2015-09-15 02:56:53 |
Tina Tang |
description |
After the change of https://bugs.launchpad.net/cinder/+bug/1351971, the extra-specs of volume type will not be able to be retrieved by no-admin context. This impacts the behavior of the Capability Filter because it always get an empty extra-specs when no-admin user is used, so all hosts get passed.
I encounter an issue that a volume created by a no-admin user get created on a wrong back end whoes "volume_backend_name" doesn't matches with the key set in the volume type.
The root cause if the extra-specs get by no-admin context is empty, so the Capability Filter returns True for all hosts(back ends).
Reproduce Step:
1. Below Public volume types was created.
stack@ubuntu-server5:/opt/stack/cinder$ cinder extra-specs-list
+--------------------------------------+-------------+------------------------------------------+
| ID | Name | extra_specs |
+--------------------------------------+-------------+------------------------------------------+
| 19977785-233e-49d9-bbe7-59be1f4f216a | lvmdriver-1 | {u'volume_backend_name': u'lvmdriver-1'} |
| a1d37da1-31bf-4e41-9242-ffe50502bfa3 | thin | {u'storagetype:provisioning': u'thin'} |
+--------------------------------------+-------------+------------------------------------------+
2. Switch to a no-admin user (In devstack)
source ~/devstack/openrc demo demo
3. Create a volume with type lvmdriver-1. Actually, there is only a pool_backend_1 configured. The backend with name 'lvmdriver-1' doesn't exist at all.
stack@ubuntu-server5:/opt/stack/cinder$ cinder create --name test --volume-type 19977785-233e-49d9-bbe7-59be1f4f216a 1
4. Check volume details use admin, we can see the volume with type lvmdriver-1 was created on the pool_backend_1 which is incorrect. The volume_backend_name of pool_backend_1 is "pool_backend_1".
source ~/devstack/openrc admin admin
stack@ubuntu-server5:/opt/stack/cinder$ cinder show f24f3c80-e345-4b6d-a4e4-58f86272694f
+---------------------------------------+--------------------------------------+
| Property | Value |
+---------------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2015-09-15T02:51:51.000000 |
| description | None |
| encrypted | False |
| id | f24f3c80-e345-4b6d-a4e4-58f86272694f |
| metadata | {u'lun_type': u'lun'} |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | ubuntu-server5@pool_backend_1#Pool_1 |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 5e27f193702540798dd6e9d722e5292e |
| os-volume-replication:driver_data | None |
| os-volume-replication:extended_status | None |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| user_id | 5be11c7557114a299f1dc4bc4a0ff04d |
| volume_type | lvmdriver-1 |
+---------------------------------------+--------------------------------------+
stack@ubuntu-server5:/opt/stack/cinder$ cinder get-pools --detail
+-----------------------------+--------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------+
| allocated_capacity_gb | 3 |
| compression_support | True |
| consistencygroup_support | True |
| deduplication_support | True |
| driver_version | 06.00.00 |
| fast_cache_enabled | True |
| fast_support | True |
| free_capacity_gb | 2360.101 |
| location_info | Pool_1|FNM00130200235 |
| max_over_subscription_ratio | 20.0 |
| name | ubuntu-server5@pool_backend_1#Pool_1 |
| pool_name | Pool_1 |
| provisioned_capacity_gb | 1008.215 |
| reserved_percentage | 18 |
| storage_protocol | iSCSI |
| thick_provisioning_support | True |
| thin_provisioning_support | True |
| timestamp | 2015-09-15T02:57:35.717700 |
| total_capacity_gb | 3281.146 |
| vendor_name | EMC |
| volume_backend_name | pool_backend_1 |
+-----------------------------+--------------------------------------+ |
After the change of https://bugs.launchpad.net/cinder/+bug/1351971, the extra-specs of volume type will not be able to be retrieved by no-admin context. This impacts the behavior of the Capability Filter.
I encounter an issue that a volume created by a no-admin user get created on a wrong back end whoes "volume_backend_name" doesn't matches with the key set in the volume type.
The root cause if the extra-specs get by no-admin context is empty, so the Capability Filter returns True for all hosts(back ends).
Reproduce Step:
1. Below Public volume types was created.
stack@ubuntu-server5:/opt/stack/cinder$ cinder extra-specs-list
+--------------------------------------+-------------+------------------------------------------+
| ID | Name | extra_specs |
+--------------------------------------+-------------+------------------------------------------+
| 19977785-233e-49d9-bbe7-59be1f4f216a | lvmdriver-1 | {u'volume_backend_name': u'lvmdriver-1'} |
| a1d37da1-31bf-4e41-9242-ffe50502bfa3 | thin | {u'storagetype:provisioning': u'thin'} |
+--------------------------------------+-------------+------------------------------------------+
2. Switch to a no-admin user (In devstack)
source ~/devstack/openrc demo demo
3. Create a volume with type lvmdriver-1. Actually, there is only a pool_backend_1 configured. The backend with name 'lvmdriver-1' doesn't exist at all.
stack@ubuntu-server5:/opt/stack/cinder$ cinder create --name test --volume-type 19977785-233e-49d9-bbe7-59be1f4f216a 1
4. Check volume details use admin, we can see the volume with type lvmdriver-1 was created on the pool_backend_1 which is incorrect. The volume_backend_name of pool_backend_1 is "pool_backend_1".
source ~/devstack/openrc admin admin
stack@ubuntu-server5:/opt/stack/cinder$ cinder show f24f3c80-e345-4b6d-a4e4-58f86272694f
+---------------------------------------+--------------------------------------+
| Property | Value |
+---------------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2015-09-15T02:51:51.000000 |
| description | None |
| encrypted | False |
| id | f24f3c80-e345-4b6d-a4e4-58f86272694f |
| metadata | {u'lun_type': u'lun'} |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | ubuntu-server5@pool_backend_1#Pool_1 |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 5e27f193702540798dd6e9d722e5292e |
| os-volume-replication:driver_data | None |
| os-volume-replication:extended_status | None |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| user_id | 5be11c7557114a299f1dc4bc4a0ff04d |
| volume_type | lvmdriver-1 |
+---------------------------------------+--------------------------------------+
stack@ubuntu-server5:/opt/stack/cinder$ cinder get-pools --detail
+-----------------------------+--------------------------------------+
| Property | Value |
+-----------------------------+--------------------------------------+
| allocated_capacity_gb | 3 |
| compression_support | True |
| consistencygroup_support | True |
| deduplication_support | True |
| driver_version | 06.00.00 |
| fast_cache_enabled | True |
| fast_support | True |
| free_capacity_gb | 2360.101 |
| location_info | Pool_1|FNM00130200235 |
| max_over_subscription_ratio | 20.0 |
| name | ubuntu-server5@pool_backend_1#Pool_1 |
| pool_name | Pool_1 |
| provisioned_capacity_gb | 1008.215 |
| reserved_percentage | 18 |
| storage_protocol | iSCSI |
| thick_provisioning_support | True |
| thin_provisioning_support | True |
| timestamp | 2015-09-15T02:57:35.717700 |
| total_capacity_gb | 3281.146 |
| vendor_name | EMC |
| volume_backend_name | pool_backend_1 |
+-----------------------------+--------------------------------------+
=================================
CInder Version I was used:
stack@ubuntu-server5:/opt/stack/cinder$ git log -1
commit 8312a3ed5eafdc0f5532a354228723da39c14948
Merge: f0ef55f a69d5ff
Author: Jenkins <jenkins@review.openstack.org>
Date: Mon Sep 7 20:59:52 2015 +0000
Merge "Fix description for "Barbarism of editting a file"" |
|