yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1863611] Re: Nova allows direct boot of an image created from an encrypted cinder volume

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brian Rosmaita <1863611@xxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Sep 2020 16:10:56 -0000
Reply-to: Bug 1863611 <1863611@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This was fixed in Ussuri by https://review.opendev.org/#/c/707738/

** Changed in: glance
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1863611

Title:
  Nova allows direct boot of an image created from an encrypted cinder
  volume

Status in Glance:
  Fix Released

Bug description:
  Cinder allows encrypted volumes to be uploaded as images to Glance.
  Nova has never supported the direct boot of such images; instead, the
  user is supposed to use the image to create a volume, which can then
  be booted from.

  NOTE: Allowing such an instance to go 'active' allows it to be
  snapshotted, leading to the problem described in Bug #1852106.

  When a user does attempt to boot directly from such an image, the
  instance goes 'active' but is unusable.  The end user will eventually
  figure out what the problem is, but it would be better if the Compute
  API rejected the boot request.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1863611/+subscriptions

References

[Bug 1863611] [NEW] Nova allows direct boot of an image created from an encrypted cinder volume
From: Brian Rosmaita, 2020-02-17