OpenStack Compute (nova)

resize of server with qos ports fails if called by non admin user

  1. Series train
  2. Bug #1849695
Bug #1849695 reported by Balazs Gibizer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Balazs Gibizer
Train
Fix Committed
Undecided
Balazs Gibizer

Bug Description

As a non admin:

* Create a server with a qos port.
* Resize the server to another flavor.

=> Server goes to ERROR state and the following is logged in the nova-compute log on the destination host

Oct 24 14:33:42 aio nova-compute[10293]: ERROR oslo_messaging.rpc.server PortUpdateFailed: Port update failed for port b1593c18-b088-4d5c-b3c6-bdd5348f3b52: Provider mappings are not available to the compute service but are required for ports with a resource request.

Triage:

Similarly to bug 1849657 Nova uses a non admin Neutron client to query the ports[1] at the start of the resize. The the resize operation is not called by an admin user then the resource_request field of the Neutron is not filled. This causes that Nova does allocate resources and does not create port - rp mapping for the qos ports on the destination node. But when the qos port is being updated on the destination host [2] nova uses an admin client and therefore sees the resource_request of the qos ports. As the port - rp mapping is missing for these ports the resize fails.

[1] https://github.com/openstack/nova/blob/1bfa4626d13d0a73e63745cc4a864ae86d490daf/nova/network/neutronv2/api.py#L2228
[2] https://github.com/openstack/nova/blob/1bfa4626d13d0a73e63745cc4a864ae86d490daf/nova/network/neutronv2/api.py#L3305

Tags: neutron resize
Balazs Gibizer (balazs-gibizer)
tags: added: neutron resize
Changed in nova:
status: New → Triaged
assignee: nobody → Balazs Gibizer (balazs-gibizer)
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.opendev.org/691005

Changed in nova:
status: Triaged → In Progress
Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

I've tested migrate as well by setting the policy form admin_api to admin_or_owner and triggered a migration from the demo user (owner). With the patch https://review.opendev.org/691005 this works correctly.

Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

This needs to be backported til Train as we added support for resize of such servers in Train

OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: Balazs Gibizer (balazs-gibizer) → Matt Riedemann (mriedem)
Matt Riedemann (mriedem)
Changed in nova:
assignee: Matt Riedemann (mriedem) → Balazs Gibizer (balazs-gibizer)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.opendev.org/691005
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=38a214466fa2cccc3808ca6d7d7140cf56f733ba
Submitter: Zuul
Branch: master

commit 38a214466fa2cccc3808ca6d7d7140cf56f733ba
Author: Balazs Gibizer <email address hidden>
Date: Thu Oct 24 17:31:45 2019 +0200

    Use admin neutron client to gather port resource requests

    The network_api get_requested_resource_for_instance() creates a neutron
    client with the current request context and uses the client to query
    neutron ports. Neutron does not return the resource_request of the
    neutron port if it is queried by a non-admin. So if the request context
    was a non admin context nova thought that none of the ports have resource
    requests.

    This patch ensures that an admin client is used to query the ports.

    Change-Id: I1178fb77a74010c3b9f51eea22c7e7576b600015
    Closes-Bug: #1849695

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/694015

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/train)

Reviewed: https://review.opendev.org/694015
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=c7a43d342735c93ef33208af9de06ce2d743e477
Submitter: Zuul
Branch: stable/train

commit c7a43d342735c93ef33208af9de06ce2d743e477
Author: Balazs Gibizer <email address hidden>
Date: Thu Oct 24 17:31:45 2019 +0200

    Use admin neutron client to gather port resource requests

    The network_api get_requested_resource_for_instance() creates a neutron
    client with the current request context and uses the client to query
    neutron ports. Neutron does not return the resource_request of the
    neutron port if it is queried by a non-admin. So if the request context
    was a non admin context nova thought that none of the ports have resource
    requests.

    This patch ensures that an admin client is used to query the ports.

    Change-Id: I1178fb77a74010c3b9f51eea22c7e7576b600015
    Closes-Bug: #1849695
    (cherry picked from commit 38a214466fa2cccc3808ca6d7d7140cf56f733ba)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 20.1.0

This issue was fixed in the openstack/nova 20.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.