image_utils: ImageUnacceptable exception during creating volume

Bug #2008064 reported by Ayumu Ueha
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Ayumu Ueha

Bug Description

In Zuul CI of Tacker project, the following error occur in c-vol process since 21th Feb 2023.

ERROR cinder.volume.volume_utils Traceback (most recent call last):
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/volume/", line 1209, in copy_image_to_volume
ERROR cinder.volume.volume_utils driver.copy_image_to_volume(
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/volume/drivers/", line 517, in copy_image_to_volume
ERROR cinder.volume.volume_utils image_utils.fetch_to_raw(context,
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/image/", line 831, in fetch_to_raw
ERROR cinder.volume.volume_utils fetch_to_volume_format(context, image_service, image_id, dest, 'raw',
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/image/", line 978, in fetch_to_volume_format
ERROR cinder.volume.volume_utils convert_image(tmp, dest, volume_format,
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/image/", line 478, in convert_image
ERROR cinder.volume.volume_utils check_image_format(source, src_format, image_id, data, run_as_root)
ERROR cinder.volume.volume_utils File "/opt/stack/cinder/cinder/image/", line 758, in check_image_format
ERROR cinder.volume.volume_utils raise exception.ImageUnacceptable(
ERROR cinder.volume.volume_utils cinder.exception.ImageUnacceptable: Image 4d0e2375-2eee-4d73-b947-06d2aa816670 is unacceptable: The image format was claimed to be 'raw' but the image data appears to be in a different format.
Please refer to the attached file for the whole log. Attached log is obtained from the following CI results:

Previously, this error did not occur with the same data.
Is there any related fixes on Feb 20th-21th?

It is difficult to analyze from now on for us, so I will report the situation as a bug report.
As it is just before RC1, I expect a quick solution. Thanks.

CVE References

Revision history for this message
Ayumu Ueha (ueha) wrote :
Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Yes, we made a change to address CVE-2022-47951, and released new cinder on all stable branches.

See the second bullet point in the "Security Issues" section of the release notes:

Can you provide the output of an image-show on 4d0e2375-2eee-4d73-b947-06d2aa816670, particularly what the disk_format property is?

Also, if possible, can you do a 'qemu-img info --output=json <filename>' on the image file that you uploaded to glance?

Changed in cinder:
status: New → Incomplete
Revision history for this message
Ayumu Ueha (ueha) wrote :
Download full text (4.3 KiB)

Thanks for your reply!

* image-show from zuul ci log (job-output.txt)
| Field | Value |
| container_format | bare |
| created_at | 2023-02-21T11:32:55Z |
| disk_format | raw |
| file | /v2/images/4d0e2375-2eee-4d73-b947-06d2aa816670/file |
| id | 4d0e2375-2eee-4d73-b947-06d2aa816670 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.5.2-x86_64-disk |
| owner | 48241c30596b42b2a87ff90074120c31 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/cirros-0.5.2-x86_64-disk', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2023-02-21T11:32:55Z ...


Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

@Ayumu: thanks for the quick response. You can see that image-show says this:

| disk_format | raw |

but what the image format actually is, according to qemu-img:

    "format": "qcow2",

The way to fix this is to look in your CI setup for where you upload the image. If you are using python-openstackclient, if you don't specify the --disk-format, openstackclient sets 'raw' as the default. So add

  --disk-format qcow2

to your 'openstack image create' statement.

Revision history for this message
Ayumu Ueha (ueha) wrote :

Thanks for your information, I will try it! :)

Revision history for this message
Ayumu Ueha (ueha) wrote :

I don't know why, but the test succeeded yesterday without correcting your proposal..
But anyway, I think it is necessary to deal with it, so I will try to fix it in.

Ayumu Ueha (ueha)
affects: cinder → tacker
Changed in tacker:
assignee: nobody → Ayumu Ueha (ueha)
status: Incomplete → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tacker (master)

Submitter: "Zuul (22348)"
Branch: master

commit 94d2433df7f643cdda076f8c81035bfb3f4c1036
Author: Ayumu Ueha <email address hidden>
Date: Wed Feb 22 15:40:16 2023 +0000

    Fix to upload as the appropriate image format

    Cinder updates to check the format of images for security issue [1].
    The format of cirros image is qcow2 but upload as raw at devstack init
    process of Tacker.

    This patch fixes to upload images to glance as the appropriate format.


    Closes-Bug: #2008064
    Change-Id: Ib7a36af99bc77f3bd1c95411760ff8cbd2456a3e

Changed in tacker:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tacker

This issue was fixed in the openstack/tacker release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.