** Changed in: nova
Importance: Undecided => Medium
** Also affects: nova/newton
Importance: Undecided
Status: New
** Also affects: nova/ocata
Importance: Undecided
Status: New
** Changed in: nova/newton
Status: New => Confirmed
** Changed in: nova/ocata
Status: New => Confirmed
** Changed in: nova/ocata
Importance: Undecided => Medium
** Changed in: nova/newton
Importance: Undecided => Medium
** Tags added: newton-backport-potential ocata-backport-potential
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1651887
Title:
Ephemeral storage encryption is broken with interface mismatch
Status in OpenStack Compute (nova):
In Progress
Status in OpenStack Compute (nova) newton series:
Confirmed
Status in OpenStack Compute (nova) ocata series:
Confirmed
Bug description:
Description
===========
Ephemeral storage encryption is broken because of interface mismatch. The
default key manager (Castellan with Barbican)'s create_key() interface required
at least 4 arguments. See
https://github.com/openstack/castellan/blob/0.4.0/castellan/key_manager/barbican_key_manager.py#L200
However, Nova is only passing in 3. Looks like the 'algorithm'
argument is missing. See
https://github.com/openstack/nova/blob/stable/newton/nova/compute/api.py#L1401
This will result in "TypeError: create_key() takes exactly 4 arguments
(3 given)" on server create.
Steps to reproduce
==================
1. Install devstack with Barbican plugin enabled. i.e.
cat local.conf
[[local|localrc]]
enable_plugin barbican https://git.openstack.org/openstack/barbican
stable/newton
2. After devstack is installed, enable ephemeral storage encryption in
nova.conf. i.e.
[libvirt]
images_type = lvm
images_volume_group = vg-comp
[ephemeral_storage_encryption]
key_size = 256
cipher = aes-xts-plain64
enabled = True
3. restart nova-api
4. using the nova user account, try to create a server. i.e.
gyee@abacus:~$ env | grep OS_
OS_PROJECT_DOMAIN_ID=default
OS_USER_DOMAIN_ID=default
OS_PROJECT_NAME=service
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=secrete
OS_AUTH_URL=http://localhost:5000
OS_USERNAME=nova
gyee@abacus:~$ openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 42 | m1.nano | 64 | 0 | 0 | 1 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
| 84 | m1.micro | 128 | 0 | 0 | 1 | True |
| c1 | cirros256 | 256 | 0 | 0 | 1 | True |
| d1 | ds512M | 512 | 5 | 0 | 1 | True |
| d2 | ds1G | 1024 | 10 | 0 | 1 | True |
| d3 | ds2G | 2048 | 10 | 0 | 2 | True |
| d4 | ds4G | 4096 | 20 | 0 | 4 | True |
+----+-----------+-------+------+-----------+-------+-----------+
gyee@abacus:~$ openstack image list
+----------------------------------+---------------------------------+--------+
| ID | Name | Status
|
+----------------------------------+---------------------------------+--------+
| da447cd9-619a- | cirros-0.3.4-x86_64-uec | active
|
| 41b3-9772-4a9a80fa55f9 | |
|
| 718fff25-9d61-4a37-a974-fdef2f1f | cirros-0.3.4-x86_64-uec-ramdisk | active
|
| 570a | |
|
| 91c06518-a752-48ec-a7fd- | cirros-0.3.4-x86_64-uec-kernel | active
|
| 3c0ad020d9a4 | |
|
+----------------------------------+---------------------------------+--------+
gyee@abacus:~$ openstack server create --image
91c06518-a752-48ec-a7fd-3c0ad020d9a4 --flavor 1 test_eph_enc
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/
and attach the Nova API log if possible.
<type 'exceptions.TypeError'> (HTTP 500) (Request-ID:
req-6d2eb531-b239-429d-8d25-f06b4fe6309c)
5. And you'll see a traceback similiar to this.
2016-12-21 14:04:40.903 ERROR nova.api.openstack.extensions
[req-6d2eb531-b239-429d-8d25-f06b4fe6309c nova service] Unexpected exception in
API method
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions Traceback (most
recent call last):
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/openstack/extensions.py", line 338, in wrapped
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
f(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/openstack/compute/servers.py", line 631, in create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
**create_kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/hooks.py", line 154, in inner
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions rv = f(*args,
**kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1528, in create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
check_server_group_quota=check_server_group_quota)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1159, in _create_instance
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions key_pair)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1022, in _provision_instances
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
quotas.rollback()
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 220, in
__exit__
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
self.force_reraise()
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 196, in
force_reraise
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
six.reraise(self.type_, self.value, self.tb)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 944, in _provision_instances
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
shutdown_terminate, create_instance=False)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1451, in
create_db_entry_for_new_instance
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
num_instances, shutdown_terminate)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1403, in
_populate_instance_for_create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
length=CONF.ephemeral_storage_encryption.key_size)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions TypeError:
create_key() takes exactly 4 arguments (3 given)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
2016-12-21 14:04:40.905 INFO nova.api.openstack.wsgi
[req-6d2eb531-b239-429d-8d25-f06b4fe6309c nova service] HTTP exception thrown:
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and
attach the Nova API log if possible.
<type 'exceptions.TypeError'>
Expected result
===============
server should be successfully created
Actual result
=============
HTTP 500, with the following traceback in the log.
2016-12-21 14:04:40.903 ERROR nova.api.openstack.extensions
[req-6d2eb531-b239-429d-8d25-f06b4fe6309c nova service] Unexpected exception in
API method
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions Traceback (most
recent call last):
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/openstack/extensions.py", line 338, in wrapped
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
f(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/validation/__init__.py", line 73, in wrapper
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions return
func(*args, **kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/api/openstack/compute/servers.py", line 631, in create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
**create_kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/hooks.py", line 154, in inner
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions rv = f(*args,
**kwargs)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1528, in create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
check_server_group_quota=check_server_group_quota)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1159, in _create_instance
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions key_pair)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1022, in _provision_instances
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
quotas.rollback()
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 220, in
__exit__
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
self.force_reraise()
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 196, in
force_reraise
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
six.reraise(self.type_, self.value, self.tb)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 944, in _provision_instances
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
shutdown_terminate, create_instance=False)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1451, in
create_db_entry_for_new_instance
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
num_instances, shutdown_terminate)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions File
"/opt/stack/nova/nova/compute/api.py", line 1403, in
_populate_instance_for_create
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
length=CONF.ephemeral_storage_encryption.key_size)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions TypeError:
create_key() takes exactly 4 arguments (3 given)
2016-12-21 14:04:40.903 TRACE nova.api.openstack.extensions
2016-12-21 14:04:40.905 INFO nova.api.openstack.wsgi
[req-6d2eb531-b239-429d-8d25-f06b4fe6309c nova service] HTTP exception thrown:
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and
attach the Nova API log if possible.
<type 'exceptions.TypeError'>
Environment
===========
1. Ubuntu 16.04
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
2. Devstack + Barbican plugin, both on stable/newton
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1651887/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
