Glance cannot remove image if Nova boots instance from image with incorrect signature.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Mitya Eremeev |
Bug Description
Description
===========
Nova is configured to verify glance images:
[glance]
verify_
Glance backend is Ceph.
Steps to reproduce
==================
1. create glance image with proper signature
2. update glance image with incorrect signature
3. try to boot instance from the glance image with incorrect signature.
Boot fails because Nova checks signature and verification fails.
It's correct behavior.
barbican_
-------
Captured traceback:
~~~~~~~~~~~~~~~~~~~
Traceback (most recent call last):
File "/var/lib/
resp, _ = self.delete(url)
File "/var/lib/
return self.request(
File "/var/lib/
self.
File "/var/lib/
raise exceptions.
tempest.
Details: {'message': 'Image c321f6be-
4. Delete the glance image right after failed instance boot.
Expected result
===============
Glance image was deleted successfully.
Actual result
=============
Glance cannot be deleted.
In Glance backend we see that there are watchers that protect glance image from deletion:
# rbd rm --pool images-hdd c321f6be-
2021-10-
Removing image: 0% complete...failed.
rbd: error: image still has watchers
This means the image is still open or the client using it crashed. Try again after closing/unmapping it or waiting 30s for the crashed client to timeout.
# rbd status --pool images-hdd c321f6be-
Watchers:
The behavior is reproduced by tempest test:
https:/
Environment
===========
1. Openstack version: Victoria
2. Hypervisor: KVM + libvirt
3. Glance storage: Ceph, Nova storage: local.
4. Networking: Neutron with OVS
Changed in nova: | |
assignee: | nobody → Mitya Eremeev (mitos) |
assignee: | Mitya Eremeev (mitos) → nobody |
assignee: | nobody → Mitya Eremeev (mitos) |
status: | New → In Progress |
Fix proposed to branch: master /review. opendev. org/c/openstack /nova/+ /815347
Review: https:/