Glance Cinder backed images & multiple regions

Need confirmation on this one. If it's confirmed, we need to get it into the next release, which is 18 July, so would need to get this fix in a bit ahead of that -- namely, as soon as possible.

Peter Steele
<email address hidden>

> On Jul 9, 2018, at 6:43 AM, Brian Rosmaita <email address hidden> wrote:
>
> Need confirmation on this one. If it's confirmed, we need to get it
> into the next release, which is 18 July, so would need to get this fix
> in a bit ahead of that -- namely, as soon as possible.
>
> ** Changed in: glance-store
> Status: Triaged => Incomplete
>
> ** No longer affects: glance
>
> ** Changed in: glance-store
> Milestone: None => 0.25.0
>
> --
> You received this bug notification because you are subscribed to Glance.
> Matching subscriptions: peterbs
> https://bugs.launchpad.net/bugs/1764200
>
> Title:
> Glance Cinder backed images & multiple regions
>
> Status in glance_store:
> Incomplete
>
> Bug description:
> When using the cinder backed images as per
>
> https://docs.openstack.org/cinder/latest/admin/blockstorage-volume-
> backed-image.html
>
> We have multiple locations, glance configured as
>
> /etc/glance/glance-api.conf
>
> [glance_store]
> stores = swift, cinder
> default_store = swift
> -snip-
> cinder_store_auth_address = https://hostname:5000/v3
> cinder_os_region_name = Region
> cinder_store_user_name = glance
> cinder_store_password = Password
> cinder_store_project_name = cinder-images
> cinder_catalog_info = volume:cinder:internalURL
>
>
> cinder clones the volume correctly, then talks to glance to add the location of cinder://
>
> glance then talks to cinder to validate the volume id, however this
> step uses the wrong cinder endpoint and checks the other region.
>
> From /usr/lib/python2.7/site-packages/glance_store/_drivers/cinder.py
>
> It appears the region name is only used when not passing in the
> project/user/password.
>
> Passing the os_region_name to the cinderclient.Client call on line 351
> appears to fix this.
>
> ie
>
> c = cinderclient.Client(username,
> password,
> project,
> auth_url=url,
> region_name=glance_store.cinder_os_region_name,
> insecure=glance_store.cinder_api_insecure,
> retries=glance_store.cinder_http_retries,
> cacert=glance_store.cinder_ca_certificates_file)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/glance-store/+bug/1764200/+subscriptions

I have confirmed this issue using pseudo multi region setup (only cinder service is added as another region).
If cinder_store_{user_name,password,project_name} are set, or `cinder_endpoint_template` is provided, cinder client will be created without region information. This is why this issue is caused.

The proposed solution (adding `region_name=glance_store.cinder_os_region_name,`) looks good to me.

Fix: https://review.openstack.org/#/c/581069/

Reviewed: https://review.openstack.org/581069
Committed: https://git.openstack.org/cgit/openstack/glance_store/commit/?id=d50ab63e138d58ef96b302fc1a1cf56923a26c76
Submitter: Zuul
Branch: master

commit d50ab63e138d58ef96b302fc1a1cf56923a26c76
Author: Tomoki Sekiyama <email address hidden>
Date: Mon Jul 9 15:42:10 2018 +0000

    specify region on creating cinderclient

    If cinder_store_{user_name,password,project_name} are provided,
    cinder client will be created without region information.
    It may cause wrong region access on some multi-region setup.

    This fixes the issue by always passing `cinder_os_region_name`
    value to cinderclient.

    Change-Id: I835b2f0da03f29245c26c9c531b04de737d8ef5b
    Closes-Bug: #1764200

This issue was fixed in the openstack/glance_store 0.25.0 release.

Hey,

I just signed the petition "Wrongly Convicted, SAVEDUSTINJHIGGS​.​COM help
me change the narrative." and wanted to see if you could help by adding
your name.

Our goal is to reach 1,500,000 signatures and we need more support. You can
read more and sign the petition here:

http://chng.it/bBQfgtqHwQ

Thanks!
Peter