I believe I've found the issue, and it's a regression in the 3.27 Cinder volume attachment_update API:
PUT /volumes/{id}/attachments/{attachment_id}
The volume manager code is updating the volume with the host from the connector dict, which nova gets from os-brick, and setting that on the volume here:
That's also the reason why I couldn't reproduce this on vexxhost since they are running Pike code. And before https://review.openstack.org/#/c/330285/, nova would call the os-attach volume actions API but never passed a host name directly for that, so this was always None:
So the question is what to do about this before the Queens release. There are a couple of options:
1. Add a policy rule in Cinder to not expose the attached_host field in the response to non-admins. To not break backward compatibility, you'd likely need to default this to allow admin_or_owner.
2. Don't store the attached_host value when calling attachment_update, and if some client needs to actually set the hostname for the attachment to get it later, like glance, it should use the os-attach volume action API.
I believe I've found the issue, and it's a regression in the 3.27 Cinder volume attachment_update API:
PUT /volumes/ {id}/attachment s/{attachment_ id}
The volume manager code is updating the volume with the host from the connector dict, which nova gets from os-brick, and setting that on the volume here:
https:/ /github. com/openstack/ cinder/ blob/a95c9e5668 f6a7596e0198cca 2b6b7fef20ab3e9 /cinder/ volume/ manager. py#L4370
Nova only started using this code as of this change:
https:/ /review. openstack. org/#/c/ 330285/
Which is not released yet.
That's also the reason why I couldn't reproduce this on vexxhost since they are running Pike code. And before https:/ /review. openstack. org/#/c/ 330285/, nova would call the os-attach volume actions API but never passed a host name directly for that, so this was always None:
https:/ /github. com/openstack/ cinder/ blob/master/ cinder/ volume/ manager. py#L1189
So the question is what to do about this before the Queens release. There are a couple of options:
1. Add a policy rule in Cinder to not expose the attached_host field in the response to non-admins. To not break backward compatibility, you'd likely need to default this to allow admin_or_owner.
2. Don't store the attached_host value when calling attachment_update, and if some client needs to actually set the hostname for the attachment to get it later, like glance, it should use the os-attach volume action API.