yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #82243
[Bug 1871861] [NEW] Share the snapshot of volume-backed instance to other tenant, but can not build instance with this image.
Public bug reported:
Create a snapshot(image) of a volume-backed instance, this will generate
a image in glance. At first, this image is private, I can update this
image's visibility to shared, and execuate glance member-create and
glance member-update on this image to share image to another tenant.
Then another tenant use this image to create a new instance, it will
failed of this message "HTTP exception thrown: Block Device Mapping is
Invalid: failed to get snapshot xxx"
>From the analysis of logs and nova code, it is because nova-api will
call _validate_bdm function to get snapshot from cinder, but in cinder,
the added tenant can not see the volume snapshot, the snapshot is not
belong to the tenant, so cinder-api will return 404 when nova-api call
get_snapshot.
How can I make this process to succeed?
====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property | Value |
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref | |
| bdm_v2 | True |
| block_device_mapping | [{"guest_format": null, "boot_index": 0, "delete_on_termination": false, |
| | "no_device": null, "snapshot_id": "7a1b5060-e58c-4244-bb61-4ccef0295a1f", |
| | "volume_type": null, "device_name": "/dev/sda", "disk_bus": "scsi", "image_id": |
| | null, "source_type": "snapshot", "tag": null, "device_type": "disk", |
| | "volume_id": null, "destination_type": "volume", "volume_size": 50}] |
| boot_roles | heat_stack_owner,myrole,swiftuser |
| checksum | d41d8cd98f00b204e9800998ecf8427e |
| container_format | bare |
| created_at | 2019-12-02T06:31:36Z |
| disk_format | qcow2 |
| hw_disk_bus | scsi |
| hw_qemu_guest_agent | yes |
| hw_scsi_model | virtio-scsi |
| hw_video_model | qxl |
| id | a13fe7a1-e001-41c8-8119-70d5090cb7b0 |
| locations | [{"url": "rbd://4ffaf12a-099d-4297-a22e- |
| | f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata": {}}] |
| min_disk | 50 |
| min_ram | 0 |
| name | fhl-volume |
| os_distro | centos |
| os_hash_algo | sha512 |
| os_hash_value | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| os_hidden | False |
| os_type | linux |
| owner | 17bf57ec04994db2b591fda36c368e99 |
| owner_project_name | myproject |
| owner_user_name | myuser |
| protected | False |
| root_device_name | /dev/sda |
| size | 0 |
| status | active |
| tags | [] |
| updated_at | 2020-04-09T09:40:57Z |
| virtual_size | Not available |
| visibility | private |
| vm_mode | hvm |
+----------------------+----------------------------------------------------------------------------------+
2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda accepted
3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a new
instance.
===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.
cinder-api
"GET /v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f HTTP/1.1" status: 404 len: 445 time: 0.0378442
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1871861
Title:
Share the snapshot of volume-backed instance to other tenant, but can
not build instance with this image.
Status in OpenStack Compute (nova):
New
Bug description:
Create a snapshot(image) of a volume-backed instance, this will
generate a image in glance. At first, this image is private, I can
update this image's visibility to shared, and execuate glance member-
create and glance member-update on this image to share image to
another tenant. Then another tenant use this image to create a new
instance, it will failed of this message "HTTP exception thrown: Block
Device Mapping is Invalid: failed to get snapshot xxx"
From the analysis of logs and nova code, it is because nova-api will
call _validate_bdm function to get snapshot from cinder, but in
cinder, the added tenant can not see the volume snapshot, the snapshot
is not belong to the tenant, so cinder-api will return 404 when nova-
api call get_snapshot.
How can I make this process to succeed?
====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property | Value |
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref | |
| bdm_v2 | True |
| block_device_mapping | [{"guest_format": null, "boot_index": 0, "delete_on_termination": false, |
| | "no_device": null, "snapshot_id": "7a1b5060-e58c-4244-bb61-4ccef0295a1f", |
| | "volume_type": null, "device_name": "/dev/sda", "disk_bus": "scsi", "image_id": |
| | null, "source_type": "snapshot", "tag": null, "device_type": "disk", |
| | "volume_id": null, "destination_type": "volume", "volume_size": 50}] |
| boot_roles | heat_stack_owner,myrole,swiftuser |
| checksum | d41d8cd98f00b204e9800998ecf8427e |
| container_format | bare |
| created_at | 2019-12-02T06:31:36Z |
| disk_format | qcow2 |
| hw_disk_bus | scsi |
| hw_qemu_guest_agent | yes |
| hw_scsi_model | virtio-scsi |
| hw_video_model | qxl |
| id | a13fe7a1-e001-41c8-8119-70d5090cb7b0 |
| locations | [{"url": "rbd://4ffaf12a-099d-4297-a22e- |
| | f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata": {}}] |
| min_disk | 50 |
| min_ram | 0 |
| name | fhl-volume |
| os_distro | centos |
| os_hash_algo | sha512 |
| os_hash_value | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| os_hidden | False |
| os_type | linux |
| owner | 17bf57ec04994db2b591fda36c368e99 |
| owner_project_name | myproject |
| owner_user_name | myuser |
| protected | False |
| root_device_name | /dev/sda |
| size | 0 |
| status | active |
| tags | [] |
| updated_at | 2020-04-09T09:40:57Z |
| virtual_size | Not available |
| visibility | private |
| vm_mode | hvm |
+----------------------+----------------------------------------------------------------------------------+
2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda accepted
3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a
new instance.
===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.
cinder-api
"GET /v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f HTTP/1.1" status: 404 len: 445 time: 0.0378442
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1871861/+subscriptions
Follow ups