Cinder

Capability Filter doesn't work when create volume using no-admin user

Bug #1495764 reported by Tina Tang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Xing Yang
Cinder 7.0.0 "liberty"

Bug Description

After the change of https://bugs.launchpad.net/cinder/+bug/1351971, the extra-specs of volume type will not be able to be retrieved by no-admin context. This impacts the behavior of the Capability Filter.

I encounter an issue that a volume created by a no-admin user get created on a wrong back end whoes "volume_backend_name" doesn't matches with the key set in the volume type.

The root cause if the extra-specs get by no-admin context is empty, so the Capability Filter returns True for all hosts(back ends).

Reproduce Step:
1. Below Public volume types was created.
stack@ubuntu-server5:/opt/stack/cinder$ cinder extra-specs-list
+--------------------------------------+-------------+------------------------------------------+
| ID | Name | extra_specs |
+--------------------------------------+-------------+------------------------------------------+
| 19977785-233e-49d9-bbe7-59be1f4f216a | lvmdriver-1 | {u'volume_backend_name': u'lvmdriver-1'} |
| a1d37da1-31bf-4e41-9242-ffe50502bfa3 | thin | {u'storagetype:provisioning': u'thin'} |
+--------------------------------------+-------------+------------------------------------------+

2. Switch to a no-admin user (In devstack)
 source ~/devstack/openrc demo demo

3. Create a volume with type lvmdriver-1. Actually, there is only a pool_backend_1 configured. The backend with name 'lvmdriver-1' doesn't exist at all.
stack@ubuntu-server5:/opt/stack/cinder$ cinder create --name test --volume-type 19977785-233e-49d9-bbe7-59be1f4f216a 1

4. Check volume details use admin, we can see the volume with type lvmdriver-1 was created on the pool_backend_1 which is incorrect. The volume_backend_name of pool_backend_1 is "pool_backend_1".
 source ~/devstack/openrc admin admin
stack@ubuntu-server5:/opt/stack/cinder$ cinder show f24f3c80-e345-4b6d-a4e4-58f86272694f
+---------------------------------------+--------------------------------------+
| Property | Value |
+---------------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2015-09-15T02:51:51.000000 |
| description | None |
| encrypted | False |
| id | f24f3c80-e345-4b6d-a4e4-58f86272694f |
| metadata | {u'lun_type': u'lun'} |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | ubuntu-server5@pool_backend_1#Pool_1 |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 5e27f193702540798dd6e9d722e5292e |
| os-volume-replication:driver_data | None |
| os-volume-replication:extended_status | None |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| user_id | 5be11c7557114a299f1dc4bc4a0ff04d |
| volume_type | lvmdriver-1 |
+---------------------------------------+--------------------------------------+

stack@ubuntu-server5:/opt/stack/cinder$ cinder get-pools --detail
+-----------------------------+--------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------+
| allocated_capacity_gb | 3 |
| compression_support | True |
| consistencygroup_support | True |
| deduplication_support | True |
| driver_version | 06.00.00 |
| fast_cache_enabled | True |
| fast_support | True |
| free_capacity_gb | 2360.101 |
| location_info | Pool_1|FNM00130200235 |
| max_over_subscription_ratio | 20.0 |
| name | ubuntu-server5@pool_backend_1#Pool_1 |
| pool_name | Pool_1 |
| provisioned_capacity_gb | 1008.215 |
| reserved_percentage | 18 |
| storage_protocol | iSCSI |
| thick_provisioning_support | True |
| thin_provisioning_support | True |
| timestamp | 2015-09-15T02:57:35.717700 |
| total_capacity_gb | 3281.146 |
| vendor_name | EMC |
| volume_backend_name | pool_backend_1 |
+-----------------------------+--------------------------------------+

=================================
CInder Version I was used:
stack@ubuntu-server5:/opt/stack/cinder$ git log -1
commit 8312a3ed5eafdc0f5532a354228723da39c14948
Merge: f0ef55f a69d5ff
Author: Jenkins <email address hidden>
Date: Mon Sep 7 20:59:52 2015 +0000

    Merge "Fix description for "Barbarism of editting a file""

See original description
Tina Tang (tina-tang)
description: updated
Xing Yang (xing-yang)
Changed in cinder:
assignee: nobody → Xing Yang (xing-yang)
importance: Undecided → High
milestone: none → liberty-rc1
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/223393

Revision history for this message
John Griffith (john-griffith) wrote :

IMO this fix https://bugs.launchpad.net/cinder/+bug/1351971 has exposed another bug; the fact that we have been just passing the volume-type with extra-specs in the API volume-type object and just passing it through everything is wrong.

I believe that Type and Extra-Specs are two independent objects and should be treated as such. The type-id should be used by taskflow api to query the extra-specs for the given type and that should be passed by itself, OR the scheduler should be doing this query.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/223393
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=87b6072b8401528c5582f48ec3cc5b52049a3774
Submitter: Jenkins
Branch: master

commit 87b6072b8401528c5582f48ec3cc5b52049a3774
Author: Xing Yang <email address hidden>
Date: Tue Aug 18 20:21:56 2015 -0400

    Extra specs may not be in volume types

    Get volume types no longer returns extra specs for non-admin users.
    This breaks volume creation which needs extra specs. This patch fixes it
    as follows:
    * In volume/api.py, get extra specs when checking for retype.
    * In scheduler/filter_scheduler.py, get extra specs if they are not
      already in volume type.

    Closes-Bug: 1495764
    Change-Id: I1eca87d14cce84596628f0e8b3ea1602914bd883

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: liberty-rc1 → 7.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.