[openstack][glance] Cannot rescue instance if image boot was deleted
Hi folks, I have this problem, It is glad if I had some guides for this situation. Openstack Version: 2023.1 OS: Ubuntu 22.04 Deployment Tool: Kolla-Ansible When I try to rescue an instance that booted from a volume, I cannot do so if the image used for the volume boot has been deleted This is an error message: Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver Error: Block Device Mapping is Invalid: failed to get image 844ea429-23a5-43d4-8f65-19c879d63921. Thank you. Nguyen Huu Khoi
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote:
Hi folks,
I have this problem, It is glad if I had some guides for this situation.
Openstack Version: 2023.1
OS: Ubuntu 22.04 Deployment Tool: Kolla-Ansible
When I try to rescue an instance that booted from a volume, I cannot do so if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id. that should work even if the original image is deleted
This is an error message:
Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver Error: Block Device Mapping is Invalid: failed to get image 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one.
Thank you.
Nguyen Huu Khoi
Hi. I get it but It is a real case when we use Openstack. On Thu, Sep 5, 2024, 5:11 PM <smooney@redhat.com> wrote:
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote:
Hi folks,
I have this problem, It is glad if I had some guides for this situation.
Openstack Version: 2023.1
OS: Ubuntu 22.04 Deployment Tool: Kolla-Ansible
When I try to rescue an instance that booted from a volume, I cannot do so if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id.
that should work even if the original image is deleted
This is an error message:
Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver Error: Block Device Mapping is Invalid: failed to get image 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one.
Thank you.
Nguyen Huu Khoi
On 9/5/24 04:46, Nguyễn Hữu Khôi wrote:
Hi. I get it but It is a real case when we use Openstack.
What is the behavior you expect if the image used to boot the volume no longer exists? If you don't supply an --image when you make the rescue request, Nova tries to "help" by using the original image_id from which the instance was booted. In your case, that image was deleted at some point, so there's no way Nova can get it. And if Nova has no image to use, it can't do the rescue. -melwitt
On Thu, Sep 5, 2024, 5:11 PM <smooney@redhat.com <mailto:smooney@redhat.com>> wrote:
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote: > Hi folks, > > I have this problem, It is glad if I had some guides for this situation. > > Openstack Version: 2023.1 > > OS: Ubuntu 22.04 > Deployment Tool: Kolla-Ansible > > When I try to rescue an instance that booted from a volume, I cannot do so > if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id.
that should work even if the original image is deleted
> This is an error message: > > Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver > Error: Block Device Mapping is Invalid: failed to get image > 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one. > > Thank you. > > Nguyen Huu Khoi
Hello Melanie, I don't have any idea about the behavior at the moment but to workaround, I delete the instance and launch it from volume. We are lost SAN and all images were gone so I ask for this case. Nguyen Huu Khoi On Fri, Sep 6, 2024 at 8:05 AM melanie witt <melwittt@gmail.com> wrote:
On 9/5/24 04:46, Nguyễn Hữu Khôi wrote:
Hi. I get it but It is a real case when we use Openstack.
What is the behavior you expect if the image used to boot the volume no longer exists?
If you don't supply an --image when you make the rescue request, Nova tries to "help" by using the original image_id from which the instance was booted. In your case, that image was deleted at some point, so there's no way Nova can get it. And if Nova has no image to use, it can't do the rescue.
-melwitt
On Thu, Sep 5, 2024, 5:11 PM <smooney@redhat.com <mailto:smooney@redhat.com>> wrote:
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote: > Hi folks, > > I have this problem, It is glad if I had some guides for this situation. > > Openstack Version: 2023.1 > > OS: Ubuntu 22.04 > Deployment Tool: Kolla-Ansible > > When I try to rescue an instance that booted from a volume, I cannot do so > if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id.
that should work even if the original image is deleted
> This is an error message: > > Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver > Error: Block Device Mapping is Invalid: failed to get image > 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one. > > Thank you. > > Nguyen Huu Khoi
Just upload a new image that you want to rescue your instances with and specify it in the rescue command, as Melanie already wrote: openstack server rescue --image <IMAGE> <INSTANCE> Zitat von Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com>:
Hello Melanie,
I don't have any idea about the behavior at the moment but to workaround, I delete the instance and launch it from volume. We are lost SAN and all images were gone so I ask for this case.
