[SRU] MetadataCopyFailure: Failed to copy metadata to volume: Glance metadata cannot be updated, key signature_verified exists for volume id <volume id>
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Medium
|
Unassigned | ||
Ubuntu Cloud Archive |
New
|
Undecided
|
Unassigned | ||
Bobcat |
New
|
Undecided
|
Unassigned | ||
Caracal |
New
|
Undecided
|
Unassigned | ||
Dalmation |
New
|
Undecided
|
Unassigned | ||
Yoga |
Fix Committed
|
Undecided
|
Unassigned | ||
cinder (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Jammy |
New
|
Undecided
|
Unassigned | ||
Noble |
New
|
Undecided
|
Unassigned | ||
Oracular |
New
|
Undecided
|
Unassigned |
Bug Description
********** SRU TEMPLATE AT THE BOTTOM *********
CentOS 7.6
Kolla Ansible 7.0.2 deployment
Steps to reproduce:
1) Add "enable_
2) Create an image from an in-use volume: openstack image create --disk-format qcow2 --force --volume 7b434a13-
In our case, the VM is powered down, but the volume is attached to this VM, so the volume status is "in-use".
3) Deploy image to new volume with: openstack volume create --image TestImage --size 50 TestVolume
4) Status shows as "creating" for a while, then "downloading" for a bit. Note that we are not using Ceph storage for this test. So, when the "creating" status is shown, the image is being copied to the compute node temporarily. The compute node has enough disk space for this process. Then, the download occurs, where the image is decompressed and written to the volume, after which the cinder-volume log indicates this was successful and that the "temporary image is deleted".
5) The metadata error occurs and the volume status is set to "error":
MetadataCopyFai
The respective cinder-volume log entries are at the end of this message (no lines were removed - just spaced out for clarity) starting at the point in time where image->volume copy process succeeded.
The volume image metadata property of the original "in-use" volume (from Step 2 above) that was imported to an image is:
| id | 7b434a13-
| volume_
The properties of the resulting image (from Step 2 above) are:
| id | 3b56e3c1-
| properties | locations=
The volume image metadata property of the newly created, error'd, image is:
| id | 5846f529-
| volume_
Since it appears that the signature_verified property already exists in the target volume, I thought this might cause the error since the source image has this property also.
So, I unset this property on the image using:
openstack image unset --property signature_verified 3b56e3c1-
and the process succeeded!
This seems like a bug somewhere in the metadata property cloning process. I would expect all volume_
Eric
2019-04-06 00:21:28.734 137 DEBUG cinder.
2019-04-06 00:21:29.769 137 DEBUG cinder.
2019-04-06 00:21:29.769 137 DEBUG cinder.
2019-04-06 00:21:29.775 137 DEBUG cinder.
2019-04-06 00:21:29.776 137 DEBUG cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.792 137 ERROR cinder.
2019-04-06 00:21:29.796 137 WARNING cinder.
============
SRU TEMPLATE
============
===============
SRU DESCRIPTION
===============
[Impact]
This issue has already been addressed by another LP (LP: #1945500) but it hadn't included all possible string properties affected to be filtered. We stumbled across another one that hits the same issue so we need to add the property to the list so filtered properties. The impact is very annoying to customers because their users unknownly hit this issue by creating a volume from an image, then creating an image from the volume, and then attempting to create a new volume from the derived image.
[Test case]
1) Deploy OpenStack with Cinder and have a test image in glance
openstack image create --file ~/images/
2) Create a volume from the test image
openstack volume create --image cirros --size 1 v1
3) Create a new image from the volume
openstack image create --volume v1 v1
4) Attempt to create a new volume from the derived image
openstack volume create --image v1 --size 1 v2
5) Verify in logs the error message in logs or volume show:
GlanceMetadataE
6) install updated package
7) repeat steps 2-4
8) Verify volume created successfully this time
[Regression Potential]
Given the simplicity of this particular fix, and that it completements an existing fix (by just adding an extra filter property) that has been in production for quite a while, we can estimate the regression potential to be very close to zero. The "signature_
[Other Info]
None.
Changed in cinder: | |
assignee: | nobody → Brian Rosmaita (brian-rosmaita) |
Changed in cinder: | |
status: | New → In Progress |
Changed in cinder: | |
assignee: | Brian Rosmaita (brian-rosmaita) → yenai (yenai2008) |
Changed in cinder: | |
importance: | Undecided → Medium |
tags: | added: glance image metadata |
tags: | added: need-integration-test |
Changed in cinder: | |
assignee: | Mark Goddard (mgoddard) → nobody |
summary: |
- MetadataCopyFailure: Failed to copy metadata to volume: Glance metadata - cannot be updated, key signature_verified exists for volume id <volume - id> + [SRU] MetadataCopyFailure: Failed to copy metadata to volume: Glance + metadata cannot be updated, key signature_verified exists for volume id + <volume id> |
description: | updated |
I wonder if this is the full scenario:
1) Create a volume from an image A, set "signature_ verified" on the volume (A). verified" flag with the metadata. verified" is already set from the Glance metadata instead of the verification process.
2) Upload volume A to Glance from Cinder, creating image B, and copy along the "signature_
3) Create volume B from image B, and fail because "signature_
Does this match with your scenario?