Cinder

volumes are allowed to attach to the same instance more than once

Bug #1833736 reported by Eric Harney
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Critical
Eric Harney

Bug Description

With a volume that doesn't support multi-attach, you can attach a volume to the same instance more than once.

I'm not sure how easy this is to fix, presumably we need to extend the checks in _attachment_reserve around here:
    https://opendev.org/openstack/cinder/src/tag/14.0.0/cinder/volume/api.py#L2092

to fail if we are attaching to the same instance again.

But, doing that alone might interfere with the live migration case where we do a fake multi-attach to two separate hosts. So, maybe the check needed is that we only allow attaching to the same instance id if on two different compute hosts. (?)

Below is a reproduction script and some output of when this happens.

$ cat attach_script.sh
#!/usr/bin/bash -x

OS_TOKEN=$(openstack token issue -c id -f value)
OPENSTACKENDPOINT=10.16.151.37
INSTANCEUUID=c13aa08a-5184-4ce8-ba39-a9ac39067481
VOLUMEUUID=6fb23e37-7a06-4bf1-8a07-3e730ebd3153

#NOVA_URL=https://$OPENSTACKENDPOINT:13774/v2.1
NOVA_URL=https://$OPENSTACKENDPOINT/compute/v2.1/
INSTANCE_ID=$INSTANCEUUID
VOLUME_ID=$VOLUMEUUID
function call {
        curl -k -s -H "X-Auth-Token: $OS_TOKEN" -H "X-Subject-Token: $OS_TOKEN" "$@" | jq .
}
echo "Using instance_id: $INSTANCE_ID"
echo "Using volume_id: $VOLUME_ID"
echo
echo "Attachments before test:"
call $NOVA_URL/servers/$INSTANCE_ID/os-volume_attachments
echo
echo "Attempting 10 concurrent attachments..."
for i in {1..10}
do
  call -H 'Content-Type: application/json' $NOVA_URL/servers/$INSTANCE_ID/os-volume_attachments -d "{\"volumeAttachment\": {\"volumeId\": \"$VOLUME_ID\"}}" > /dev/null &
done
sleep 15
echo
echo "Attachements after test:"
call $NOVA_URL/servers/$INSTANCE_ID/os-volume_attachments

$ cinder show 6fb23e37-7a06-4bf1-8a07-3e730ebd3153
+--------------------------------+----------------------------------------------------------------------------------+
| Property | Value |
+--------------------------------+----------------------------------------------------------------------------------+
| attached_servers | ['c13aa08a-5184-4ce8-ba39-a9ac39067481', 'c13aa08a-5184-4ce8-ba39-a9ac39067481'] |
| attachment_ids | ['ac58a579-f2c9-43a7-bda3-f677ba73e4d1', 'f78ff114-ee2b-4c68-953b-cd81fcde9edb'] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2019-06-21T14:14:57.000000 |
| description | None |
| encrypted | False |
| id | 6fb23e37-7a06-4bf1-8a07-3e730ebd3153 |
| metadata | |
| migration_status | None |
| multiattach | False |
| name | None |
| os-vol-host-attr:host | centos7vm1.localdomain@ceph#ceph |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 030d4846a4f9428eae45cdefd1ee2cdf |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | in-use |
| updated_at | 2019-06-21T14:15:24.000000 |
| user_id | ed32ac3ec3d64687bd2912021a4d15a3 |
| volume_type | ceph2 |
+--------------------------------+----------------------------------------------------------------------------------+

$ sudo virsh domblklist 1
Target Source
------------------------------------------------
vda vms/c13aa08a-5184-4ce8-ba39-a9ac39067481_disk
vdb volumes/volume-83bc3803-0e7f-49c1-b258-8532a413ac9a
vdc volumes/volume-6fb23e37-7a06-4bf1-8a07-3e730ebd3153
vdd volumes/volume-6fb23e37-7a06-4bf1-8a07-3e730ebd3153

(vdc and vdd are the same volume)

$ sudo virsh dumpxml 1
...snipped

    <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='writeback' discard='unmap'/>
      <auth username='cinder'>
        <secret type='ceph' uuid='c198a0ce-baa3-45fd-bd48-e5c75e75359e'/>
      </auth>
      <source protocol='rbd' name='volumes/volume-6fb23e37-7a06-4bf1-8a07-3e730ebd3153'>
        <host name='10.16.151.37' port='6789'/>
      </source>
      <target dev='vdc' bus='virtio'/>
      <serial>6fb23e37-7a06-4bf1-8a07-3e730ebd3153</serial>
      <alias name='virtio-disk2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </disk>
    <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='writeback' discard='unmap'/>
      <auth username='cinder'>
        <secret type='ceph' uuid='c198a0ce-baa3-45fd-bd48-e5c75e75359e'/>
      </auth>
      <source protocol='rbd' name='volumes/volume-6fb23e37-7a06-4bf1-8a07-3e730ebd3153'>
        <host name='10.16.151.37' port='6789'/>
      </source>
      <target dev='vdd' bus='virtio'/>
      <serial>6fb23e37-7a06-4bf1-8a07-3e730ebd3153</serial>
      <alias name='virtio-disk3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </disk>

Interesting note: if you try this with volume encryption, Nova will fail subsequent attaches with:
libvirtError: internal error: a secret with UUID
 64311d25-fa9f-41c9-804a-103ddd258cda already defined for use with 83bc3803-0e7f-49c1-b258-8532a413ac9a

Eric Harney (eharney)
Changed in cinder:
assignee: nobody → Eric Harney (eharney)
Revision history for this message
ye (dakele) wrote :

I tested in rocky(Ubuntu18.04) but OpenStack returns "ERROR (BadRequest): Invalid volume: volume 7609d0be-638a-440c-8e40-5e1237648365 already attached". I cannot reproduce your problem.

