OpenStack Compute (nova)

Comment 16 for bug 1905701

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-17: Fix merged to nova (stable/wallaby)

#16

Reviewed: https://review.opendev.org/c/openstack/nova/+/796258
Committed: https://opendev.org/openstack/nova/commit/9cac2a8822ab81b7a0aa1f5b4472b306e4b68f93
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 9cac2a8822ab81b7a0aa1f5b4472b306e4b68f93
Author: Lee Yarwood <email address hidden>
Date: Thu May 27 16:47:26 2021 +0100

libvirt: Do not destroy volume secrets during _hard_reboot

    Ia2007bc63ef09931ea0197cef29d6a5614ed821a unfortunately missed that
    resume_state_on_host_boot calls down into _hard_reboot always removing
    volume secrets rendering that change useless.

    This change seeks to address this by using the destroy_secrets kwarg
    introduced by I856268b371f7ba712b02189db3c927cd762a4dc3 within the
    _hard_reboot method of the libvirt driver to ensure secrets are not
    removed during a hard reboot.

    This resolves the original issue in bug #1905701 *and* allows admins to
    hard reboot a users instance when that instance has encrypted volumes
    attached with secrets stored in Barbican. This latter use case being
    something we can easily test within tempest unlike the compute reboot in
    bug #1905701.

    This change is kept small as it should ideally be backported alongside
    Ia2007bc63ef09931ea0197cef29d6a5614ed821a to stable/queens. Follow up
    changes on master will improve formatting, doc text and introduce
    functional tests to further validate this new behaviour of hard reboot
    within the libvirt driver.

    Closes-Bug: #1905701
    Change-Id: I3d1b21ba6eb3f5eb728693197c24b4b315eef821
    (cherry picked from commit 26d65fc882e42b824409dff87ff026dee1debe20)