Cinder

Cinder - creating clone of encrypted volume fails

Bug #1913054 reported by Helen Walsh on 2021-01-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	New	Medium	Unassigned

Bug Description

This was found when testing a PowerMax encrypted volume. Traced it to cinder/volume/flows/manager/create_volume.py line 635

    def _create_from_source_volume(self, context, volume, source_volid,
                                   **kwargs):
        # NOTE(harlowja): if the source volume has disappeared this will be our
        # detection of that since this database call should fail.
        #
        # NOTE(harlowja): likely this is not the best place for this to happen
        # and we should have proper locks on the source volume while actions
        # that use the source volume are underway.
        srcvol_ref = objects.Volume.get_by_id(context, source_volid)
        try:
            model_update = self.driver.create_cloned_volume(volume, srcvol_ref)
            if model_update is None:
                model_update = {}
            if volume.encryption_key_id is not None:
                rekey_model_update = self._rekey_volume(context, volume)
                model_update.update(rekey_model_update)

In the _rekey_volume method an _attach_volume is called and for PowerMax driver we need provider_location populated in order to be able to find the volume in order to attach it.

def _rekey_volume(self, context, volume):
"""Change encryption key on volume.

:returns: model update dict
"""

LOG.debug('rekey volume %s', volume.name)

        properties = utils.brick_get_connector_properties(False, False)
        LOG.debug("properties: %s", properties)
        attach_info = None
        model_update = {}
        new_key_id = None
        original_key_id = volume.encryption_key_id
        key_mgr = key_manager.API(CONF)

        try:
            attach_info, volume = self.driver._attach_volume(context,
                                                             volume,
                                                             properties)

Possible fix is to update the volume object before passing it to the _rekey_volume

volume.update(model_update)
volume.save()

Tags:

Sofia Enriquez (lsofia-enriquez) on 2021-01-26

tags:	added: powermax
tags:	added: volume
tags:	added: encryption

Revision history for this message

Helen Walsh (walshh2) wrote on 2021-01-27:

submission at https://review.opendev.org/c/openstack/cinder/+/772517

Sofia Enriquez (lsofia-enriquez) on 2021-02-10

Changed in cinder:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-08: Fix included in openstack/cinder 18.0.0.0rc2

This issue was fixed in the openstack/cinder 18.0.0.0rc2 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-07-28: Fix included in openstack/cinder 19.0.0.0b1

This issue was fixed in the openstack/cinder 19.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.