Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1362515 - [7.0.z] Unable to attach multipath backed encrypted volumes to instances
Summary: [7.0.z] Unable to attach multipath backed encrypted volumes to instances
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 7.0 (Kilo)
Hardware: x86_64
OS: Linux
high
high
Target Milestone: async
: 8.0 (Liberty)
Assignee: Lee Yarwood
QA Contact: Prasanth Anbalagan
URL:
Whiteboard:
Depends On: 1362512 1362514
Blocks: 1362518
TreeView+ depends on / blocked
 
Reported: 2016-08-02 12:21 UTC by Lee Yarwood
Modified: 2016-08-17 12:17 UTC (History)
11 users (show)

Fixed In Version: openstack-nova-2015.1.4-11.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1362514
: 1362518 (view as bug list)
Environment:
Last Closed: 2016-08-17 12:17:58 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1623 normal SHIPPED_LIVE openstack-nova bug fix advisory 2016-08-17 16:17:32 UTC

Description Lee Yarwood 2016-08-02 12:21:19 UTC
+++ This bug was initially created as a clone of Bug #1362514 +++

+++ This bug was initially created as a clone of Bug #1362512 +++

Description of problem:

The following failure is seen when attempting to attach multipath backed encrypted volumes to an instance :

2016-08-01 18:27:32.081 13629 DEBUG nova.openstack.common.processutils [req-945b0e6f-b1ed-47b1-9fec-86058d8a2225 ] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-8 3600a098038303365763f476c63634758 execute /usr/lib/python2.7/site-packages/nova/openstack/common/processutils.py:171

This is due to a 3600a098038303365763f476c63634758 device already present and in-use on the host. The following change recently corrected this against master :

Fix multipath iSCSI encrypted volume attach failure
https://review.openstack.org/#/c/196482/

This is only present in OSP 6 and 7 with the following Cinder bugfix :

Cinder volume encryption with iSCSI backend doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1359197


Version-Release number of selected component (if applicable):
OSP 6,7,8,9

How reproducible:
Always

Steps to Reproduce:
1. Attempt to attach a multipath backed encrypted volume to an instance.

Actual results:
`cryptsetup luksOpen` fails.

Expected results:
`cryptsetup luksOpen` succeeds and the volume is correctly attached.

Additional info:

Comment 2 Prasanth Anbalagan 2016-08-16 00:19:49 UTC
[root@serverC]# yum list installed | grep openstack-nova
openstack-nova-api.noarch            2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-cert.noarch           2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-common.noarch         2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-compute.noarch        2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-conductor.noarch      2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-console.noarch        2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-novncproxy.noarch     2015.1.4-12.el7ost      @RH7-RHOS-7.0      
openstack-nova-scheduler.noarch      2015.1.4-12.el7ost      @RH7-RHOS-7.0      