Nguyen Huu Khoi
On Fri, Sep 6, 2024 at 8:05 AM melanie witt <melwittt@gmail.com> wrote:
On 9/5/24 04:46, Nguyễn Hữu Khôi wrote:
Hi. I get it but It is a real case when we use Openstack.
What is the behavior you expect if the image used to boot the volume no longer exists?
If you don't supply an --image when you make the rescue request, Nova tries to "help" by using the original image_id from which the instance was booted. In your case, that image was deleted at some point, so there's no way Nova can get it. And if Nova has no image to use, it can't do the rescue.
-melwitt
On Thu, Sep 5, 2024, 5:11 PM <smooney@redhat.com <mailto:smooney@redhat.com>> wrote:
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote: > Hi folks, > > I have this problem, It is glad if I had some guides for this situation. > > Openstack Version: 2023.1 > > OS: Ubuntu 22.04 > Deployment Tool: Kolla-Ansible > > When I try to rescue an instance that booted from a volume, I cannot do so > if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id.
that should work even if the original image is deleted
> This is an error message: > > Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver > Error: Block Device Mapping is Invalid: failed to get image > 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one. > > Thank you. > > Nguyen Huu Khoi
Thank you @Eugen Block <eblock@nde.ag> , Using Image name then it works. Nguyen Huu Khoi On Sun, Sep 8, 2024 at 10:01 PM Eugen Block <eblock@nde.ag> wrote:
Just upload a new image that you want to rescue your instances with and specify it in the rescue command, as Melanie already wrote:
openstack server rescue --image <IMAGE> <INSTANCE>
Zitat von Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com>:
Hello Melanie,
I don't have any idea about the behavior at the moment but to workaround, I delete the instance and launch it from volume. We are lost SAN and all images were gone so I ask for this case.
Nguyen Huu Khoi
On Fri, Sep 6, 2024 at 8:05 AM melanie witt <melwittt@gmail.com> wrote:
On 9/5/24 04:46, Nguyễn Hữu Khôi wrote:
Hi. I get it but It is a real case when we use Openstack.
What is the behavior you expect if the image used to boot the volume no longer exists?
If you don't supply an --image when you make the rescue request, Nova tries to "help" by using the original image_id from which the instance was booted. In your case, that image was deleted at some point, so there's no way Nova can get it. And if Nova has no image to use, it can't do the rescue.
-melwitt
On Thu, Sep 5, 2024, 5:11 PM <smooney@redhat.com <mailto:smooney@redhat.com>> wrote:
On Thu, 2024-09-05 at 16:02 +0700, Nguyễn Hữu Khôi wrote: > Hi folks, > > I have this problem, It is glad if I had some guides for this situation. > > Openstack Version: 2023.1 > > OS: Ubuntu 22.04 > Deployment Tool: Kolla-Ansible > > When I try to rescue an instance that booted from a volume, I cannot do so > if the image used for the volume boot has been deleted
rescue uses the image the instance was created from where the instance is boot form image or boot form volume by default if you do not provide one, but you can pass a different image when calling rescue by specifying its id.
that should work even if the original image is deleted
> This is an error message: > > Instance 6deeed71-c701-42a3-a8f9-d89048a47c11 cannot be rescued: Driver > Error: Block Device Mapping is Invalid: failed to get image > 844ea429-23a5-43d4-8f65-19c879d63921.
i don't think there is anything glance can do as glance does not allow you to recreate an image with a previous uuid as that would allow for malicious ABA attacks were a bad actor uploads an image with the same uuid as a previously deleted one. > > Thank you. > > Nguyen Huu Khoi
participants (4)
-
Eugen Block
-
melanie witt
-
Nguyễn Hữu Khôi
-
smooney@redhat.com