Bug 1926761
| Summary: | Live migration (retype) of an attached encrypted volume(netapp/iscsi) to an encrypted(ceph) fails | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Tzach Shefi <tshefi> | ||||||
| Component: | openstack-cinder | Assignee: | Cinder Bugs List <cinder-bugs> | ||||||
| Status: | CLOSED MIGRATED | QA Contact: | Evelina Shames <eshames> | ||||||
| Severity: | medium | Docs Contact: | RHOS Documentation Team <rhos-docs> | ||||||
| Priority: | medium | ||||||||
| Version: | 16.1 (Train) | CC: | eharney, lmarsh, ltoscano | ||||||
| Target Milestone: | --- | Keywords: | Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2025-01-08 14:07:42 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 1755923 [details]
c-vol log
Created attachment 1755924 [details]
c-vol log
This scenario is not supported. Related errors from nova-compute: 2021-02-11 15:49:43.897 6 ERROR nova.compute.manager [instance: 08bd33cb-c06d-41ab-8f53-e638f3791731] NotImplementedError: Swap volume is not supported for encrypted volumes when native LUKS decryption is enabled. Related nova code that restricts this: https://opendev.org/openstack/nova/commit/f8e24c3 Thanks Eric! We are most likely going to need a documentation bug, so keeping this bug open as it may be retargeted for that purpose. |
Description of problem: When I try to live migrate (retype) an attached encrypted volume from a netapp(iscsi) backend to Ceph backend, migration doesn't do anything volume remains on netapp backend, no notification\warning on cli. Version-Release number of selected component (if applicable): puppet-cinder-15.4.1-1.20200831153423.el8ost.noarch openstack-cinder-15.3.1-5.el8ost.noarch python3-cinder-15.3.1-5.el8ost.noarch python3-cinderclient-5.0.1-1.20200326150227.8fa0882.el8ost.noarch How reproducible: I suspect every time Steps to Reproduce: 1. Create both types/backend: (overcloud) [stack@undercloud-0 ~]$ cinder type-create encnetapp +--------------------------------------+-----------+-------------+-----------+ | ID | Name | Description | Is_Public | +--------------------------------------+-----------+-------------+-----------+ | 65baeac5-69fa-4780-be9a-c9265da58e25 | encnetapp | - | True | +--------------------------------------+-----------+-------------+-----------+ (overcloud) [stack@undercloud-0 ~]$ cinder type-create encceph +--------------------------------------+---------+-------------+-----------+ | ID | Name | Description | Is_Public | +--------------------------------------+---------+-------------+-----------+ | bcf9e784-b5c1-406d-a232-0b14c092ea73 | encceph | - | True | +--------------------------------------+---------+-------------+-----------+ (overcloud) [stack@undercloud-0 ~]$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 --control_location front-end encnetapp nova.volume.encryptors.luks.LuksEncryptor +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | Volume Type ID | Provider | Cipher | Key Size | Control Location | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | 65baeac5-69fa-4780-be9a-c9265da58e25 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256 | front-end | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ (overcloud) [stack@undercloud-0 ~]$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 --control_location front-end encceph nova.volume.encryptors.luks.LuksEncryptor +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | Volume Type ID | Provider | Cipher | Key Size | Control Location | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | bcf9e784-b5c1-406d-a232-0b14c092ea73 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256 | front-end | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ (overcloud) [stack@undercloud-0 ~]$ cinder service-list +------------------+---------------------------+------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+---------------------------+------+---------+-------+----------------------------+-----------------+ | cinder-backup | controller-1 | nova | enabled | up | 2021-02-09T10:29:58.000000 | - | | cinder-scheduler | controller-0 | nova | enabled | up | 2021-02-09T10:29:54.000000 | - | | cinder-scheduler | controller-1 | nova | enabled | up | 2021-02-09T10:30:02.000000 | - | | cinder-scheduler | controller-2 | nova | enabled | up | 2021-02-09T10:29:56.000000 | - | | cinder-volume | hostgroup@tripleo_ceph | nova | enabled | up | 2021-02-09T10:29:56.000000 | - | | cinder-volume | hostgroup@tripleo_netapp2 | nova | enabled | up | 2021-02-09T10:29:53.000000 | - | +------------------+---------------------------+------+---------+-------+----------------------------+-----------------+ (overcloud) [stack@undercloud-0 ~]$ cinder type-key encceph set volume_backend_name=tripleo_ceph (overcloud) [stack@undercloud-0 ~]$ cinder type-key encnetapp set volume_backend_name=tripleo_netapp2 2. Create an encrypted netapp backed volume: (overcloud) [stack@undercloud-0 ~]$ cinder create 1 --name encnetappvol1 --volume-type encnetapp +--------------------------------+--------------------------------------+ | Property | Value | +--------------------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2021-02-09T10:35:43.000000 | | description | None | | encrypted | True | | id | 9426bce0-889f-4319-a6b6-c5347351d108 | | metadata | {} | | migration_status | None | | multiattach | False | | name | encnetappvol1 | | os-vol-host-attr:host | None | | os-vol-mig-status-attr:migstat | None | | os-vol-mig-status-attr:name_id | None | | os-vol-tenant-attr:tenant_id | 85f44a372e6d49b489829bb6389c85fa | | replication_status | None | | size | 1 | | snapshot_id | None | | source_volid | None | | status | creating | | updated_at | None | | user_id | 45c2199f364d485f986b6d341c512819 | | volume_type | encnetapp | +--------------------------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ cinder list +--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+ | ID | Status | Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+ | 9426bce0-889f-4319-a6b6-c5347351d108 | available | encnetappvol1 | 1 | encnetapp | false | | 3. Attach volume to instance: (overcloud) [stack@undercloud-0 ~]$ nova volume-attach 7137e3a2-9745-4457-bbf4-60cc3c07fb92 9426bce0-889f-4319-a6b6-c5347351d108 +-----------------------+--------------------------------------+ | Property | Value | +-----------------------+--------------------------------------+ | delete_on_termination | False | | device | /dev/vde | | id | 9426bce0-889f-4319-a6b6-c5347351d108 | | serverId | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 | | tag | - | | volumeId | 9426bce0-889f-4319-a6b6-c5347351d108 | +-----------------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ cinder list +--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+ | ID | Status | Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+---------------+------+-------------+----------+-------------------------------------- | 9426bce0-889f-4319-a6b6-c5347351d108 | in-use | encnetappvol1 | 1 | encnetapp | false | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 4. Issue the retype command: (overcloud) [stack@undercloud-0 ~]$ cinder retype 9426bce0-889f-4319-a6b6-c5347351d108 ceph --migration-policy on-demand Notice no error or warning. 5. Volume remains on source/netapp backend: (overcloud) [stack@undercloud-0 ~]$ cinder list +--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+ | ID | Status | Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+ | 9426bce0-889f-4319-a6b6-c5347351d108 | in-use | encnetappvol1 | 1 | encnetapp | false | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 | Actual results: Volume doesn't migrate. Expected results: if supported, volume should migrate, else we should block/warn user of trying this. Additional info: