Ubuntu
nova package

[SRU] nova rbd auth fallback uses cinder user with libvirt secret

  1. Bionic (18.04)
  2. Bug #1809454
Bug #1809454 reported by Corey Bryant
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Corey Bryant
Ocata
Fix Released
Medium
Unassigned
Pike
Fix Released
Medium
Unassigned
Queens
Fix Released
Medium
Corey Bryant
Rocky
Fix Released
Medium
Corey Bryant
Ubuntu Cloud Archive
Fix Released
High
Unassigned
Ocata
Fix Released
High
Unassigned
Pike
Fix Released
High
Unassigned
Queens
Fix Released
High
Unassigned
Rocky
Fix Released
High
Unassigned
Stein
Fix Released
High
Unassigned
nova (Ubuntu)
Fix Released
High
Corey Bryant
Bionic
Fix Released
High
Unassigned
Cosmic
Fix Released
High
Unassigned
Disco
Fix Released
High
Corey Bryant

Bug Description

[Impact]
From David Ames (thedac), originally posted to https://bugs.launchpad.net/charm-nova-compute/+bug/1671422/comments/25:

Updating this bug. We may decide to move this elsewhere it at some point.

We have a deployment that was upgraded through to pike at which point it was noticed that nova instances with ceph backed volumes would not start.

The cinder key was manually added to the nova-compute nodes in /etc/ceph and with:
sudo virsh secret-define --file /tmp/cinder.secret

However, this did not resolve the problem. It appeared libvirt was trying to use a mixed pair of usernames and keys. It was using the cinder username but the nova-compute key.

Looking at nova's code it falls back to nova.conf when it does not have a secret_uuid from cinder but it was not setting the username correctly.
https://github.com/openstack/nova/blob/stable/pike/nova/virt/libvirt/volume/net.py#L74

The following seems to mitigate this as a temporary fix on nova-compute until we can come up with a complete plan:

https://pastebin.ubuntu.com/p/tGm7C7fpXT/

diff --git a/nova/virt/libvirt/volume/net.py b/nova/virt/libvirt/volume/net.py
index cec43ce93b..8b0148df0b 100644
--- a/nova/virt/libvirt/volume/net.py
+++ b/nova/virt/libvirt/volume/net.py
@@ -71,6 +71,7 @@ class LibvirtNetVolumeDriver(libvirt_volume.LibvirtBaseVolumeDriver):
             else:
                 LOG.debug('Falling back to Nova configuration for RBD auth '
                           'secret_uuid value.')
               + conf.auth_username = CONF.libvirt.rbd_user
                 conf.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid
             # secret_type is always hard-coded to 'ceph' in cinder
             conf.auth_secret_type = netdisk_properties['secret_type']

Apply to /usr/lib/python2.7/dist-packages/nova/virt/libvirt/volume/net.py

We still need a migration plan to get from the topology with nova-compute directly related to ceph to the topology with cinder-ceph related to nova-compute using ceph-access which would populate cinder's secret_uuid.

It is possible we will need to carry the patch for existing instances. It may be worth getting that upstream as master has the same problem.

[Test Case]
Upgrade a juju-deployed cloud with ceph backend for nova and cinder from pre-ocata to ocata or above. Ensure that nova instances with ceph backed volumes successfully start.

[Regression Potential]
The fix is minimal and will not be fixed in Ubuntu until it has been approved upstream.

See original description
Corey Bryant (corey.bryant)
Changed in nova (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Corey Bryant (corey.bryant)
Corey Bryant (corey.bryant)
Changed in nova (Ubuntu Disco):
importance: Critical → High
Changed in nova (Ubuntu Cosmic):
importance: Undecided → High
status: New → Triaged
Changed in nova (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
summary: - nova rbd auth fallback attempts to use cinder auth_username with libvirt
- secret_uuid
+ nova rbd auth fallback attempts to use cinder user with libvirt secret
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/626897

