** Changed in: nova
Assignee: Takashi NATSUME (natsume-takashi) => Matt Riedemann (mriedem)
** Changed in: nova
Importance: Undecided => High
** Changed in: nova
Status: Incomplete => In Progress
** Changed in: nova
Importance: High => Medium
** Changed in: cinder
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1522705
Title:
Cinder volumes are stuck when non admin user executes nova swap volume
API
Status in Cinder:
Invalid
Status in OpenStack Compute (nova):
In Progress
Bug description:
Cinder volumes are stuck in attaching/detaching state when non admin user
executes nova swap volume API.
Because cinder 'migrate_volume_completion' API can be executed by admin only
in default settings of cinder policy.json.
So the default settings of cinder policy.json should be fixed.
[How to reproduce]
stack@devstack-master:/opt/devstack$ env | grep OS
(snipped...)
OS_USERNAME=demo
OS_TENANT_NAME=demo
(snipped...)
stack@devstack-master:/opt/devstack$ nova list
+--------------------------------------+---------+--------+------------+-------------+---------------------------------------------------------+
| ID | Name | Status | Task State |
Power State | Networks |
+--------------------------------------+---------+--------+------------+-------------+---------------------------------------------------------+
| 5a4102cd-9e36-480c-a148-d2a127ff704e | server1 | ACTIVE | - |
Running | private=10.0.10.3, fd61:9f1e:73ec:0:f816:3eff:fe34:8b61 |
+--------------------------------------+---------+--------+------------+-------------+---------------------------------------------------------+
stack@devstack-master:/opt/devstack$ cinder list
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
| ID | Status | Name | Size | Volume
Type | Bootable | Multiattach | Attached to |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
| 1c768de0-949f-485f-b914-c430752e2984 | available | TEST2 | 1 |
lvmdriver-1 | false | False | |
| 999a256e-aadf-41b6-88f3-1412e3462cbe | in-use | TEST1 | 1 |
lvmdriver-1 | false | False | 5a4102cd-9e36-480c-a148-d2a127ff704e |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
stack@devstack-master:/opt/devstack$ nova volume-update server1
999a256e-aadf-41b6-88f3-1412e3462cbe 1c768de0-949f-485f-b914-c430752e2984
stack@devstack-master:/opt/devstack$ cinder list
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
| ID | Status | Name | Size | Volume
Type | Bootable | Multiattach | Attached to |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
| 1c768de0-949f-485f-b914-c430752e2984 | attaching | TEST2 | 1 |
lvmdriver-1 | false | False | |
| 999a256e-aadf-41b6-88f3-1412e3462cbe | detaching | TEST1 | 1 |
lvmdriver-1 | false | False | 5a4102cd-9e36-480c-a148-d2a127ff704e |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+--------------------------------------+
[cinder-api.log]
2015-12-04 15:41:51.986 INFO cinder.api.openstack.wsgi
[req-44d81e36-299f-4e14-9419-996a2239b1ca 181cd8bc1c004030aec893fc7de79618
722380ff5288483191cd2712cbc99c5d] POST
http://10.0.2.15:8776/v2/722380ff5288483191cd2712cbc99c5d/volumes/999a256e-aadf-41b6-88f3-1412e3462cbe/action
2015-12-04 15:41:51.986 DEBUG cinder.api.openstack.wsgi
[req-44d81e36-299f-4e14-9419-996a2239b1ca 181cd8bc1c004030aec893fc7de79618
722380ff5288483191cd2712cbc99c5d] Action body: {"os-migrate_volume_completion":
{"new_volume": "1c768de0-949f-485f-b914-c430752e2984", "error": false}} from
(pid=18203) get_method /opt/stack/cinder/cinder/api/openstack/wsgi.py:1093
2015-12-04 15:41:51.987 INFO cinder.api.openstack.wsgi
[req-44d81e36-299f-4e14-9419-996a2239b1ca 181cd8bc1c004030aec893fc7de79618
722380ff5288483191cd2712cbc99c5d]
http://10.0.2.15:8776/v2/722380ff5288483191cd2712cbc99c5d/volumes/999a256e-aadf-41b6-88f3-1412e3462cbe/action
returned with HTTP 403
2015-12-04 15:41:51.989 INFO eventlet.wsgi.server
[req-44d81e36-299f-4e14-9419-996a2239b1ca 181cd8bc1c004030aec893fc7de79618
722380ff5288483191cd2712cbc99c5d] 10.0.2.15 - - [04/Dec/2015 15:41:51] "POST
/v2/722380ff5288483191cd2712cbc99c5d/volumes/999a256e-aadf-41b6-88f3-1412e3462cbe/action
HTTP/1.1" 403 429 0.005410
[policy.json(cinder)]
The follwong line defines that 'migrate_volume_completion' can be executed by
admin only.
"volume_extension:volume_admin_actions:migrate_volume_completion":
"rule:admin_api",
[Environment]
nova: commit 7df427fdb4d7a314b79b1e3977aeb86f019b5186(master)
cinder: commit 707902ca482d1653072c2cf419c566cd5fee1f96(master)
OS: Ubuntu 14.04
stack@devstack-master:/opt/devstack$ keystone user-role-list --user demo
--tenant demo
+----------------------------------+-------------+----------------------------------+----------------------------------+
| id | name | user_id
| tenant_id |
+----------------------------------+-------------+----------------------------------+----------------------------------+
| dec5e6b197d6424bbfb3854f6718cef0 | Member |
181cd8bc1c004030aec893fc7de79618 | 722380ff5288483191cd2712cbc99c5d |
| de75e50dec2e48b4a4c66feef8f53432 | anotherrole |
181cd8bc1c004030aec893fc7de79618 | 722380ff5288483191cd2712cbc99c5d |
+----------------------------------+-------------+----------------------------------+----------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1522705/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
