From d69f309053bb467e7cb0b10928638d6c381a4b83 Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Mon, 29 Mar 2021 08:32:58 -0400 Subject: [PATCH] RBD: Open RBD images read-only where possible In cases where we don't need to modify the image, open rbd images in read-only mode. Closes-Bug: #1947518 Change-Id: I8287460b902dd525aa5313861142f5fb8490e60a (cherry picked from commit e644e3584b040823f3b3d9d73730b861a3ec413f) (cherry picked from commit 5b169aeea76baecf0b6795efd09dfb1c58ff20d9) (cherry picked from commit f2fe6cc115da08670e7aab39fc21b354ce55d3cd) (cherry picked from commit 5379af08f0a821f6d4cf1571e83680d55e5c17b8) --- cinder/volume/drivers/rbd.py | 15 ++++++++++----- ...947518-rbd-open-readonly-ba523c4b0ddbba76.yaml | 9 +++++++++ 2 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/bug-1947518-rbd-open-readonly-ba523c4b0ddbba76.yaml diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py index 603aa29da36..ef23806d649 100644 --- a/cinder/volume/drivers/rbd.py +++ b/cinder/volume/drivers/rbd.py @@ -281,7 +281,7 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, def _show_msg_check_clone_v2_api(self, volume_name): if not self._clone_v2_api_checked: self._clone_v2_api_checked = True - with RBDVolumeProxy(self, volume_name) as volume: + with RBDVolumeProxy(self, volume_name, read_only=True) as volume: try: if (volume.volume.op_features() & self.rbd.RBD_OPERATION_FEATURE_CLONE_PARENT): @@ -649,7 +649,9 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, def _get_clone_depth(self, client, volume_name, depth=0): """Returns the number of ancestral clones of the given volume.""" - parent_volume = self.rbd.Image(client.ioctx, volume_name) + parent_volume = self.rbd.Image(client.ioctx, + volume_name, + read_only=True) try: _pool, parent, _snap = self._get_clone_info(parent_volume, volume_name) @@ -996,7 +998,7 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, default_stripe_unit = \ self.configuration.rbd_store_chunk_size * units.Mi - image = self.rbd.Image(ioctx, volume_name) + image = self.rbd.Image(ioctx, volume_name, read_only=True) try: image_stripe_unit = image.stripe_unit() finally: @@ -1738,7 +1740,9 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, with RADOSClient(self) as client: # Raise an exception if we didn't find a suitable rbd image. try: - rbd_image = self.rbd.Image(client.ioctx, rbd_name) + rbd_image = self.rbd.Image(client.ioctx, + rbd_name, + read_only=True) except self.rbd.ImageNotFound: kwargs = {'existing_ref': rbd_name, 'reason': 'Specified rbd image does not exist.'} @@ -1965,7 +1969,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, # Raise an exception if we didn't find a suitable rbd image. try: rbd_snapshot = self.rbd.Image(client.ioctx, volume_name, - snapshot=snapshot_name) + snapshot=snapshot_name, + read_only=True) except self.rbd.ImageNotFound: kwargs = {'existing_ref': snapshot_name, 'reason': 'Specified snapshot does not exist.'} diff --git a/releasenotes/notes/bug-1947518-rbd-open-readonly-ba523c4b0ddbba76.yaml b/releasenotes/notes/bug-1947518-rbd-open-readonly-ba523c4b0ddbba76.yaml new file mode 100644 index 00000000000..69f063d1245 --- /dev/null +++ b/releasenotes/notes/bug-1947518-rbd-open-readonly-ba523c4b0ddbba76.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + RBD driver `bug #1947518 + `_: + Corrected a regression caused by the fix for `Bug #1931004 + `_ that was attempting + to access the glance images RBD pool with write privileges when creating + a volume from an image.