← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1871861] [NEW] Share the snapshot of volume-backed instance to other tenant, but can not build instance with this image.

 

Public bug reported:

Create a snapshot(image) of a volume-backed instance, this will generate
a image in glance. At first, this image is private, I can update this
image's visibility to shared, and execuate glance member-create and
glance member-update on this image to share image to another tenant.
Then another tenant use this image to create a new instance, it will
failed of this message "HTTP exception thrown: Block Device Mapping is
Invalid: failed to get snapshot xxx"

>From the analysis of logs and nova code, it is because nova-api will
call _validate_bdm function to get snapshot from cinder, but in cinder,
the added tenant can not see the volume snapshot, the snapshot is not
belong to the tenant, so cinder-api will return 404 when nova-api call
get_snapshot.

How can I make this process to succeed?


====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property             | Value                                                                            |
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref       |                                                                                  |
| bdm_v2               | True                                                                             |
| block_device_mapping | [{"guest_format": null, "boot_index": 0, "delete_on_termination": false,         |
|                      | "no_device": null, "snapshot_id": "7a1b5060-e58c-4244-bb61-4ccef0295a1f",        |
|                      | "volume_type": null, "device_name": "/dev/sda", "disk_bus": "scsi", "image_id":  |
|                      | null, "source_type": "snapshot", "tag": null, "device_type": "disk",             |
|                      | "volume_id": null, "destination_type": "volume", "volume_size": 50}]             |
| boot_roles           | heat_stack_owner,myrole,swiftuser                                                |
| checksum             | d41d8cd98f00b204e9800998ecf8427e                                                 |
| container_format     | bare                                                                             |
| created_at           | 2019-12-02T06:31:36Z                                                             |
| disk_format          | qcow2                                                                            |
| hw_disk_bus          | scsi                                                                             |
| hw_qemu_guest_agent  | yes                                                                              |
| hw_scsi_model        | virtio-scsi                                                                      |
| hw_video_model       | qxl                                                                              |
| id                   | a13fe7a1-e001-41c8-8119-70d5090cb7b0                                             |
| locations            | [{"url": "rbd://4ffaf12a-099d-4297-a22e-                                         |
|                      | f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata": {}}] |
| min_disk             | 50                                                                               |
| min_ram              | 0                                                                                |
| name                 | fhl-volume                                                                       |
| os_distro            | centos                                                                           |
| os_hash_algo         | sha512                                                                           |
| os_hash_value        | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
|                      | ff8318d2877eec2f63b931bd47417a81a538327af927da3e                                 |
| os_hidden            | False                                                                            |
| os_type              | linux                                                                            |
| owner                | 17bf57ec04994db2b591fda36c368e99                                                 |
| owner_project_name   | myproject                                                                        |
| owner_user_name      | myuser                                                                           |
| protected            | False                                                                            |
| root_device_name     | /dev/sda                                                                         |
| size                 | 0                                                                                |
| status               | active                                                                           |
| tags                 | []                                                                               |
| updated_at           | 2020-04-09T09:40:57Z                                                             |
| virtual_size         | Not available                                                                    |
| visibility           | private                                                                           |
| vm_mode              | hvm                                                                              |
+----------------------+----------------------------------------------------------------------------------+

2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0  07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0  07cb8171cf854517b3678fd5e30b4cda accepted

3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a new
instance.


===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.

cinder-api
"GET /v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f HTTP/1.1" status: 404  len: 445 time: 0.0378442

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1871861

Title:
  Share the snapshot of volume-backed instance to other tenant, but can
  not build instance with this image.

Status in OpenStack Compute (nova):
  New

Bug description:
  Create a snapshot(image) of a volume-backed instance, this will
  generate a image in glance. At first, this image is private, I can
  update this image's visibility to shared, and execuate glance member-
  create and glance member-update on this image to share image to
  another tenant. Then another tenant use this image to create a new
  instance, it will failed of this message "HTTP exception thrown: Block
  Device Mapping is Invalid: failed to get snapshot xxx"

  From the analysis of logs and nova code, it is because nova-api will
  call _validate_bdm function to get snapshot from cinder, but in
  cinder, the added tenant can not see the volume snapshot, the snapshot
  is not belong to the tenant, so cinder-api will return 404 when nova-
  api call get_snapshot.

  How can I make this process to succeed?


  ====steps========
  1. show the snapshot of volume-backed instance
  # glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
  +----------------------+----------------------------------------------------------------------------------+
  | Property             | Value                                                                            |
  +----------------------+----------------------------------------------------------------------------------+
  | base_image_ref       |                                                                                  |
  | bdm_v2               | True                                                                             |
  | block_device_mapping | [{"guest_format": null, "boot_index": 0, "delete_on_termination": false,         |
  |                      | "no_device": null, "snapshot_id": "7a1b5060-e58c-4244-bb61-4ccef0295a1f",        |
  |                      | "volume_type": null, "device_name": "/dev/sda", "disk_bus": "scsi", "image_id":  |
  |                      | null, "source_type": "snapshot", "tag": null, "device_type": "disk",             |
  |                      | "volume_id": null, "destination_type": "volume", "volume_size": 50}]             |
  | boot_roles           | heat_stack_owner,myrole,swiftuser                                                |
  | checksum             | d41d8cd98f00b204e9800998ecf8427e                                                 |
  | container_format     | bare                                                                             |
  | created_at           | 2019-12-02T06:31:36Z                                                             |
  | disk_format          | qcow2                                                                            |
  | hw_disk_bus          | scsi                                                                             |
  | hw_qemu_guest_agent  | yes                                                                              |
  | hw_scsi_model        | virtio-scsi                                                                      |
  | hw_video_model       | qxl                                                                              |
  | id                   | a13fe7a1-e001-41c8-8119-70d5090cb7b0                                             |
  | locations            | [{"url": "rbd://4ffaf12a-099d-4297-a22e-                                         |
  |                      | f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata": {}}] |
  | min_disk             | 50                                                                               |
  | min_ram              | 0                                                                                |
  | name                 | fhl-volume                                                                       |
  | os_distro            | centos                                                                           |
  | os_hash_algo         | sha512                                                                           |
  | os_hash_value        | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
  |                      | ff8318d2877eec2f63b931bd47417a81a538327af927da3e                                 |
  | os_hidden            | False                                                                            |
  | os_type              | linux                                                                            |
  | owner                | 17bf57ec04994db2b591fda36c368e99                                                 |
  | owner_project_name   | myproject                                                                        |
  | owner_user_name      | myuser                                                                           |
  | protected            | False                                                                            |
  | root_device_name     | /dev/sda                                                                         |
  | size                 | 0                                                                                |
  | status               | active                                                                           |
  | tags                 | []                                                                               |
  | updated_at           | 2020-04-09T09:40:57Z                                                             |
  | virtual_size         | Not available                                                                    |
  | visibility           | private                                                                           |
  | vm_mode              | hvm                                                                              |
  +----------------------+----------------------------------------------------------------------------------+

  2. Make the image shared, and add member
  glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
  glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0  07cb8171cf854517b3678fd5e30b4cda
  glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0  07cb8171cf854517b3678fd5e30b4cda accepted

  3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a
  new instance.

  
  ===the instance created logs==========
  nova-api
  HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.

  cinder-api
  "GET /v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f HTTP/1.1" status: 404  len: 445 time: 0.0378442

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1871861/+subscriptions


Follow ups