resize of server with qos ports fails if called by non admin user

Bug #1849695 reported by Balazs Gibizer on 2019-10-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
High
Balazs Gibizer
Train
Undecided
Balazs Gibizer

Bug Description

As a non admin:

* Create a server with a qos port.
* Resize the server to another flavor.

=> Server goes to ERROR state and the following is logged in the nova-compute log on the destination host

Oct 24 14:33:42 aio nova-compute[10293]: ERROR oslo_messaging.rpc.server PortUpdateFailed: Port update failed for port b1593c18-b088-4d5c-b3c6-bdd5348f3b52: Provider mappings are not available to the compute service but are required for ports with a resource request.

Triage:

Similarly to bug 1849657 Nova uses a non admin Neutron client to query the ports[1] at the start of the resize. The the resize operation is not called by an admin user then the resource_request field of the Neutron is not filled. This causes that Nova does allocate resources and does not create port - rp mapping for the qos ports on the destination node. But when the qos port is being updated on the destination host [2] nova uses an admin client and therefore sees the resource_request of the qos ports. As the port - rp mapping is missing for these ports the resize fails.

[1] https://github.com/openstack/nova/blob/1bfa4626d13d0a73e63745cc4a864ae86d490daf/nova/network/neutronv2/api.py#L2228
[2] https://github.com/openstack/nova/blob/1bfa4626d13d0a73e63745cc4a864ae86d490daf/nova/network/neutronv2/api.py#L3305

tags: added: neutron resize
Changed in nova:
status: New → Triaged
assignee: nobody → Balazs Gibizer (balazs-gibizer)
importance: Undecided → High

Fix proposed to branch: master
Review: https://review.opendev.org/691005

Changed in nova:
status: Triaged → In Progress
Balazs Gibizer (balazs-gibizer) wrote :

I've tested migrate as well by setting the policy form admin_api to admin_or_owner and triggered a migration from the demo user (owner). With the patch https://review.opendev.org/691005 this works correctly.

Balazs Gibizer (balazs-gibizer) wrote :

This needs to be backported til Train as we added support for resize of such servers in Train

Changed in nova:
assignee: Balazs Gibizer (balazs-gibizer) → Matt Riedemann (mriedem)
Matt Riedemann (mriedem) on 2019-11-06
Changed in nova:
assignee: Matt Riedemann (mriedem) → Balazs Gibizer (balazs-gibizer)

Reviewed: https://review.opendev.org/691005
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=38a214466fa2cccc3808ca6d7d7140cf56f733ba
Submitter: Zuul
Branch: master

commit 38a214466fa2cccc3808ca6d7d7140cf56f733ba
Author: Balazs Gibizer <email address hidden>
Date: Thu Oct 24 17:31:45 2019 +0200

    Use admin neutron client to gather port resource requests

    The network_api get_requested_resource_for_instance() creates a neutron
    client with the current request context and uses the client to query
    neutron ports. Neutron does not return the resource_request of the
    neutron port if it is queried by a non-admin. So if the request context
    was a non admin context nova thought that none of the ports have resource
    requests.

    This patch ensures that an admin client is used to query the ports.

    Change-Id: I1178fb77a74010c3b9f51eea22c7e7576b600015
    Closes-Bug: #1849695

Changed in nova:
status: In Progress → Fix Released

Reviewed: https://review.opendev.org/694015
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=c7a43d342735c93ef33208af9de06ce2d743e477
Submitter: Zuul
Branch: stable/train

commit c7a43d342735c93ef33208af9de06ce2d743e477
Author: Balazs Gibizer <email address hidden>
Date: Thu Oct 24 17:31:45 2019 +0200

    Use admin neutron client to gather port resource requests

    The network_api get_requested_resource_for_instance() creates a neutron
    client with the current request context and uses the client to query
    neutron ports. Neutron does not return the resource_request of the
    neutron port if it is queried by a non-admin. So if the request context
    was a non admin context nova thought that none of the ports have resource
    requests.

    This patch ensures that an admin client is used to query the ports.

    Change-Id: I1178fb77a74010c3b9f51eea22c7e7576b600015
    Closes-Bug: #1849695
    (cherry picked from commit 38a214466fa2cccc3808ca6d7d7140cf56f733ba)

This issue was fixed in the openstack/nova 20.1.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers