| 2015-06-16 13:39:54 |
Dane Fichter |
description |
When booting from an encrypted volume created from a whole image (i.e. not a three-part image), Nova reports that the instance has booted successfully. However, simply examining the console or attempting to ssh into the instance reveals that it failed to boot.
Expected Behavior:
1. We should be able to boot from an encrypted volume containing a whole part image.
2. If booting from this volume fails, Nova should throw an error and alert the end user.
Actual Behavior:
1. Instance does not successfully boot from volume.
2. Nova provides no indication that booting has failed.
How to Reproduce behavior:
1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
2. Add the image to Glance using the CLI:
glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw --is_public=true --file=cirros-0.3.3-x86_64.raw
3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
Provider = nova.volume.encryptors.luks.LuksEncryptor
Control Location = front-end
Cipher = aes-xts-plain64
Key Size: = 512
4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.).
You should observe that, although there are no errors presented to the end user, the instance clearly does not boot. Additionally, be way of a control, you can repeat these steps without creating an encrypted volume type and observe that the instance boots successfully. |
When booting from an encrypted volume created from a whole image (i.e. not a three-part image), Nova reports that the instance has booted successfully. However, simply examining the console or attempting to ssh into the instance reveals that it failed to boot.
Expected Behavior:
1. We should be able to boot from an encrypted volume containing a whole part image.
2. If booting from this volume fails, Nova should throw an error and alert the end user.
Actual Behavior:
1. Instance does not successfully boot from volume.
2. Nova provides no indication that booting has failed.
How to Reproduce behavior:
1. Download a whole image (I'm using cirros-0.3.3-x86_64.raw)
2. Add the image to Glance using the CLI:
glance image-create --name='cirros' --container-format=bare --owner=demo --disk-format=raw --is_public=true --file=cirros-0.3.3-x86_64.raw
3. Log into Horizon as an admin and create an encrypted volume type through the UI. The encrypted volume type I've been using has the following attributes:
Provider = nova.volume.encryptors.luks.LuksEncryptor
Control Location = front-end
Cipher = aes-xts-plain64
Key Size: = 512
4. Log into Horizon as demo and use the UI to create a volume of the encrypted type from the whole image. Ensure that the volume is larger than the image.
5. Use the Horizon UI to boot an instance from the encrypted volume. Be sure to select a flavor with greater disk space than the size of the image (I use m1.tiny).
You should observe that, although there are no errors presented to the end user, the instance clearly does not boot. Additionally, be way of a control, you can repeat these steps without creating an encrypted volume type and observe that the instance boots successfully. |
|
