bc29084012
Inheritance of image properties from the image an instance was booted from to an image created from that instance is governed by the non_inheritable_image_properties configuration option. However, there are some image properties (for example, those used for image signature validation or to reference a cinder encryption key id) which it makes no sense to inherit under any circumstances. Additionally, misconfiguration of the non-inheritable properties can lead to data loss under the circumstances described in Bug #1852106. So it would be better if these properties were not subject to configuration. The initial set of absolutely non-inheritable image properties consists of those associated with cinder encryption keys and image signature validation. Change-Id: I4332b9c343b6c2b50226baa8f78396c2012dabd1 Closes-bug: #1852106
38 lines
2.2 KiB
YAML
38 lines
2.2 KiB
YAML
---
|
|
issues:
|
|
- |
|
|
In prior releases, an attempt to boot an instance directly from an image
|
|
that was created by the Block Storage Service from an encrypted volume
|
|
resulted in the instance going ACTIVE but being unusable. If a user then
|
|
performed the image-create action on such an instance, the new image would
|
|
inherit the ``cinder_encryption_key_id`` and, beginning with the 20.0.0
|
|
(Train) release, the ``cinder_encryption_key_deletion_policy`` image
|
|
properties, assuming these were not included in the
|
|
``non_inheritable_image_properties`` configuration option. (The default
|
|
setting for that option does *not* include these.) Beginning with 20.0.0
|
|
(Train), when the new image was deleted, the encryption key for the
|
|
*original* image would be deleted, thereby rendering it unusable for the
|
|
normal workflow of creating a volume from the image and booting an instance
|
|
from the volume. Beginning with this release:
|
|
|
|
* The Compute API will return a 400 (Bad Request) response to a request
|
|
to directly boot an image created from an encrypted volume.
|
|
* The image properties ``cinder_encryption_key_id`` and
|
|
``cinder_encryption_key_deletion_policy`` are absolutely non-inheritable
|
|
regardless of the ``non_inheritable_image_properties`` setting.
|
|
upgrade:
|
|
- |
|
|
The ``non_inheritable_image_properties`` configuration option inhibits
|
|
the transfer of image properties from the image an instance was created
|
|
from to images created from that instance. There are, however, image
|
|
properties (for example, the properties used for image signature
|
|
validation) that should *never* be transferred to an instance snapshot.
|
|
Prior to this release, such properties were included in the default
|
|
setting for this configuration option, but this allowed the possibility
|
|
that they might be removed by mistake, thereby resulting in a poor user
|
|
experience. To prevent that from happening, nova now maintains an
|
|
internal list of image properties that are absolutely non-inheritable
|
|
regardless of the setting of the configuration option. See the help
|
|
text for ``non_inheritable_image_properties`` in the sample nova
|
|
configuration file for details.
|