OpenStack Compute (Nova)
Go to file
Lee Yarwood 4908daed96 libvirt: Simplify device_path check in _detach_encryptor
Introduced by Id670f13a7f197e71c77dc91276fc2fba2fc5f314 to resolve bug
 #1821696 this check was put in place to ensure _detach_encryptor did not
attempt to use the os-brick encryptors with an unsupported volume type
after libvirt secrets had been removed outside the control of Nova.

With the introduction of the [workarounds]disable_native_luksv1 via
Ia500eb614cf575ab846f64f4b69c9068274c8c1f however the use of
_allow_native_luksv1 as part of this check is no longer valid. As this
helper was updated to return False when the workaround is enabled,
regardless of the underlying volume being attached natively or not.

If an admin had enabled the workaround after users had launched
instances with natively attached encrypted volumes *and* the libvirt
secrets had gone missing _detach_encryptor would attempt to use the
os-brick encryptors. This would fail when the underlying volume type is
unsupported, for example rbd. See bug #1917619 for an example.

This change resolves this corner case by dropping the use of
_allow_native_luksv1 from the check and just asserting that a
device_path is present for an encrypted volume before allowing the use
of the os-brick encryptors. As noted this is safe as calls to the
encryptors are idempotent, ignoring failures to detach when the
underlying volume type is supported.

Closes-Bug: #1917619
Change-Id: Iba40c2df72228b461767d5734d5a62403d9f2cfa
2021-03-23 12:38:40 +00:00
api-guide/source Support interface attach with QoS ports 2021-02-11 16:43:17 +01:00
api-ref/source Merge "api-ref: Add notes about volume attach and detach being async" 2021-01-20 17:54:42 +00:00
devstack Revert "nova-multi-cell: Skip test_cold_migrate_unshelved_instance" 2020-12-17 10:24:27 +00:00
doc Add config parameter 'live_migration_scheme' to live migration with tls guide 2021-03-17 11:31:54 +01:00
etc/nova Allow versioned discovery unauthenticated 2020-04-03 21:24:28 +00:00
gate Merge "Revert "Temporarily disable parts of heal port allocation test"" 2020-12-16 18:37:40 +00:00
nova libvirt: Simplify device_path check in _detach_encryptor 2021-03-23 12:38:40 +00:00
playbooks Make nova-ceph-multistore use policy.yaml 2021-03-10 07:35:24 -08:00
releasenotes Merge "Add release note for vDPA" 2021-03-20 10:40:04 +00:00
roles nova-live-migration: Disable *all* virt services during negative tests 2020-11-27 13:35:42 +00:00
tools Add generate schemas tool 2021-01-18 16:27:00 +00:00
.coveragerc Remove nova/openstack/* from .coveragerc 2016-10-12 16:20:49 -04:00
.gitignore tox: Integrate mypy 2020-05-15 15:59:53 +01:00
.gitreview OpenDev Migration Patch 2019-04-19 19:45:52 +00:00
.mailmap Add mailmap entry 2014-05-07 12:14:26 -07:00
.pre-commit-config.yaml Switch to hacking 2.x 2020-01-17 11:30:40 +00:00
.stestr.conf Finish stestr migration 2017-11-24 16:51:12 -05:00
.zuul.yaml nova-next: Start testing the q35 machine type 2021-03-08 08:58:57 +00:00
CONTRIBUTING.rst [Community goal] Update contributor documentation 2020-03-25 12:01:37 +00:00
HACKING.rst Add a hacking rule for assert_has_calls 2020-09-28 23:08:15 +09:00
LICENSE initial commit 2010-05-27 23:05:26 -07:00
MAINTAINERS Fix broken URLs 2017-09-07 15:42:31 +02:00
README.rst docs: Remove references to XenAPI driver 2020-08-31 15:53:31 +01:00
bindep.txt bindep: Install python3 and python3-devel on CentOS 8 and Fedora 2020-10-03 13:20:21 +01:00
lower-constraints.txt hyper-v rbd volume support 2021-03-02 12:58:11 +00:00
mypy-files.txt nova-manage: Add libvirt get_machine_type command 2021-03-03 14:03:49 +00:00
requirements.txt hyper-v rbd volume support 2021-03-02 12:58:11 +00:00
setup.cfg setup.cfg: Resolve warning 2021-03-09 12:49:50 +00:00
setup.py Updated from global requirements 2017-03-02 11:50:48 +00:00
test-requirements.txt use psycopg2 binary instead of source package 2021-01-14 18:12:04 +00:00
tox.ini tox: Add passenv DISABLE_CHERRY_PICK_CHECK to pep8 2021-02-17 11:23:49 +00:00

README.rst

OpenStack Nova

image

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, OpenStack Ironic and PowerVM.

Use the following resources to learn more.

API

To learn how to use Nova's API, consult the documentation available online at:

For more information on OpenStack APIs, SDKs and CLIs in general, refer to:

Operators

To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:

Developers

For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Other Information

During each Summit and Project Team Gathering, we agree on what the whole community wants to focus on for the upcoming release. The plans for nova can be found at: