OpenStack Nova Cloud Controller Charm

No explicit option exposed for max_local_block_devices

Bug #1953561 reported by Nobuto Murata
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Charm Guide
Fix Released
Undecided
Nobuto Murata
OpenStack Nova Cloud Controller Charm
Fix Released
Undecided
Nobuto Murata
OpenStack Nova Cloud Controller Charm 22.04

Bug Description

There are some cases where we want to "force" cloud users to use persistent volumes always. There is a downside of course like performance/latency issues over data persistence/redundancy.

With Ceph based deployments, it's straightforward to use libvirt-image-backend=rbd in the nova-compute charm so the ephemeral disk request is converted to rbd volume creation transparently to users.
https://jaas.ai/nova-compute#charm-config-libvirt-image-backend

With other storage backends in mind such as iSCSI or FC based arrays, it's not that straightforward.

According to the following bug fix (Queens+), cloud admins should be able to create flavors with disk=0 so the instance creation request *without* boot volume by non-admin users can be forced to fail.
https://bugs.launchpad.net/nova/+bug/1739646
It's going to be per-flavor basis, but there is another way to force instance creation without boot volume to fail globally in the cloud.

https://docs.openstack.org/nova/latest/user/block-device-mapping.html#faqs
>
>
> Is it possible to configure nova to automatically use cinder to
> back all root disks with volumes?
>
> No, there is nothing automatic within nova that converts a
> non-boot-from-volume request to convert the image to a root volume.
> Several ideas have been discussed over time which are captured in the
> spec for volume-backed flavors. However, if you wish to force users to
> always create volume-backed servers, you can configure the API service
> by setting max_local_block_devices to 0. This will result in any
> non-boot-from-volume server create request to fail with a 400 response.

So it makes sense to expose max_local_block_devices as an explicit option.

See original description
Revision history for this message
Nobuto Murata (nobuto) wrote :

The option is available since Havana if I'm not mistaken.
https://github.com/openstack/nova/commit/0ef7e15e225efcce3e02098cb1d57f9f40181f82

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/820971

Changed in charm-nova-cloud-controller:
status: New → In Progress
Revision history for this message
Nobuto Murata (nobuto) wrote :

Subscribed ~field-medium.

Nobuto Murata (nobuto)
no longer affects: charm-guide
Revision history for this message
Nobuto Murata (nobuto) wrote :

After setting the new options, I've got the following error message as expected and successfully.

request (https://192.168.151.126:8774/v2.1/servers) returned unexpected status: 400; error info: {"badRequest": {"code": 400, "message": "Block Device Mapping is Invalid: You specified more local devices than the limit allows"}}

Nobuto Murata (nobuto)
description: updated
Revision history for this message
Nobuto Murata (nobuto) wrote :

I've done some more testing just for the record purpose.

====

[cloud global enforcement]

$ openstack server create --wait \
    --flavor m1.custom \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --network internal \
    --key-name mykey \
    test1

-> succeeds

$ juju config nova-cloud-controller max-local-block-devices=0

$ openstack server create --wait \
    --flavor m1.custom \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --network internal \
    --key-name mykey \
    test1

-> fails as expected with:
Block Device Mapping is Invalid: You specified more local devices than the limit allows (HTTP 400)

$ openstack server create --wait \
    --flavor m1.custom \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --network internal \
    --key-name mykey \
    --boot-from-volume 10 \
    test1

-> succeeds since `--boot-from-volume` is specified explicitly.

[per-flavor basis enforcement]

$ juju config nova-cloud-controller --reset max-local-block-devices

$ openstack server create --wait \
    --flavor m1.custom \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --network internal \
    --key-name mykey \
    test1

-> succeeds

$ openstack flavor create --vcpu 4 --ram 4096 --disk 0 m1.custom_no_disk

[admin] $ openstack server create --wait \
    --flavor m1.custom_no_disk \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --network internal \
    --key-name mykey \
    test1

-> succeeds unexpectedly because server creation with the disk=0 flavor is allowed for admin users and VM will be created with the same size of the drive with the image size as disk=0 has a special meaning.

> https://docs.openstack.org/nova/latest/configuration/policy.html
>
> os_compute_api:servers:create:zero_disk_flavor
>
> Default
> rule:project_admin_api

$ openstack project create new-project \
    --domain default

$ openstack user create --project new-project \
    --password PASSWORD new-user

$ openstack role add --user-domain default --user new-user \
    --project new-project member

[member] $ openstack server create --wait \
    --flavor m1.custom_no_disk \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    test1

-> fails expectedly with:
Only volume-backed servers are allowed for flavors with zero disk. (HTTP 403)

[member] $ openstack server create --wait \
    --flavor m1.custom_no_disk \
    --image auto-sync/ubuntu-focal-20.04-amd64-server-20211129-disk1.img \
    --boot-from-volume 10 \
    test1

-> succeeds since `--boot-from-volume` is specified explicitly.

====

Nobuto Murata (nobuto)
Changed in charm-guide:
assignee: nobody → Nobuto Murata (nobuto)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-nova-cloud-controller (master)

Reviewed: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/820971
Committed: https://opendev.org/openstack/charm-nova-cloud-controller/commit/0e9136fe1e2b360297b8b938faaed1e8d44ee843
Submitter: "Zuul (22348)"
Branch: master

commit 0e9136fe1e2b360297b8b938faaed1e8d44ee843
Author: Nobuto Murata <email address hidden>
Date: Wed Dec 8 10:50:55 2021 +0900

    Expose max_local_block_devices as an explicit charm option

    It's useful to force instance creations to fail if ephemeral drives are
    requested when cloud admins want users to use persistent volumes always.

    Closes-Bug: #1953561
    Change-Id: I1c958b4bcf79512c06de6d81fe55c681bb5f38a7

Changed in charm-nova-cloud-controller:
status: In Progress → Fix Committed
Felipe Reyes (freyes)
Changed in charm-nova-cloud-controller:
assignee: nobody → Nobuto Murata (nobuto)
milestone: none → 22.04
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-guide (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-guide/+/837652

Changed in charm-guide:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-guide (master)

Reviewed: https://review.opendev.org/c/openstack/charm-guide/+/837652
Committed: https://opendev.org/openstack/charm-guide/commit/96a35071b6f615a4c12801b7df14fc1694301b9c
Submitter: "Zuul (22348)"
Branch: master

commit 96a35071b6f615a4c12801b7df14fc1694301b9c
Author: Nobuto Murata <email address hidden>
Date: Wed Apr 13 11:52:03 2022 +0900

    release-notes: max-local-block-devices

    Closes-Bug: #1953561
    Change-Id: Id3adbc35237343a9fce24a6102c759e82c3e2ae2

Changed in charm-guide:
status: In Progress → Fix Released
Alex Kavanagh (ajkavanagh)
Changed in charm-nova-cloud-controller:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.