** Changed in: nova Importance: Undecided => Medium ** Also affects: nova/pike Importance: Undecided Status: New
** Changed in: nova/pike Assignee: (unassigned) => Brianna Poulos (brianna-poulos) ** Changed in: nova/pike Importance: Undecided => Medium ** Changed in: nova/pike Status: New => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1737513 Title: img_signature_hash_method and img_signature are inherited when creating a snapshot Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) pike series: In Progress Bug description: Description =========== If present both img_signature_hash_method and img_signature from the original image are used when creating a snapshot image in Glance. This will cause a failure when we update the image with actual content during the snapshot creation process as this original signature obviously no longer applies to the snapshot of the instance. https://github.com/openstack/nova/blob/adedd4064765f688ea6426a952e73bb4469504f2/nova/compute/api.py#L2695-L2718 https://github.com/openstack/nova/blob/adedd4064765f688ea6426a952e73bb4469504f2/nova/virt/libvirt/driver.py#L1765-L1769 Both of these properties should be added to the non_inheritable_image_properties configurable and a test added to the the barbican tempest plugin to verify this behaviour. https://github.com/openstack/nova/blob/1f29d4283aeeaa6d3cc42eaf72fdb9e2ae417caf/nova/conf/compute.py#L56-L72 Steps to reproduce ================== 1. Boot an instance using a signed image: nova boot --flavor 1 --image <image-id> signed_instance 2. Attempt to create a snapshot of this instance: nova image-create <instance-uuid> <snapshot-name> Expected result =============== Snapshot taken successfully. Actual result ============= Snapshot fails. Environment =========== 1. Exact version of OpenStack you are running. See the following list for all releases: http://docs.openstack.org/releases/ Master (Queens) 2. Which hypervisor did you use? (For example: Libvirt + KVM, Libvirt + XEN, Hyper-V, PowerKVM, ...) What's the version of that? N/A 2. Which storage type did you use? (For example: Ceph, LVM, GPFS, ...) What's the version of that? N/A 3. Which networking type did you use? (For example: nova-network, Neutron with OpenVSwitch, ...) N/A Logs & Configs ============== n-cpu log: Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] Traceback (most recent call last): Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 231, in decorated_function Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] *args, **kwargs) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 3261, in snapshot_instance Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] task_states.IMAGE_SNAPSHOT) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/compute/manager.py", line 3293, in _snapshot_instance Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] update_task_state) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 1769, in snapshot Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image_file) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/api.py", line 132, in update Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] purge_props=purge_props) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 528, in update Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] _reraise_translated_image_exception(image_id) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 845, in _reraise_translated_image_exception Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] six.reraise(type(new_exc), new_exc, exc_trace) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 526, in update Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image = self._update_v2(context, sent_service_image_meta, data) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 545, in _update_v2 Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] image = self._upload_data(context, image_id, data) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 430, in _upload_data Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] self._client.call(context, 2, 'upload', image_id, data) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/opt/stack/nova/nova/image/glance.py", line 175, in call Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] result = getattr(controller, method)(*args, **kwargs) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 545, in inner Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return RequestIdProxy(wrapped(*args, **kwargs)) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 232, in upload Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] resp, body = self.http_client.put(url, headers=hdrs, data=body) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 313, in put Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return self.request(url, 'PUT', **kwargs) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 349, in request Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] return self._handle_response(resp) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 98, in _handle_response Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] raise exc.from_response(resp, resp.content) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] ImageBadRequest: Request of image 75d1a99d-a19e-42fe-a766-6311fc57f583 got BadRequest response: 400 Bad Request: Signature verification failed for image 75d1a99d-a19e-42fe-a766-6311fc57f583: Signature verification failed (HTTP 400) Dec 07 09:02:21 signature-test.rdocloud nova-compute[17790]: ERROR nova.compute.manager [instance: 1aff104b-5a9b-432e-b0b7-859dfe4c1cb3] To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1737513/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp