← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #83889

[Bug 1895696] [NEW] unable to boot instance from encrypted volume created from a glance image of an encrypted volume

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Description
===========
What the title says, plus see "steps to reproduce" below.
This is a regression caused by the fix for https://bugs.launchpad.net/nova/+bug/1852106

Steps to Reproduce
==================
1. Let Image-1 be a "regular" (non-encrypted, bootable) image in Glance (like the cirros image).
2. Create volume V-1 in Cinder from Image-1 specifying encrypted volume-type T-1.
3. Boot an instance from V-1 (make sure delete-on-terminate is false).  Works fine.  Delete the instance to free up the volume.
4. Call cinder upload-to-image on V-1 to create Image-2.
5. Create volume V-2 in Cinder specifying encrypted volume-type T-1 from Image-2.
6. Boot an instance from V-2.

Expected result
===============
Working instance booted from volume.

Actual result
=============
ERROR (BadRequest): Image None is unacceptable: Direct booting of an image uploaded from an encrypted volume is unsupported. (HTTP 400)


Note:
If we bypass the check at https://review.opendev.org/#/c/707738/3/nova/compute/api.py@894, the instance goes 'active' and is operable (you can ssh into it).  (Of course, we don't want to bypass the check, it just needs to be made aware that we are booting from a volume, not trying to boot from an image.)

** Affects: nova
     Importance: Undecided
     Assignee: Brian Rosmaita (brian-rosmaita)
         Status: New


** Tags: volumes

** Changed in: nova
     Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1895696

Title:
  unable to boot instance from encrypted volume created from a glance
  image of an encrypted volume

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========
  What the title says, plus see "steps to reproduce" below.
  This is a regression caused by the fix for https://bugs.launchpad.net/nova/+bug/1852106

  Steps to Reproduce
  ==================
  1. Let Image-1 be a "regular" (non-encrypted, bootable) image in Glance (like the cirros image).
  2. Create volume V-1 in Cinder from Image-1 specifying encrypted volume-type T-1.
  3. Boot an instance from V-1 (make sure delete-on-terminate is false).  Works fine.  Delete the instance to free up the volume.
  4. Call cinder upload-to-image on V-1 to create Image-2.
  5. Create volume V-2 in Cinder specifying encrypted volume-type T-1 from Image-2.
  6. Boot an instance from V-2.

  Expected result
  ===============
  Working instance booted from volume.

  Actual result
  =============
  ERROR (BadRequest): Image None is unacceptable: Direct booting of an image uploaded from an encrypted volume is unsupported. (HTTP 400)

  
  Note:
  If we bypass the check at https://review.opendev.org/#/c/707738/3/nova/compute/api.py@894, the instance goes 'active' and is operable (you can ssh into it).  (Of course, we don't want to bypass the check, it just needs to be made aware that we are booting from a volume, not trying to boot from an image.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1895696/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next