[root@serverC]# cinder show 10edcf97-4161-4463-81d8-287595791ffb
+---------------------------------------+--------------------------------------+
|                Property               |                Value                 |
+---------------------------------------+--------------------------------------+
|              attachments              |                  []                  |
|           availability_zone           |                 nova                 |
|                bootable               |                false                 |
|               created_at              |      2016-08-16T00:15:17.000000      |
|          display_description          |                 None                 |
|              display_name             |                 vol1                 |
|               encrypted               |                 True                 |
|                   id                  | 10edcf97-4161-4463-81d8-287595791ffb |
|                metadata               |                  {}                  |
|              multiattach              |                false                 |
|         os-vol-host-attr:host         | lynx13.qa.lab.tlv.redhat.com@lvm#lvm |
|     os-vol-mig-status-attr:migstat    |                 None                 |
|     os-vol-mig-status-attr:name_id    |                 None                 |
|      os-vol-tenant-attr:tenant_id     |   1c54f9d3f7d64c7d9d3bc79c9e134105   |
|   os-volume-replication:driver_data   |                 None                 |
| os-volume-replication:extended_status |                 None                 |
|                  size                 |                  2                   |
|              snapshot_id              |                 None                 |
|              source_volid             |                 None                 |
|                 status                |              available               |
|              volume_type              |                iscsi                 |
+---------------------------------------+--------------------------------------+
[root@serverC]# cinder show fa632dc8-7091-4280-b672-c5712269aa07
+---------------------------------------+--------------------------------------+
|                Property               |                Value                 |
+---------------------------------------+--------------------------------------+
|              attachments              |                  []                  |
|           availability_zone           |                 nova                 |
|                bootable               |                false                 |
|               created_at              |      2016-08-16T00:15:14.000000      |
|          display_description          |                 None                 |
|              display_name             |                 vol1                 |
|               encrypted               |                 True                 |
|                   id                  | fa632dc8-7091-4280-b672-c5712269aa07 |
|                metadata               |                  {}                  |
|              multiattach              |                false                 |
|         os-vol-host-attr:host         | lynx13.qa.lab.tlv.redhat.com@lvm#lvm |
|     os-vol-mig-status-attr:migstat    |                 None                 |
|     os-vol-mig-status-attr:name_id    |                 None                 |
|      os-vol-tenant-attr:tenant_id     |   1c54f9d3f7d64c7d9d3bc79c9e134105   |
|   os-volume-replication:driver_data   |                 None                 |
| os-volume-replication:extended_status |                 None                 |
|                  size                 |                  1                   |
|              snapshot_id              |                 None                 |
|              source_volid             |                 None                 |
|                 status                |              available               |
|              volume_type              |                iscsi                 |
+---------------------------------------+--------------------------------------+
[root@serverC]# nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID                                   | Name | Status | Task State | Power State | Networks         |
+--------------------------------------+------+--------+------------+-------------+------------------+
| a01459ab-7360-487e-b4a1-d0dacd1d21d7 | vm1  | ACTIVE | -          | Running     | private=10.0.0.4 |
+--------------------------------------+------+--------+------------+-------------+------------------+

[root@serverC]# 
[root@serverC]# nova volume-attach vm1 fa632dc8-7091-4280-b672-c5712269aa07
+----------+--------------------------------------+
| Property | Value                                |
+----------+--------------------------------------+
| device   | /dev/vdb                             |
| id       | fa632dc8-7091-4280-b672-c5712269aa07 |
| serverId | a01459ab-7360-487e-b4a1-d0dacd1d21d7 |
| volumeId | fa632dc8-7091-4280-b672-c5712269aa07 |
+----------+--------------------------------------+
[root@serverC]# nova volume-attach vm1 10edcf97-4161-4463-81d8-287595791ffb
+----------+--------------------------------------+
| Property | Value                                |
+----------+--------------------------------------+
| device   | /dev/vdc                             |
| id       | 10edcf97-4161-4463-81d8-287595791ffb |
| serverId | a01459ab-7360-487e-b4a1-d0dacd1d21d7 |
| volumeId | 10edcf97-4161-4463-81d8-287595791ffb |
+----------+--------------------------------------+
[root@serverC]# 

[root@serverC]# cinder list
+--------------------------------------+-----------+--------------+------+-------------+----------+--------------------------------------+
|                  ID                  |   Status  | Display Name | Size | Volume Type | Bootable |             Attached to              |
+--------------------------------------+-----------+--------------+------+-------------+----------+--------------------------------------+
| 10edcf97-4161-4463-81d8-287595791ffb |   in-use  |     vol1     |  2   |    iscsi    |  false   | a01459ab-7360-487e-b4a1-d0dacd1d21d7 |
| 1bb3b055-c589-4d21-9d57-60ae3e0c0cab | available |      -       |  1   |      -      |   true   |                                      |
| fa632dc8-7091-4280-b672-c5712269aa07 |   in-use  |     vol1     |  1   |    iscsi    |  false   | a01459ab-7360-487e-b4a1-d0dacd1d21d7 |
+--------------------------------------+-----------+--------------+------+-------------+----------+--------------------------------------+

Comment 4 errata-xmlrpc 2016-08-17 12:17:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1623.html


Note You need to log in before you can comment on or make changes to this bug.