allow_qcow2_backing_file flag cannot be passed into some image_utils operations

> Note that there might be a workaround by supplying the 'data' parameter [4] but i'm not sure that is intended to be used in such a manner.

Good catch on this. The 'data' parameter is appropriate to pass here; the idea was that in most contexts, you've already done a call to get the qemu-img info data, so you can avoid the overhead of another shell call by passing the data object to the convert_image function.

Hi Brian,

is there any estimate on when the requested change can be implemented or a patch will be available?

Due to this problem we can not install 2023.2 release in our production

I am facing an issue on 2024.1 release with cinder and a nfs backend, which might be related to this bug.

The feature to create volumes from volume snapshots only works when there is exactly one snapshot for a particular volume. If two (or more) snapshots exist, the volume creation fails in line [1]. If I understand the code correctly, cinder calls the qemu_img_info() method with no data or flag allow_qcow2_backing_file, setting the flag to False. I believe that since the second snapshot has a qcow2 backing file, having allow_qcow2_backing_file = false fails the safety check of the snapshot and stops the volume creation.

[1] https://opendev.org/openstack/cinder/src/branch/stable/2024.1/cinder/image/image_utils.py#L178

@Vladislav: Fernando is working on this and will have a patch posted soon.

@Rafael: Your analysis looks correct to me, I think that's exactly what happens.

In thinking about this some more, I think passing the 'data' parameter is the way to go because there's a method in the remotefs driver that will make the call out to get the 'data' object, and when it does so, it checks the format of the backing filename to make sure it's appropriate to the nfs use case. Since just passing the allow_qcow2_backing_file flag would skip that secondary check, i think it's better to require passing the 'data' object and not implement the flag.

Addressed by: https://review.opendev.org/c/openstack/cinder/+/946995

Reviewed: https://review.opendev.org/c/openstack/cinder/+/946995
Committed: https://opendev.org/openstack/cinder/commit/9687fbac79b0af266dcefb89b8ecc5c2940f6c80
Submitter: "Zuul (22348)"
Branch: master

commit 9687fbac79b0af266dcefb89b8ecc5c2940f6c80
Author: Fernando Ferraz <email address hidden>
Date: Fri Apr 11 10:06:26 2025 -0300

    NFS driver: Fix fail creating volume with multiple snapshots

    The NFS driver uses qcow2 images with backing files to represent
    volume snapshots, which is not allowed for qcow2 disk images
    downloaded from glance. The driver uses cinder.image_utils to
    convert a qcow2 snapshot to a raw volume; this was not a problem
    for the first snapshot, whose backing file is raw, and hence passed
    the image format inspector, but the second snapshot has a qcow2
    backing file, which the image_utils were rejecting as a security
    risk. Thus we now pass the qemu_img_info from the backing image as
    an additional parameter to the image convert call, which indicates
    that the file has already been screened and allows the conversion
    to occur.

    Co-authored-by: Fernando Ferraz <email address hidden>
    Co-authored-by: Brian Rosmaita <email address hidden>

    Closes-bug: #2074377
    Change-Id: I49404e87eb0c77b4ed92918404f86c073fbfd713

Fix proposed to branch: stable/2025.1
Review: https://review.opendev.org/c/openstack/cinder/+/947820

Reviewed: https://review.opendev.org/c/openstack/cinder/+/947820
Committed: https://opendev.org/openstack/cinder/commit/ca82907201bd79a0d3bb172b52da3689ba541396
Submitter: "Zuul (22348)"
Branch: stable/2025.1

commit ca82907201bd79a0d3bb172b52da3689ba541396
Author: Fernando Ferraz <email address hidden>
Date: Fri Apr 11 10:06:26 2025 -0300

    NFS driver: Fix fail creating volume with multiple snapshots

    The NFS driver uses qcow2 images with backing files to represent
    volume snapshots, which is not allowed for qcow2 disk images
    downloaded from glance. The driver uses cinder.image_utils to
    convert a qcow2 snapshot to a raw volume; this was not a problem
    for the first snapshot, whose backing file is raw, and hence passed
    the image format inspector, but the second snapshot has a qcow2
    backing file, which the image_utils were rejecting as a security
    risk. Thus we now pass the qemu_img_info from the backing image as
    an additional parameter to the image convert call, which indicates
    that the file has already been screened and allows the conversion
    to occur.

