OpenStack Compute (nova)

Reboot should not require a Glance.show

Bug #1339386 reported by Rick Harris
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Rick Harris
OpenStack Compute (nova) 2014.2 "juno"

Bug Description

When a host is rebooted, we use `resume_state_on_host_boot` to spin back up the instances.

In `libvirt` this translates to a bunch of `_hard_reboot` calls.

The problem is that, `_hard_reboot` calls `_get_guest_xml`, which then calls `get_image_metadata` (since no `image_meta` is passed in). This in turn triggers a call to `glance.show` which will fail.

The reason the call will fail is that, the glanceclient needs user-credentials in order to make this call, but since we're a server-side triggered action (host rebooting), we don't have a user-request context.

At a high-level, this is an issue of user-impersonation for server-side-triggered actions, which we don't have good story for yet.

We do, however, have a work around for this particular case.

We can use the cached image_metadata that we store with the instance.

In fact `_hard_reboot` is already using it, so we just need to pass that `image_meta` into `_get_guest_xml` and it will work.

Rick Harris (rconradharris)
Changed in nova:
assignee: nobody → Rick Harris (rconradharris)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/105613

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/105613
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=65341b2547c5eedef720f6a6742cdfe436141907
Submitter: Jenkins
Branch: master

commit 65341b2547c5eedef720f6a6742cdfe436141907
Author: Rick Harris <email address hidden>
Date: Tue Jul 8 17:31:27 2014 -0500

    libvirt: Avoid Glance.show on hard_reboot

    When a Libvirt host is rebooted, we can optionally choose to automatically
    spin back up the instances using the `resume_state_on_host_boot` call. This,
    in turn, uses `_hard_reboot` to bring back the instances.

    The problem is that `_get_guest_xml` which `_hard_reboot` is using is always
    making a call to Glance.show since `image_meta` isn't being passed into it. In
    addition to this being an extra latency-heavy call, this is big problem
    because the request is *server-generated* not *user-generated* so we won't
    have the necessary user-request context to make the Glance call.

    In the absense of a general user-impersonation mechanism, the current
    workaround is to use cached image-metadata, which works in this case as well.

    So the fix is to pass that `image_meta` that we already pull from instance
    metadata in `_hard_reboot` and pass it into `_get_guest_xml` and thus avoid
    the extra request to Glance.

    Change-Id: I2203ac709405ee784ee5ec017aa475575a46a0df
    Closes-Bug: 1339386

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → juno-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: juno-3 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.