openstack/nova
Code Issues Proposed changes

Fix logging in MemEncryption-related checks

Browse Source 
Currently Nova produces ambigous error when volume-backed instance
is started using flavor with hw:mem_encryption extra_specs flag:
ImageMeta doesn't contain name if it represents Cinder volume.

This fix sligtly changes steps to get image_meta.name for
some MemEncryption-related checks where it could make any
difference.

Closes-bug: #2006952
Change-Id: Ia69e7cb18cd862f01ecfdbdc358c87af1ab8fbf6
This commit is contained in:
Alexey Stupnikov
2023-02-10 17:14:17 +01:00
parent a296441782
commit 54faea0196
3 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nova/tests/unit/virt/libvirt/test_driver.py
View File

@@ -3402,7 +3402,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
self.assertEqual( self.assertEqual(
"Memory encryption requested by hw:mem_encryption extra spec in " "Memory encryption requested by hw:mem_encryption extra spec in "
"m1.fake flavor but image fake_image doesn't have " "m1.fake flavor but image fake_image doesn't have "
"'hw_firmware_type' property set to 'uefi'", str(exc)) "'hw_firmware_type' property set to 'uefi' or volume-backed "
"instance was requested", str(exc))
def test_sev_enabled_host_extra_spec_no_machine_type(self): def test_sev_enabled_host_extra_spec_no_machine_type(self):
exc = self.assertRaises(exception.InvalidMachineType, exc = self.assertRaises(exception.InvalidMachineType,

21
nova/tests/unit/virt/test_hardware.py
View File

@@ -5364,7 +5364,7 @@ class MemEncryptionRequestedWithoutUEFITestCase(
expected_error = ( expected_error = (
"Memory encryption requested by %(requesters)s but image " "Memory encryption requested by %(requesters)s but image "
"%(image_name)s doesn't have 'hw_firmware_type' property " "%(image_name)s doesn't have 'hw_firmware_type' property "
"set to 'uefi'" "set to 'uefi' or volume-backed instance was requested"
) )
def _test_encrypted_memory_support_no_uefi(self, enc_extra_spec, def _test_encrypted_memory_support_no_uefi(self, enc_extra_spec,
@@ -5491,6 +5491,25 @@ class MemEncryptionRequiredTestCase(test.NoDBTestCase):
(self.flavor_name, self.image_id) (self.flavor_name, self.image_id)
) )
def test_encrypted_memory_support_flavor_for_volume(self):
extra_specs = {'hw:mem_encryption': True}
flavor = objects.Flavor(name=self.flavor_name,
extra_specs=extra_specs)
# Following image_meta is typical for root Cinder volume
image_meta = objects.ImageMeta.from_dict({
'min_disk': 0,
'min_ram': 0,
'properties': {},
'size': 0,
'status': 'active'})
# Confirm that exception.FlavorImageConflict is raised when
# flavor with hw:mem_encryption flag is used to create
# volume-backed instance
self.assertRaises(exception.FlavorImageConflict,
hw.get_mem_encryption_constraint, flavor,
image_meta)
class PCINUMAAffinityPolicyTest(test.NoDBTestCase): class PCINUMAAffinityPolicyTest(test.NoDBTestCase):

18
nova/virt/hardware.py
View File

@@ -1213,10 +1213,13 @@ def _check_for_mem_encryption_requirement_conflicts(
"image %(image_name)s which has hw_mem_encryption property " "image %(image_name)s which has hw_mem_encryption property "
"explicitly set to %(image_val)s" "explicitly set to %(image_val)s"
) )
# image_meta.name is not set if image object represents root
# Cinder volume.
image_name = (image_meta.name if 'name' in image_meta else None)
data = { data = {
'flavor_name': flavor.name, 'flavor_name': flavor.name,
'flavor_val': flavor_mem_enc_str, 'flavor_val': flavor_mem_enc_str,
'image_name': image_meta.name, 'image_name': image_name,
'image_val': image_mem_enc, 'image_val': image_mem_enc,
} }
raise exception.FlavorImageConflict(emsg % data) raise exception.FlavorImageConflict(emsg % data)
@@ -1228,10 +1231,15 @@ def _check_mem_encryption_uses_uefi_image(requesters, image_meta):
emsg = _( emsg = _(
"Memory encryption requested by %(requesters)s but image " "Memory encryption requested by %(requesters)s but image "
"%(image_name)s doesn't have 'hw_firmware_type' property set to 'uefi'" "%(image_name)s doesn't have 'hw_firmware_type' property set to "
"'uefi' or volume-backed instance was requested"
) )
# image_meta.name is not set if image object represents root Cinder
# volume, for this case FlavorImageConflict should be raised, but
# image_meta.name can't be extracted.
image_name = (image_meta.name if 'name' in image_meta else None)
data = {'requesters': " and ".join(requesters), data = {'requesters': " and ".join(requesters),
'image_name': image_meta.name} 'image_name': image_name}
raise exception.FlavorImageConflict(emsg % data) raise exception.FlavorImageConflict(emsg % data)
@@ -1260,12 +1268,14 @@ def _check_mem_encryption_machine_type(image_meta, machine_type=None):
if mach_type is None: if mach_type is None:
return return
# image_meta.name is not set if image object represents root Cinder volume.
image_name = (image_meta.name if 'name' in image_meta else None)
# Could be something like pc-q35-2.11 if a specific version of the # Could be something like pc-q35-2.11 if a specific version of the
# machine type is required, so do substring matching. # machine type is required, so do substring matching.
if 'q35' not in mach_type: if 'q35' not in mach_type:
raise exception.InvalidMachineType( raise exception.InvalidMachineType(
mtype=mach_type, mtype=mach_type,
image_id=image_meta.id, image_name=image_meta.name, image_id=image_meta.id, image_name=image_name,
reason=_("q35 type is required for SEV to work")) reason=_("q35 type is required for SEV to work"))