Changed in nova:
assignee: nobody → Corey Bryant (corey.bryant)
status: New → In Progress
Corey Bryant (corey.bryant)
summary: - nova rbd auth fallback attempts to use cinder user with libvirt secret
+ [SRU] nova rbd auth fallback attempts to use cinder user with libvirt
+ secret
summary: - [SRU] nova rbd auth fallback attempts to use cinder user with libvirt
- secret
+ [SRU] nova rbd auth fallback uses cinder user with libvirt secret
description: updated
Matt Riedemann (mriedem)
tags: added: ceph libvirt volumes
Changed in nova:
importance: Undecided → Medium
OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: Corey Bryant (corey.bryant) → Matt Riedemann (mriedem)
Matt Riedemann (mriedem)
Changed in nova:
assignee: Matt Riedemann (mriedem) → Corey Bryant (corey.bryant)
Xav Paice (xavpaice)
tags: added: canonical-bootstack
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/626897
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=47b7c4f3cc582bf463fd0c796df84736a0074f48
Submitter: Zuul
Branch: master

commit 47b7c4f3cc582bf463fd0c796df84736a0074f48
Author: Corey Bryant <email address hidden>
Date: Fri Dec 21 08:23:32 2018 -0500

    Ensure rbd auth fallback uses matching credentials

    As of Ocata, cinder config is preferred for rbd auth values with a
    fallback to nova values [1]. The fallback path, for the case when
    rbd_user is configured in cinder.conf and rbd_secret_uuid is not
    configured in cinder.conf, results in the mismatched use of cinder
    rbd_user with nova rbd_secret_uuid.

    This fixes that fallback path to use nova rbd_user from nova.conf
    with rbd_secret_uuid from nova.conf.

    [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3

    Thanks to David Ames for this fix.

    Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
    Co-Authored-By: David Ames <email address hidden>
    Closes-Bug: #1809454

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/rocky)

Reviewed: https://review.openstack.org/627009
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04
Submitter: Zuul
Branch: stable/rocky

commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04
Author: Corey Bryant <email address hidden>
Date: Fri Dec 21 08:23:32 2018 -0500

    Ensure rbd auth fallback uses matching credentials

    As of Ocata, cinder config is preferred for rbd auth values with a
    fallback to nova values [1]. The fallback path, for the case when
    rbd_user is configured in cinder.conf and rbd_secret_uuid is not
    configured in cinder.conf, results in the mismatched use of cinder
    rbd_user with nova rbd_secret_uuid.

    This fixes that fallback path to use nova rbd_user from nova.conf
    with rbd_secret_uuid from nova.conf.

    [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3

    Thanks to David Ames for this fix.

    Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
    Co-Authored-By: David Ames <email address hidden>
    Closes-Bug: #1809454
    (cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/queens)

Reviewed: https://review.openstack.org/627010
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=accef50f9648dc40f1a6f457f83f5359e9dd2a24
Submitter: Zuul
Branch: stable/queens

commit accef50f9648dc40f1a6f457f83f5359e9dd2a24
Author: Corey Bryant <email address hidden>
Date: Fri Dec 21 08:23:32 2018 -0500

    Ensure rbd auth fallback uses matching credentials

    As of Ocata, cinder config is preferred for rbd auth values with a
    fallback to nova values [1]. The fallback path, for the case when
    rbd_user is configured in cinder.conf and rbd_secret_uuid is not
    configured in cinder.conf, results in the mismatched use of cinder
    rbd_user with nova rbd_secret_uuid.

    This fixes that fallback path to use nova rbd_user from nova.conf
    with rbd_secret_uuid from nova.conf.

    [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3

    Thanks to David Ames for this fix.

    Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
    Co-Authored-By: David Ames <email address hidden>
    Closes-Bug: #1809454
    (cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48)
    (cherry picked from commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04)

Revision history for this message
Corey Bryant (corey.bryant) wrote :

New packages have been uploaded to Ubuntu disco, cosmic and bionic with patches cherry-picked from upstream nova. cosmic and bionic are awaiting SRU review.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2:19.0.0~b1~git2018120609.c9dca64fa6-0ubuntu2

---------------
nova (2:19.0.0~b1~git2018120609.c9dca64fa6-0ubuntu2) disco; urgency=medium

  * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
    picked from upstream to ensure ceph backend continues to work for upgrades
    from pre-Ocata (LP: #1809454).