Revision history for this message
Eric Harney (eharney) wrote :

Ok. I can reproduce it and am working on a fix.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/671370

Changed in cinder:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/673851

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/673857

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.opendev.org/671370
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7f3a77b66f9aa1b185310c8cbe33b358da6cc39a
Submitter: Zuul
Branch: master

commit 7f3a77b66f9aa1b185310c8cbe33b358da6cc39a
Author: Eric Harney <email address hidden>
Date: Tue Jul 16 13:28:10 2019 -0400

    Prevent double-attachment race in attachment_reserve

    If multiple attachments are requested simultaneously,
    a volume can be attached to an instance more than once.

    This fixes this problem by detecting that a race has
    occurred in _attachment_reserve, and backing out one of
    the invalid attachment records.

    This means that if the attachment API is called
    repeatedly and quickly for the same volume, some requests
    may fail, but this is much better than incorrectly
    creating multiple attachments.

    Closes-Bug: #1833736

    Change-Id: Ic2463338b698c5cf805c0ae06d0229f54f64b3fc

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/stein)

Reviewed: https://review.opendev.org/673851
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=eadff0df7efbe662bf107f77e1b2ac96c912e4e0
Submitter: Zuul
Branch: stable/stein

commit eadff0df7efbe662bf107f77e1b2ac96c912e4e0
Author: Eric Harney <email address hidden>
Date: Tue Jul 16 13:28:10 2019 -0400

    Prevent double-attachment race in attachment_reserve

    If multiple attachments are requested simultaneously,
    a volume can be attached to an instance more than once.

    This fixes this problem by detecting that a race has
    occurred in _attachment_reserve, and backing out one of
    the invalid attachment records.

    This means that if the attachment API is called
    repeatedly and quickly for the same volume, some requests
    may fail, but this is much better than incorrectly
    creating multiple attachments.

    Closes-Bug: #1833736

    Change-Id: Ic2463338b698c5cf805c0ae06d0229f54f64b3fc
    (cherry picked from commit 7f3a77b66f9aa1b185310c8cbe33b358da6cc39a)
    Depends-On: https://review.opendev.org/671370

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/676259

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/rocky)

Reviewed: https://review.opendev.org/673857
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=5f9c93b194a2925bc2813ed766d320ecc88dfd26
Submitter: Zuul
Branch: stable/rocky

commit 5f9c93b194a2925bc2813ed766d320ecc88dfd26
Author: Eric Harney <email address hidden>
Date: Tue Jul 16 13:28:10 2019 -0400

    Prevent double-attachment race in attachment_reserve

    If multiple attachments are requested simultaneously,
    a volume can be attached to an instance more than once.

    This fixes this problem by detecting that a race has
    occurred in _attachment_reserve, and backing out one of
    the invalid attachment records.

    This means that if the attachment API is called
    repeatedly and quickly for the same volume, some requests
    may fail, but this is much better than incorrectly
    creating multiple attachments.

    Closes-Bug: #1833736

    Change-Id: Ic2463338b698c5cf805c0ae06d0229f54f64b3fc
    (cherry picked from commit 7f3a77b66f9aa1b185310c8cbe33b358da6cc39a)
    (cherry picked from commit eadff0df7efbe662bf107f77e1b2ac96c912e4e0)
    Conflicts:
     cinder/tests/unit/attachments/test_attachments_api.py
    Depends-On: https://review.opendev.org/673851/

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/queens)

Reviewed: https://review.opendev.org/676259
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=90e03570ccff36c845ec45527414b24aba7f84dc
Submitter: Zuul
Branch: stable/queens

commit 90e03570ccff36c845ec45527414b24aba7f84dc
Author: Eric Harney <email address hidden>
Date: Tue Jul 16 13:28:10 2019 -0400

    Prevent double-attachment race in attachment_reserve

    If multiple attachments are requested simultaneously,
    a volume can be attached to an instance more than once.

    This fixes this problem by detecting that a race has
    occurred in _attachment_reserve, and backing out one of
    the invalid attachment records.

    This means that if the attachment API is called
    repeatedly and quickly for the same volume, some requests
    may fail, but this is much better than incorrectly
    creating multiple attachments.

    Closes-Bug: #1833736

    Change-Id: Ic2463338b698c5cf805c0ae06d0229f54f64b3fc
    (cherry picked from commit 7f3a77b66f9aa1b185310c8cbe33b358da6cc39a)
    (cherry picked from commit eadff0df7efbe662bf107f77e1b2ac96c912e4e0)
    Conflicts:
     cinder/tests/unit/attachments/test_attachments_api.py
    (cherry picked from commit 5f9c93b194a2925bc2813ed766d320ecc88dfd26)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 15.0.0.0rc1

This issue was fixed in the openstack/cinder 15.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 14.0.2

This issue was fixed in the openstack/cinder 14.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 13.0.7

This issue was fixed in the openstack/cinder 13.0.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 12.0.9

This issue was fixed in the openstack/cinder 12.0.9 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.