If cinder enable image signature verification, image properties contain "signature_verified" field,create volume from image wil fail.
image info:
()[root@busybox-openstack-6c6d846f85-d87w9 /]# glance image-show ec3e1627-9e51-4d9b-a2a1-cca34cf119dd
+---------------------+----------------------------------------------------------------------------------+
| Property | Value |
+---------------------+----------------------------------------------------------------------------------+
| checksum | d0f846e407a2f32ebe63c0133b1ee451 |
| container_format | bare |
| created_at | 2022-04-14T11:20:02Z |
| description | |
| disk_format | raw |
| hw_architecture | aarch64 |
| hw_live_resize | no |
| hw_qemu_guest_agent | no |
| id | ec3e1627-9e51-4d9b-a2a1-cca34cf119dd |
| img_hv_type | qemu |
| locations | [{"url": "rbd://3a42a0ff-4dcc-4216-8943-f164e2803928/compute/ec3e1627-9e51-4d9b- |
| | a2a1-cca34cf119dd/snap", "metadata": {}}] |
| min_disk | 10 |
| min_ram | 1024 |
| name | harbor |
| os_distro | CentOS |
| owner | e984347370664dbd9ef4c48cc624a956 |
| protected | False |
| signature_verified | False |
| size | 10737418240 |
| status | active |
| tags | [] |
| updated_at | 2022-04-14T11:21:55Z |
| virtual_size | None |
| visibility | private |
+---------------------+----------------------------------------------------------------------------------+
cinder create volume from image fail log:
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 process_incoming File "/usr/local/lib/python3.6/site-packages/tenacity/__init.py", line 360, in iter
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 process_incoming return fut.result()
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 process_incoming File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 425, in result
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming return self.get_result()
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 384, in get_result
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming raise self._exception
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming File "/usr/local/lib/python3.6/site-packages/tenacity/__init.py", line 426, in call
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming result = fn(args, **kwargs)
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming File "/usr/local/lib/python3.6/site-packages/cinder/volume/flows/manager/create_volume.py", line 1039, in _create_from_image
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming image_meta=image_meta)
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming File "/usr/local/lib/python3.6/site-packages/cinder/volume/flows/manager/create_volume.py", line 452, in _handle_bootable_volume_glance_meta
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming raise exception.MetadataCopyFailure(reason=ex)
2022-04-15 15:25:53.475 134 ERROR oslo_messaging.rpc.server server.py:180 _process_incoming cinder.exception.MetadataCopyFailure: Failed to copy metadata to volume: Glance metadata cannot be updated, key signature_verified exists for volume id 5903c2e4-0432-4402-a7d2-68c4eeea3e15
Greetings zhuyuhao,
This is the expected behavior from cinder.
You could disable image signature verification on cinder.conf. However, be careful of the security impact of that decision because Cinder currently lacks a mechanism to validate images prior to creating volumes from them[1].
Cheers,
[1]https:/