Bug 1454850
| Summary: | Handle upload-to-image and volume-from-image for encrypted volumes | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Eric Harney <eharney> | ||||
| Component: | openstack-cinder | Assignee: | Eric Harney <eharney> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Tzach Shefi <tshefi> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 11.0 (Ocata) | CC: | dmacpher, eharney, srevivo | ||||
| Target Milestone: | z1 | Keywords: | Triaged, ZStream | ||||
| Target Release: | 11.0 (Ocata) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openstack-cinder-10.0.3-2.el7ost | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-07-19 17:03:43 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1388559, 1481810 | ||||||
| Attachments: |
|
||||||
|
Description
Eric Harney
2017-05-23 14:51:53 UTC
Hi Eric,
Having some issues, maybe I missed something.
Created a LUKS volume
[stack@undercloud-0 ~]$ cinder type-create LUKS
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 773a7717-57b1-4b2a-ba04-293b39b6de90 | LUKS | - | True |
+--------------------------------------+------+-------------+-----------+
[stack@undercloud-0 ~]$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
> --control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID | Provider | Cipher | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| 773a7717-57b1-4b2a-ba04-293b39b6de90 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
[stack@undercloud-0 ~]$ cinder type-list
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 773a7717-57b1-4b2a-ba04-293b39b6de90 | LUKS | - | True |
+--------------------------------------+------+-------------+-----------+
Created a volume of this type
[stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+---------+------+-------------+----------+--------------------------------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+---------+------+-------------+----------+--------------------------------------+
| 570751f0-bae3-4f73-8c1c-f70fab105539 | available | enc_vol | 1 | LUKS | false | |
| e047ebfd-5375-47c7-9668-dd72f9fd567d | in-use | rhel_7 | 1 | - | false | eba88342-a5f4-4470-a856-774b61adcd06 |
+--------------------------------------+-----------+---------+------+-------------+----------+--------------------------------------+
Creating a image from this encrypted volume fails:
[stack@undercloud-0 ~]$ cinder upload-to-image 570751f0-bae3-4f73-8c1c-f70fab105539 encrypted_image
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-9da8cafd-f960-4f11-91af-b6d502a296cd)
If I detach the second (in-use) volume and make an image from it that works fine
[stack@undercloud-0 ~]$ cinder upload-to-image e047ebfd-5375-47c7-9668-dd72f9fd567d uploadNoneEncVol --force
[stack@undercloud-0 ~]$ glance image-list
+--------------------------------------+------------------+
| ID | Name |
+--------------------------------------+------------------+
| a104dfb7-4dbc-484c-9b8f-a8f2e838a118 | cirros |
| 25b6b561-7efc-46ad-8f55-be681e24e6a8 | uploadNoneEncVol |
+--------------------------------------+------------------+
Any ideas?
Created attachment 1293625 [details]
Cinder and Glance logs
Verified on: openstack-cinder-10.0.3-2.el7ost.noarch 1. Created encrypted volume 1G, attached to instance. 2. Wrote data to volume 3. Detached volume 4. Created a Glance image from volume 5. Created a new encrypted volume from Glance image. 6. Compare data from original volume, all is still here looking good, verified. I can't explain why on a previous deployment (#8) exact same steps were used only to find on step6 that no data or even a partition was found on new volume. Any way to be 100% I redid steps 1-6 three times on this current system, each time adding more and more data to initial volume, looks good. A forth attempt with 7G worth of data also completed successfully. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1783 |