Instance system metadata is sometimes overwritten by image metadata
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Daniel Berrange |
Bug Description
When an instance is first created, a copy of the metadata from the image/volume is saved into the instance system metadata. This provides an accurate point in time record of the metadata used to configure & operate instance, even if the metadata on the image is later changed.
For a long while though, much of the code would not use this instance system metadata, instead just fetching metadata from the image each time. This had an obvious problem in that if the image was deleted, those operations would not be able to get image metadata, even though it was recorded for posterity in the system metadata.
So 2 commits were made to update Nova to fetch system metadata
commit 8e575be75c80ea7
Author: Xavier Queralt <email address hidden>
Date: Mon Aug 26 22:53:03 2013 +0200
Add methods to get image metadata from instance
This patch adds a couple of utility functions that enclose all the logic
for getting and parsing the image metadata stored in the instance's
system metadata.
First, this will try to fetch the metadata from the real image and will
prevent it from failing if it is not available. It will be then merged
with the image metadata stored during the instance creation.
Related to bug #1039662
Change-Id: I2130caf1985858
commit 4389f2292a0177c
Author: Xavier Queralt <email address hidden>
Date: Mon Aug 26 22:55:46 2013 +0200
Avoid errors on some actions when image not usable
Using the metadata saved on instance creation, we can now get all the
image related metadata we need from the instance itself.
This patch replace the logic for getting the image metadata on some
actions that shouldn't fail when the image is not accessible (create
an snapshot, resize, migrate, rescue an instance or attach an
interface).
Fixes bug 1039662
Unfortunately the way the compute utils get_image_metadata method was designed, it first fetches the instance system metadata and then fetches the current metadata from the image (if it still exists). The system metadata fields are overwritten by those from the image.
So, there remains a problem that many operations are going to be performing actions based on the metadata currently associated with the image, and not that associated with the instance.
By good luck, this does not currently have too many serious ill effects, but with ever increasing use of image metadata for tuning instance hardware configuration this is becoming a more pressing problem.
For example, if the hw_disk_bus=virtio when the instance was first booted, and then the image was later changed to use hw_disk_bus=scsi, then logic which hotplugs disks may mistakenly end up attempting to hotplug a SCSI disk instead of a virtio disk which the instance was initially booted with.
The only code which should look at the image properties should be the initial boot operation. There after all code should be using the recorded instance system metadata, so it is making decisions that are consistent with those made when the instance was first booted.
There is an exception for the rescue operation, which by its very nature should be using the metadata from the rescue image, not the original instance system meta, since the hardware configuration needs to match that of the rescue image requirements.
tags: | added: compute |
Changed in nova: | |
assignee: | nobody → Daniel Berrange (berrange) |
Changed in nova: | |
importance: | Undecided → Medium |
Changed in nova: | |
milestone: | none → liberty-1 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | liberty-1 → 12.0.0 |
Fix proposed to branch: master /review. openstack. org/187251
Review: https:/