Ironic

Could not spawn an instance with a Shared or private image

Bug #2058259 reported by Damien RANNOU on 2024-03-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Triaged	Wishlist	Unassigned

Bug Description

TLDR:
In a Nova deployment context, we hit a bug : If the nova user is spawning a private or shared image, Ironic can not validate the image project_id, so letting an error:

ironic.common.exception.ImageNotFound: Image fde5ad17-59b0-4919-99bd-0188365aa386 could not be found.

More detail:
Linked to https://blueprints.launchpad.net/nova/+spec/ironic-guest-metadata, ironic does not have the nova customer context, so ironic cannot verify the image project_id.

In the current situation, it seems that it's not possible spawn a nova instance except if the image is public.

May be a quick work around would be to check if the call is coming from nova, and assuming that nova already made the preliminary verification before asking ironic to deploy.

https://opendev.org/openstack/ironic/src/branch/master/ironic/common/glance_service/service_utils.py#L120

Tags:

Revision history for this message

Jay Faulkner (jason-oldos) wrote on 2024-03-18:

Noting a comment in IRC from another user:

> which rights does the ironic user have? We gave ours image_admin and we can use private images, pretty sure shared images as well.

I think there's room for improvement here, but first we need to determine the cases that work/break.

Changed in ironic:
status:	New → Triaged
importance:	Undecided → Wishlist
tags:	added: rfe

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.