    Co-authored-by: Fernando Ferraz <email address hidden>
    Co-authored-by: Brian Rosmaita <email address hidden>

    Closes-bug: #2074377
    Change-Id: I49404e87eb0c77b4ed92918404f86c073fbfd713
    (cherry picked from commit 9687fbac79b0af266dcefb89b8ecc5c2940f6c80)

Fix proposed to branch: stable/2024.2
Review: https://review.opendev.org/c/openstack/cinder/+/947964

Reviewed: https://review.opendev.org/c/openstack/cinder/+/947964
Committed: https://opendev.org/openstack/cinder/commit/39883f2b70c5c1f01f3908f216e6215f7832b274
Submitter: "Zuul (22348)"
Branch: stable/2024.2

commit 39883f2b70c5c1f01f3908f216e6215f7832b274
Author: Fernando Ferraz <email address hidden>
Date: Fri Apr 11 10:06:26 2025 -0300

    NFS driver: Fix fail creating volume with multiple snapshots

    The NFS driver uses qcow2 images with backing files to represent
    volume snapshots, which is not allowed for qcow2 disk images
    downloaded from glance. The driver uses cinder.image_utils to
    convert a qcow2 snapshot to a raw volume; this was not a problem
    for the first snapshot, whose backing file is raw, and hence passed
    the image format inspector, but the second snapshot has a qcow2
    backing file, which the image_utils were rejecting as a security
    risk. Thus we now pass the qemu_img_info from the backing image as
    an additional parameter to the image convert call, which indicates
    that the file has already been screened and allows the conversion
    to occur.

    Co-authored-by: Fernando Ferraz <email address hidden>
    Co-authored-by: Brian Rosmaita <email address hidden>

    Closes-bug: #2074377
    Change-Id: I49404e87eb0c77b4ed92918404f86c073fbfd713
    (cherry picked from commit 9687fbac79b0af266dcefb89b8ecc5c2940f6c80)
    (cherry picked from commit ca82907201bd79a0d3bb172b52da3689ba541396)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/cinder/+/948071

Reviewed: https://review.opendev.org/c/openstack/cinder/+/948071
Committed: https://opendev.org/openstack/cinder/commit/32a71114c82d498ca9c78dcbf4ba311699bfccdd
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 32a71114c82d498ca9c78dcbf4ba311699bfccdd
Author: Fernando Ferraz <email address hidden>
Date: Fri Apr 11 10:06:26 2025 -0300

    NFS driver: Fix fail creating volume with multiple snapshots

    The NFS driver uses qcow2 images with backing files to represent
    volume snapshots, which is not allowed for qcow2 disk images
    downloaded from glance. The driver uses cinder.image_utils to
    convert a qcow2 snapshot to a raw volume; this was not a problem
    for the first snapshot, whose backing file is raw, and hence passed
    the image format inspector, but the second snapshot has a qcow2
    backing file, which the image_utils were rejecting as a security
    risk. Thus we now pass the qemu_img_info from the backing image as
    an additional parameter to the image convert call, which indicates
    that the file has already been screened and allows the conversion
    to occur.

    Co-authored-by: Fernando Ferraz <email address hidden>
    Co-authored-by: Brian Rosmaita <email address hidden>

    Closes-bug: #2074377
    Change-Id: I49404e87eb0c77b4ed92918404f86c073fbfd713
    (cherry picked from commit 9687fbac79b0af266dcefb89b8ecc5c2940f6c80)
    (cherry picked from commit ca82907201bd79a0d3bb172b52da3689ba541396)
    (cherry picked from commit 39883f2b70c5c1f01f3908f216e6215f7832b274)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/cinder/+/948256

Reviewed: https://review.opendev.org/c/openstack/cinder/+/948256
Committed: https://opendev.org/openstack/cinder/commit/d1f105a6ed765e984394b5f482d19b2f601ea3f2
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit d1f105a6ed765e984394b5f482d19b2f601ea3f2
Author: Fernando Ferraz <email address hidden>
Date: Fri Apr 11 10:06:26 2025 -0300

    NFS driver: Fix fail creating volume with multiple snapshots

    The NFS driver uses qcow2 images with backing files to represent
    volume snapshots, which is not allowed for qcow2 disk images
    downloaded from glance. The driver uses cinder.image_utils to
    convert a qcow2 snapshot to a raw volume; this was not a problem
    for the first snapshot, whose backing file is raw, and hence passed
    the image format inspector, but the second snapshot has a qcow2
    backing file, which the image_utils were rejecting as a security
    risk. Thus we now pass the qemu_img_info from the backing image as
    an additional parameter to the image convert call, which indicates
    that the file has already been screened and allows the conversion
    to occur.

    Co-authored-by: Fernando Ferraz <email address hidden>
    Co-authored-by: Brian Rosmaita <email address hidden>

    Closes-bug: #2074377
    Change-Id: I49404e87eb0c77b4ed92918404f86c073fbfd713
    (cherry picked from commit 9687fbac79b0af266dcefb89b8ecc5c2940f6c80)
    (cherry picked from commit ca82907201bd79a0d3bb172b52da3689ba541396)
    (cherry picked from commit 39883f2b70c5c1f01f3908f216e6215f7832b274)
    (cherry picked from commit 32a71114c82d498ca9c78dcbf4ba311699bfccdd)

This issue was fixed in the openstack/cinder 23.5.0 Bobcat release.

This issue was fixed in the openstack/cinder 24.4.0 Caracal release.

This issue was fixed in the openstack/cinder 26.1.0 Epoxy release.

This issue was fixed in the openstack/cinder 25.2.0 Dalmatian release.

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/953966

This issue was fixed in the openstack/cinder 27.0.0.0rc1 Flamingo release candidate.