Instance creation fails when [libvirt] cpu_mode is custom and its flavor contains hw:mem_encryption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Description
===========
When a user tries to launch an instance with a flavor containing hw:mem_encryption property, the instance always becomes error state if the nova-compute has [libvirt] cpu_mode = custom.
Instance creation succeeds if
- hw_mem_encryption image property is used instead of the flavor property
- [libvirt] cpu_mode is None
Steps to reproduce
==================
1. Set the following options in nova.conf and restart nova-compute
[libvirt]
cpu_mode = custom
cpu_models = EPYC
2. Prepare a flavor with memory encryption enabled
$ openstack flavor show m1.small-enc -f yaml
OS-FLV-
OS-FLV-
access_project_ids: null
description: null
disk: 20
id: ee97652f-
name: m1.small-enc
os-flavor-
properties:
hw:mem_
ram: 2048
rxtx_factor: 1.0
swap: 0
vcpus: 1
3. Create an image with hw_firmware_type property set to 'uefi'
$ openstack image show cirros-uefi -f yaml
checksum: c8fc807773e5354
container_format: bare
created_at: '2023-10-
disk_format: qcow2
file: /v2/images/
id: d6353363-
min_disk: 0
min_ram: 0
name: cirros-uefi
owner: 5a2803c4cdb1412
properties:
hw_disk_bus: scsi
hw_firmware_type: uefi
hw_scsi_model: virtio-scsi
os_hash_algo: sha512
os_hash_value: 1103b92ce8ad966
os_hidden: false
owner_
owner_
owner_
stores: fs
protected: false
schema: /v2/schemas/image
size: 21430272
status: active
tags: []
updated_at: '2023-10-
virtual_size: 117440512
visibility: public
4. launch an instance using the flavr and the image
$ openstack server create --image cirros-uefi --flavor m1.small-enc --network private cirros-enc
Expected result
===============
The instance becomes active state
Actual result
=============
Instance becomes error state. The following traceback is found in nova-compute.log
```
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
2023-10-25 06:33:20.674 38337 ERROR nova.compute.
```
Environment
===========
1. Exact version of OpenStack you are running. See the following
list for all releases: http://
Ubuntu 22.04 and UCA bobcat.
# dpkg -l | grep nova
ii nova-api 3:28.0.
ii nova-common 3:28.0.
ii nova-compute 3:28.0.
ii nova-compute-kvm 3:28.0.
ii nova-compute-
ii nova-conductor 3:28.0.
ii nova-novncproxy 3:28.0.
ii nova-scheduler 3:28.0.
ii python3-nova 3:28.0.
ii python3-novaclient 2:18.4.
2. Which hypervisor did you use?
Libvirt + KVM
3. Which storage type did you use?
LVM
4. Which networking type did you use?
ml2 + ovs
description: | updated |
description: | updated |
description: | updated |
summary: |
- Instance with memory encryption enabled can't be launched when [libvirt] - cpu_mode is custom + Instance creation fails when [libvirt] cpu_mode is custom and its flavo + contains hw:mem_encryption |
description: | updated |
summary: |
- Instance creation fails when [libvirt] cpu_mode is custom and its flavo + Instance creation fails when [libvirt] cpu_mode is custom and its flavor contains hw:mem_encryption |
It seems the issue here is specific to the combination of flavor properties and image properties.
If I use hw_mem_encryption image property instead of hw:mem_encryption flavor property, the issue is not reproduced.