume_swap_with_multiattach

  The problem is that writes from server 2 during the copy operation on
  server 1 will continue to hit the underlying storage, but as server 1
  doesn't know about them they won't be reflected on the copy on volume
  b. This will lead to an inconsistent copy, and therefore data
  corruption on volume b.

  Also, this whole flow makes no sense for a multiattached volume
  because even if we managed a consistent copy all we've achieved is
  forking our data between the 2 volumes. The purpose of this call is to
  allow the operator to move volumes. We need a fundamentally different
  approach for multiattached volumes.

  In the short term we should at least prevent data corruption by
  preventing swap volume of a multiattached volume. This would also
  cause the above tempest test to fail, but as I don't believe it's
  possible to implement the test safely this would be correct.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1775418/+subscriptions

References

[Bug 1775418] [NEW] Swap volume of multiattached volume will corrupt data
From: Matthew Booth, 2018-06-06