[Bug 1843708] Please test proposed package

Ɓukasz Zemczak 1843708 at bugs.launchpad.net
Wed May 24 07:47:05 UTC 2023 

Hello Quentin, or anyone else affected,

Accepted nova into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/nova/2:17.0.13-0ubuntu5.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1843708

Title:
  [SRU] Key-pair is not updated during the rebuild

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive rocky series:
  Won't Fix
Status in Ubuntu Cloud Archive stein series:
  Fix Released
Status in Ubuntu Cloud Archive train series:
  Fix Released
Status in Ubuntu Cloud Archive ussuri series:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) queens series:
  Fix Released
Status in OpenStack Compute (nova) rocky series:
  Fix Released
Status in OpenStack Compute (nova) stein series:
  Fix Released
Status in OpenStack Compute (nova) train series:
  Fix Released
Status in OpenStack Compute (nova) ussuri series:
  Fix Released
Status in nova package in Ubuntu:
  Invalid
Status in nova source package in Bionic:
  Fix Committed
Status in nova source package in Focal:
  Fix Released

Bug description:
  [Impact]

  During rebuilds, the customer was unable to update the instance's
  keypair.

  [Test Case]

  - create a bionic openstack test env

  - choose the key 'testkey' to create an instance

  openstack keypair create mykey --public-key ~/.ssh/id_rsa.pub 
  openstack keypair create testkey --public-key /home/ubuntu/testkey.pub
  openstack server create --flavor m1.small --image jammy --key-name testkey --network=$(openstack network show private -f value -c id)  i1

  - create a new instance from the snapshot and choose a different
  keypair 'mykey' at rebuild time

  openstack --os-compute-api-version 2.54 server rebuild --image jammy --key-name mykey --name i1 i1
  sudo ip netns exec qrouter-xxx ssh ubuntu at 192.168.21.4 -i ~/testkey.priv -v
  sudo ip netns exec qrouter-xxx ssh ubuntu at 192.168.21.4 -i ~/id_rsa -v

  the new instance should accept the new key and reject the old key, but
  the result is the new instance rejects the new key but old key still
  works.

  [Regression Potential]

  This fix 6a7a78a44 is already in stable/queens and all versions since
  queens, bionic uses 17.0.13 rather than stable/queens, we just SRU
  this fix to 17.0.13 so there can't be any regression theoretically. On
  the other hand, code change is limited to _save_keypairs according to
  https://review.opendev.org/c/openstack/nova/+/683043/19/nova/objects/instance.py
  so the regressions is also limited in _save_keypairs . The test will
  also ensure that other logic beyond _save_keypairs. I have tested this
  fix, it works. so I think it's safe.

  [Others]

  Original Bug Description Below
  ===========

  When we want to rebuild an instance and change the keypair we can specified it with :
  openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1

  This comes from this implementation :
  https://review.opendev.org/#/c/379128/
  https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html

  But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
  http://169.254.169.254/openstack/latest/meta_data.json

  And this meta_data.json uses the keys from instance_extra tables
  But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.

  So the keypair is not updated inside the VM

  May be this is the function for saving the keypair, but the save() do nothing :
  https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714

  Steps to reproduce
  ==================

  - Deploy a DevStack
  - Boot an instance with keypair key1
  - Rebuild it with key2
  - A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance

  Expected result
  ===============
  Connecte to the Vm with the new keypair added during the rebuild call

  Actual result
  =============
  The keypair added during the rebuild call is not set in the VM

  Environment
  ===========
  I tested it on a Devstack from master and we have the behaviour.
  NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1843708/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list