Public bug reported:
Description
===========
Due to the differences in nova, cinder and barbican policies described in bug
1895848, a user cannot migrate an instance with an encrypted volume (using
barbican) that belongs to a user in a different project. Furthermore, if a cold
migration or resize is attempted and fails when accessing the encryption key,
the instance will go to an 'error' state, and the volumes will get stuck in the
'attaching' state.
Steps to reproduce
==================
Prerequisites: users A & B, where B has the admin role.
As user A in project A, create an instance with an encrypted volume.
As user B in project B, attempt to cold migrate the instance.
Expected result
===============
Cold migration is unsuccessful. Instance remains active with volume attached.
Actual result
=============
Cold migration is unsuccessful. Instance is in ERROR state and shutoff. The
volume appears to be attached from the nova perspective, but in Cinder its
status is attaching. The volume has lost the attachment record.
Environment
===========
Seen in Stein, CentOS 7, deployed via Kolla Ansible.
Logs
====
Will follow up with more info.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1917498
Title:
Cold migration/resize failure with encrypted volumes can leave
instance in error and volumes attaching
Status in OpenStack Compute (nova):
New
Bug description:
Description
===========
Due to the differences in nova, cinder and barbican policies described in bug
1895848, a user cannot migrate an instance with an encrypted volume (using
barbican) that belongs to a user in a different project. Furthermore, if a cold
migration or resize is attempted and fails when accessing the encryption key,
the instance will go to an 'error' state, and the volumes will get stuck in the
'attaching' state.
Steps to reproduce
==================
Prerequisites: users A & B, where B has the admin role.
As user A in project A, create an instance with an encrypted volume.
As user B in project B, attempt to cold migrate the instance.
Expected result
===============
Cold migration is unsuccessful. Instance remains active with volume attached.
Actual result
=============
Cold migration is unsuccessful. Instance is in ERROR state and shutoff. The
volume appears to be attached from the nova perspective, but in Cinder its
status is attaching. The volume has lost the attachment record.
Environment
===========
Seen in Stein, CentOS 7, deployed via Kolla Ansible.
Logs
====
Will follow up with more info.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1917498/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
