Cinder

volume manager must call driver.remove_export with elevated context

Bug #1305197 reported by Eric Harney
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Eric Harney
Cinder 2014.1 "icehouse"

Bug Description

There are a couple of places in the volume manager (initialize_connection and terminate_connection) where driver.remove_export() is called with a user context rather than an elevated context.

This appears to break the assumption used in delete_volume() where an elevated context is passed.

This causes the LVM LIO driver to fail with an error removing an export in an initialize_connection() error case:

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/cinder/openstack/common/rpc/amqp.py", line 462, in _process_data
    **args)
  File "/usr/lib/python2.7/site-packages/cinder/openstack/common/rpc/dispatcher.py", line 172, in dispatch
    result = getattr(proxyobj, method)(ctxt, **kwargs)
  File "/usr/lib/python2.7/site-packages/cinder/volume/manager.py", line 801, in initialize_connection
    self.driver.remove_export(context, volume)
  File "/usr/lib/python2.7/site-packages/cinder/volume/drivers/lvm.py", line 540, in remove_export
    self.target_helper.remove_export(context, volume)
  File "/usr/lib/python2.7/site-packages/cinder/volume/iscsi.py", line 232, in remove_export
    volume['id'])
  File "/usr/lib/python2.7/site-packages/cinder/db/api.py", line 232, in volume_get_iscsi_target_num
    return IMPL.volume_get_iscsi_target_num(context, volume_id)
  File "/usr/lib/python2.7/site-packages/cinder/db/sqlalchemy/api.py", line 116, in wrapper
    raise exception.AdminRequired()
AdminRequired: User does not have admin privileges

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/86400

Changed in cinder:
assignee: nobody → Eric Harney (eharney)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/86400
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d09d12ab2ba72a9e7fe42852a7cf837231053590
Submitter: Jenkins
Branch: master

commit d09d12ab2ba72a9e7fe42852a7cf837231053590
Author: Eric Harney <email address hidden>
Date: Wed Apr 9 13:05:54 2014 -0400

    driver.create/remove_export() require elevated context

    The volume manager should call driver.create_export()
    and driver.remove_export() with an elevated context.

    This is already done for remove_export() in some cases
    but not in initialize_connection error paths, or for
    terminate_connection.

    This will at a minimum cause issues with the LVM LIO
    driver as its create/remove_export methods uses database
    queries requiring admin access (volume_get_iscsi_target_num,
    iscsi_target_count_by_host).

    Partial-Bug: #1300148
    Closes-Bug: #1305197

    Change-Id: I5c1091cf9720ebccefc328b64fbf2982b3aac397

Changed in cinder:
status: In Progress → Fix Committed
Eric Harney (eharney)
tags: added: icehouse-rc-potential
Thierry Carrez (ttx)
Changed in cinder:
milestone: none → icehouse-rc3
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/87364

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (milestone-proposed)

Reviewed: https://review.openstack.org/87364
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=9b46fd6d4d1f96b92003a643dcaacc93ae23c2f1
Submitter: Jenkins
Branch: milestone-proposed

commit 9b46fd6d4d1f96b92003a643dcaacc93ae23c2f1
Author: Eric Harney <email address hidden>
Date: Wed Apr 9 13:05:54 2014 -0400

    driver.create/remove_export() require elevated ctx

    The volume manager should call driver.create_export()
    and driver.remove_export() with an elevated context.

    This is already done for remove_export() in some cases
    but not in initialize_connection error paths, or for
    terminate_connection.

    This will at a minimum cause issues with the LVM LIO
    driver as its create/remove_export methods uses database
    queries requiring admin access (volume_get_iscsi_target_num,
    iscsi_target_count_by_host).

    Partial-Bug: #1300148
    Closes-Bug: #1305197

    Change-Id: I5c1091cf9720ebccefc328b64fbf2982b3aac397
    (cherry picked from commit d09d12ab2ba72a9e7fe42852a7cf837231053590)

Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: icehouse-rc3 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.