Bug 1896164

Summary: [Docs][RFE] Document using LVM on a cinder volume exposes the data to the compute host
Product: Red Hat OpenStack Reporter: Andy Stillman <astillma>
Component: documentationAssignee: RHOS Documentation Team <rhos-docs>
Status: CLOSED NEXTRELEASE QA Contact: RHOS Documentation Team <rhos-docs>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)CC: gfidente, ndeevy
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-18 13:38:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1261083    
Bug Blocks:    

Description Andy Stillman 2020-11-09 21:01:01 UTC 
Description of problem: Need to hide the logical volumes (LVs) created by the openstack guests to the operators working on the baremetal node where the guests are hosted.


Version-Release number of selected component (if applicable): 16.1.4 (Train)


How reproducible: 
Every time

1. Create a new cinder volume and present it to an instance
2. Use LVM against the raw device (pvcreate/vgcreate/lvcreate)
3. Run 'lvs -o +devices' on the compute

Actual results:
LVM from the guest is seen on the host

Expected results:
host should not be able to see LVM from the guest

Additional info:
This can cause problems such as conflicting VG names on the compute. It can also cause the LVM on the compute to adjust metadata that the instance is not aware of, leading to things like missing volumes.

Current workaround is to set a filter on the compute node.
Comment 3 ndeevy 2021-01-18 13:38:32 UTC 
Closing this BZ to track via: https://issues.redhat.com/browse/RHOSPDOC-16