Public bug reported:
Create a snapshot(image) of a volume-backed instance, this will generate
a image in glance. At first, this image is private, I can update this
image's visibility to shared, and execuate glance member-create and
glance member-update on this image to share image to another tenant.
Then another tenant use this image to create a new instance, it will
failed of this message "HTTP exception thrown: Block Device Mapping is
Invalid: failed to get snapshot xxx"
>From the analysis of logs and nova code, it is because nova-api will
call _validate_bdm function to get snapshot from cinder, but in cinder,
the added tenant can not see the volume snapshot, the snapshot is not
belong to the tenant, so cinder-api will return 404 when nova-api call
get_snapshot.
How can I make this process to succeed?
====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref |
|
| bdm_v2 | True
|
| block_device_mapping | [{"guest_format": null, "boot_index": 0,
"delete_on_termination": false, |
| | "no_device": null, "snapshot_id":
"7a1b5060-e58c-4244-bb61-4ccef0295a1f", |
| | "volume_type": null, "device_name": "/dev/sda",
"disk_bus": "scsi", "image_id": |
| | null, "source_type": "snapshot", "tag": null,
"device_type": "disk", |
| | "volume_id": null, "destination_type": "volume",
"volume_size": 50}] |
| boot_roles | heat_stack_owner,myrole,swiftuser
|
| checksum | d41d8cd98f00b204e9800998ecf8427e
|
| container_format | bare
|
| created_at | 2019-12-02T06:31:36Z
|
| disk_format | qcow2
|
| hw_disk_bus | scsi
|
| hw_qemu_guest_agent | yes
|
| hw_scsi_model | virtio-scsi
|
| hw_video_model | qxl
|
| id | a13fe7a1-e001-41c8-8119-70d5090cb7b0
|
| locations | [{"url": "rbd://4ffaf12a-099d-4297-a22e-
|
| |
f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata":
{}}] |
| min_disk | 50
|
| min_ram | 0
|
| name | fhl-volume
|
| os_distro | centos
|
| os_hash_algo | sha512
|
| os_hash_value |
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0
|
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e
|
| os_hidden | False
|
| os_type | linux
|
| owner | 17bf57ec04994db2b591fda36c368e99
|
| owner_project_name | myproject
|
| owner_user_name | myuser
|
| protected | False
|
| root_device_name | /dev/sda
|
| size | 0
|
| status | active
|
| tags | []
|
| updated_at | 2020-04-09T09:40:57Z
|
| virtual_size | Not available
|
| visibility | private
|
| vm_mode | hvm
|
+----------------------+----------------------------------------------------------------------------------+
2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0
07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0
07cb8171cf854517b3678fd5e30b4cda accepted
3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a new
instance.
===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot
7a1b5060-e58c-4244-bb61-4ccef0295a1f.
cinder-api
"GET
/v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f
HTTP/1.1" status: 404 len: 445 time: 0.0378442
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1871861
Title:
Share the snapshot of volume-backed instance to other tenant, but can
not build instance with this image.
Status in OpenStack Compute (nova):
New
Bug description:
Create a snapshot(image) of a volume-backed instance, this will
generate a image in glance. At first, this image is private, I can
update this image's visibility to shared, and execuate glance member-
create and glance member-update on this image to share image to
another tenant. Then another tenant use this image to create a new
instance, it will failed of this message "HTTP exception thrown: Block
Device Mapping is Invalid: failed to get snapshot xxx"
From the analysis of logs and nova code, it is because nova-api will
call _validate_bdm function to get snapshot from cinder, but in
cinder, the added tenant can not see the volume snapshot, the snapshot
is not belong to the tenant, so cinder-api will return 404 when nova-
api call get_snapshot.
How can I make this process to succeed?
====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref |
|
| bdm_v2 | True
|
| block_device_mapping | [{"guest_format": null, "boot_index": 0,
"delete_on_termination": false, |
| | "no_device": null, "snapshot_id":
"7a1b5060-e58c-4244-bb61-4ccef0295a1f", |
| | "volume_type": null, "device_name": "/dev/sda",
"disk_bus": "scsi", "image_id": |
| | null, "source_type": "snapshot", "tag": null,
"device_type": "disk", |
| | "volume_id": null, "destination_type": "volume",
"volume_size": 50}] |
| boot_roles | heat_stack_owner,myrole,swiftuser
|
| checksum | d41d8cd98f00b204e9800998ecf8427e
|
| container_format | bare
|
| created_at | 2019-12-02T06:31:36Z
|
| disk_format | qcow2
|
| hw_disk_bus | scsi
|
| hw_qemu_guest_agent | yes
|
| hw_scsi_model | virtio-scsi
|
| hw_video_model | qxl
|
| id | a13fe7a1-e001-41c8-8119-70d5090cb7b0
|
| locations | [{"url": "rbd://4ffaf12a-099d-4297-a22e-
|
| |
f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata":
{}}] |
| min_disk | 50
|
| min_ram | 0
|
| name | fhl-volume
|
| os_distro | centos
|
| os_hash_algo | sha512
|
| os_hash_value |
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0
|
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e
|
| os_hidden | False
|
| os_type | linux
|
| owner | 17bf57ec04994db2b591fda36c368e99
|
| owner_project_name | myproject
|
| owner_user_name | myuser
|
| protected | False
|
| root_device_name | /dev/sda
|
| size | 0
|
| status | active
|
| tags | []
|
| updated_at | 2020-04-09T09:40:57Z
|
| virtual_size | Not available
|
| visibility | private
|
| vm_mode | hvm
|
+----------------------+----------------------------------------------------------------------------------+
2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0
07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0
07cb8171cf854517b3678fd5e30b4cda accepted
3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a
new instance.
===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get
snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.
cinder-api
"GET
/v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f
HTTP/1.1" status: 404 len: 445 time: 0.0378442
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1871861/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