 -- Corey Bryant <email address hidden> Fri, 21 Dec 2018 09:20:12 -0500

Changed in nova (Ubuntu Disco):
status: Triaged → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Corey, or anyone else affected,

Accepted nova into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nova/2:18.0.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nova (Ubuntu Cosmic):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Corey, or anyone else affected,

Accepted nova into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nova/2:17.0.7-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nova (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into rocky-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:rocky-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-rocky-needed to verification-rocky-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-rocky-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cloud-archive:
status: Triaged → Fix Committed
tags: added: verification-rocky-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into pike-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:pike-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-pike-needed to verification-pike-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-pike-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-pike-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into queens-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:queens-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-queens-needed to verification-queens-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-queens-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-queens-needed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/pike)

Reviewed: https://review.openstack.org/627011
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a7e25aa3d2088e2726988c03e84b3b5ea47bfb7e
Submitter: Zuul
Branch: stable/pike

commit a7e25aa3d2088e2726988c03e84b3b5ea47bfb7e
Author: Corey Bryant <email address hidden>
Date: Fri Dec 21 08:23:32 2018 -0500

    Ensure rbd auth fallback uses matching credentials

    As of Ocata, cinder config is preferred for rbd auth values with a
    fallback to nova values [1]. The fallback path, for the case when
    rbd_user is configured in cinder.conf and rbd_secret_uuid is not
    configured in cinder.conf, results in the mismatched use of cinder
    rbd_user with nova rbd_secret_uuid.

    This fixes that fallback path to use nova rbd_user from nova.conf
    with rbd_secret_uuid from nova.conf.

    [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3

    Thanks to David Ames for this fix.

    Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
    Co-Authored-By: David Ames <email address hidden>
    Closes-Bug: #1809454
    (cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48)
    (cherry picked from commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04)
    (cherry picked from commit accef50f9648dc40f1a6f457f83f5359e9dd2a24)

Revision history for this message
Xav Paice (xavpaice) wrote :

How do we go about getting this moving forward from cloud-archive:queens-proposed to stable so we can run this in production?

Revision history for this message
David Ames (thedac) wrote :

The newton-proposed, ocata-proposed, pike-proposed, queens-proposed, bionic-proposed and rocky-proposed packages have all been tested.

Newton to pike upgrades were performed. The bug no longer exists. The fix is verified in the packages.

tags: added: verification-done-bionic verification-newton-done verification-ocata-done verification-pike-done verification-queens-done verification-rocky-done
removed: verification-needed verification-needed-bionic verification-pike-needed verification-queens-needed verification-rocky-needed
Revision history for this message
David Ames (thedac) wrote :

Verified on cosmic.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Revision history for this message
David Ames (thedac) wrote :

Adding a bit more context.

The original break only occurred with instances launched on Newton with a subsequent upgrade to Ocata.
The required fix needs to be in every Ubuntu/OpenStack combination we support from xenial-ocata to cosmic-rocky.

I tested the upgrade from xenail-newton to xenial-ocata.

I have also tested that no regressions occur with deployments from xenial-pike to cosmic-rocky.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2:18.0.3-0ubuntu2

---------------
nova (2:18.0.3-0ubuntu2) cosmic; urgency=medium

  * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
    picked from upstream to ensure ceph backend continues to work for upgrades
    from pre-Ocata (LP: #1809454).

 -- Corey Bryant <email address hidden> Mon, 07 Jan 2019 14:49:48 -0500

Changed in nova (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 2:18.0.3-0ubuntu2~cloud0
---------------

 nova (2:18.0.3-0ubuntu2~cloud0) bionic-rocky; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 nova (2:18.0.3-0ubuntu2) cosmic; urgency=medium
 .
   * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
     picked from upstream to ensure ceph backend continues to work for upgrades
     from pre-Ocata (LP: #1809454).

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2:17.0.7-0ubuntu2

---------------
nova (2:17.0.7-0ubuntu2) bionic; urgency=medium

  * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
    picked from upstream to ensure ceph backend continues to work for upgrades
    from pre-Ocata (LP: #1809454).

 -- Corey Bryant <email address hidden> Mon, 07 Jan 2019 14:54:42 -0500

Changed in nova (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 2:17.0.7-0ubuntu2~cloud0
---------------

 nova (2:17.0.7-0ubuntu2~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 nova (2:17.0.7-0ubuntu2) bionic; urgency=medium
 .
   * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
     picked from upstream to ensure ceph backend continues to work for upgrades
     from pre-Ocata (LP: #1809454).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 2:16.1.6-0ubuntu1~cloud1
---------------

 nova (2:16.1.6-0ubuntu1~cloud1) xenial-pike; urgency=medium
 .
   * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
     picked from upstream to ensure ceph backend continues to work for upgrades
     from pre-Ocata (LP: #1809454).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 2:15.1.5-0ubuntu1~cloud1
---------------

 nova (2:15.1.5-0ubuntu1~cloud1) xenial-ocata; urgency=medium
 .
   * d/p/ensure-rbd-auth-fallback-uses-matching-credentials.patch: Cherry-
     picked from upstream to ensure ceph backend continues to work for upgrades
     from pre-Ocata (LP: #1809454).

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 19.0.0.0rc1

This issue was fixed in the openstack/nova 19.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 17.0.10

This issue was fixed in the openstack/nova 17.0.10 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 18.2.0

This issue was fixed in the openstack/nova 18.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/ocata)

Reviewed: https://review.openstack.org/627012
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=779e58e97612d9fcb15d8a926fa8e9ddcf88feba
Submitter: Zuul
Branch: stable/ocata

commit 779e58e97612d9fcb15d8a926fa8e9ddcf88feba
Author: Corey Bryant <email address hidden>
Date: Fri Dec 21 08:23:32 2018 -0500

    Ensure rbd auth fallback uses matching credentials

    As of Ocata, cinder config is preferred for rbd auth values with a
    fallback to nova values [1]. The fallback path, for the case when
    rbd_user is configured in cinder.conf and rbd_secret_uuid is not
    configured in cinder.conf, results in the mismatched use of cinder
    rbd_user with nova rbd_secret_uuid.

    This fixes that fallback path to use nova rbd_user from nova.conf
    with rbd_secret_uuid from nova.conf.

    [1] See commit f2d27f6a8afb62815fb6a885bd4f8ae4ed287fd3

    Thanks to David Ames for this fix.

    Change-Id: Ieba216275c07ab16414065ee47e66915e9e9477d
    Co-Authored-By: David Ames <email address hidden>
    Closes-Bug: #1809454
    (cherry picked from commit 47b7c4f3cc582bf463fd0c796df84736a0074f48)
    (cherry picked from commit f5d8ee1bfc3b7b9f1a25f85b42e207db0c9f4b04)
    (cherry picked from commit accef50f9648dc40f1a6f457f83f5359e9dd2a24)
    (cherry picked from commit a7e25aa3d2088e2726988c03e84b3b5ea47bfb7e)

Revision history for this message
Lee Yarwood (lyarwood) wrote :

Released in 17.0.10.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 16.1.8

This issue was fixed in the openstack/nova 16.1.8 release.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

For some reason this wasn't automatically marked "Fix Released" for upstream stable/pike. It's available in the 16.1.8 release for nova. https://opendev.org/openstack/nova/commit/779e58e97612d9fcb15d8a926fa8e9ddcf88feba

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This was fix-released in ocata via nova 2:15.1.5-0ubuntu1~cloud1.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova ocata-eol

This issue was fixed in the openstack/nova ocata-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.