Description of problem: Nova volume encryptors attach volume fails for NFS and FC (rootwrap) https://bugs.launchpad.net/nova/+bug/1470142 As hit in the following RHBZ : volume attach failed with iser https://bugzilla.redhat.com/show_bug.cgi?id=1268051 ~~~ 21982 2015-10-08 10:58:39.597 3415 TRACE oslo_messaging.rpc.dispatcher ProcessExecutionError: Unexpected error while running command. 21983 2015-10-08 10:58:39.597 3415 TRACE oslo_messaging.rpc.dispatcher Command: sudo nova-rootwrap /etc/nova/rootwrap.conf ln --symbolic --force /dev/mapper/pci-0000:02:00.0-ip-1.1.1.1:3260-iscsi-iqn.2010-10.org.openstack:volume-b21ab8b2-745c-4992-a29f-88993a9b591b-lun-0 /dev/disk/by-path/pci-0000:02:00.0-ip-1.1.1.1:3260-iscsi-iqn.2010-10.org.openstack:volume-b21ab8b2-745c-4992-a29f-88993a9b591b-lun-0 21984 2015-10-08 10:58:39.597 3415 TRACE oslo_messaging.rpc.dispatcher Exit code: 99 21985 2015-10-08 10:58:39.597 3415 TRACE oslo_messaging.rpc.dispatcher Stdout: u'' 21986 2015-10-08 10:58:39.597 3415 TRACE oslo_messaging.rpc.dispatcher Stderr: u'/usr/bin/nova-rootwrap: Unauthorized command: ln --symbolic --force /dev/mapper/pci-0000:02:00.0-ip-1.1.1.1:3260-iscsi-iqn.2010-10.org.openstack:volume-b21ab8b2-745c-4992-a29f-88993a9b591b-lun-0 /dev/disk/by-path/pci-0000:02:00.0-ip-1.1.1.1:3260-iscsi-iqn.2010-10.org.openstack:volume-b21ab8b2-745c-4992-a29f-88993a9b591b-lun-0 (no filter matched)\n' ~~~ Version-Release number of selected component (if applicable): How reproducible: Always. Steps to Reproduce: 1. tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes Actual results: Nova volume encryptors attach volume fails. Expected results: Nova volume encryptors attach volume succeeds. Additional info:
*** Bug 1272884 has been marked as a duplicate of this bug. ***
Verified as follows, ************ Version ************ ^C[root@seal17 ~(keystone_admin)]# yum list installed | grep nova openstack-nova-api.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-cert.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-common.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-compute.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-conductor.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-console.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-novncproxy.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle openstack-nova-scheduler.noarch 2015.1.2-7.el7ost @rhelosp-7.0-puddle ************* Logs ************* [root@seal17 ~(keystone_admin)]# cinder type-create LUKS +--------------------------------------+------+ | ID | Name | +--------------------------------------+------+ | eee5cf90-83e9-4c42-bd4a-5ec48c2f472f | LUKS | +--------------------------------------+------+ [root@seal17 ~(keystone_admin)]# cinder type-list +--------------------------------------+-------+ | ID | Name | +--------------------------------------+-------+ | 57028ba3-64c9-488e-8cb5-de2f34d00df4 | nfs | | eee5cf90-83e9-4c42-bd4a-5ec48c2f472f | LUKS | | fbbf0bb5-0698-4cdd-8876-dfde95cce478 | iscsi | +--------------------------------------+-------+ [root@seal17 ~(keystone_admin)]# cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 --control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | Volume Type ID | Provider | Cipher | Key Size | Control Location | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | eee5cf90-83e9-4c42-bd4a-5ec48c2f472f | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ [root@seal17 ~(keystone_admin)]# cinder create --display-name 'encrypted volume' --volume-type LUKS 1 +---------------------+--------------------------------------+ | Property | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2015-12-09T16:01:40.455493 | | display_description | None | | display_name | encrypted volume | | encrypted | True | | id | 001efa06-fbda-4c7f-bdfd-999b5b533923 | | metadata | {} | | multiattach | false | | size | 1 | | snapshot_id | None | | source_volid | None | | status | creating | | volume_type | LUKS | +---------------------+--------------------------------------+ [root@seal17 ~(keystone_admin)]# cinder list +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | 001efa06-fbda-4c7f-bdfd-999b5b533923 | available | encrypted volume | 1 | LUKS | false | | | 156fdd02-00ca-427e-a7be-4ca245f352d5 | in-use | vol1 | 1 | - | false | 6e56ec06-3287-4d02-90db-69905ecda71f | | 2dde0a96-8d53-4a9f-8ffa-8ae04da9b1a0 | error | nfsvol1 | 1 | nfs | false | | | 899809dd-5415-4f17-9fba-d0cc2846d838 | error | nfsvol1 | 1 | nfs | false | | | e4a9778e-ccac-49c1-8bc2-095f4f99af0f | available | nfsvol1 | 1 | - | false | | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ [root@seal17 ~(keystone_admin)]# nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 6e56ec06-3287-4d02-90db-69905ecda71f | vm1 | ACTIVE | - | Running | private=10.0.0.4 | +--------------------------------------+------+--------+------------+-------------+------------------+ [root@seal17 ~(keystone_admin)]# nova volume-attach vm1 001efa06-fbda-4c7f-bdfd-999b5b533923 +----------+--------------------------------------+ | Property | Value | +----------+--------------------------------------+ | device | /dev/vdc | | id | 001efa06-fbda-4c7f-bdfd-999b5b533923 | | serverId | 6e56ec06-3287-4d02-90db-69905ecda71f | | volumeId | 001efa06-fbda-4c7f-bdfd-999b5b533923 | +----------+--------------------------------------+ [root@seal17 ~(keystone_admin)]# nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 6e56ec06-3287-4d02-90db-69905ecda71f | vm1 | ACTIVE | - | Running | private=10.0.0.4 | +--------------------------------------+------+--------+------------+-------------+------------------+ [root@seal17 ~(keystone_admin)]# cinder list +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | 001efa06-fbda-4c7f-bdfd-999b5b533923 | in-use | encrypted volume | 1 | LUKS | false | 6e56ec06-3287-4d02-90db-69905ecda71f | | 156fdd02-00ca-427e-a7be-4ca245f352d5 | in-use | vol1 | 1 | - | false | 6e56ec06-3287-4d02-90db-69905ecda71f | | 2dde0a96-8d53-4a9f-8ffa-8ae04da9b1a0 | error | nfsvol1 | 1 | nfs | false | | | 899809dd-5415-4f17-9fba-d0cc2846d838 | error | nfsvol1 | 1 | nfs | false | | | e4a9778e-ccac-49c1-8bc2-095f4f99af0f | available | nfsvol1 | 1 | - | false | | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ [root@seal17 ~(keystone_admin)]# [root@seal17 ~(keystone_admin)]# [root@seal17 ~(keystone_admin)]# nova volume-detach vm1 001efa06-fbda-4c7f-bdfd-999b5b533923 [root@seal17 ~(keystone_admin)]# cinder list +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+ | 001efa06-fbda-4c7f-bdfd-999b5b533923 | available | encrypted volume | 1 | LUKS | false | | | 156fdd02-00ca-427e-a7be-4ca245f352d5 | in-use | vol1 | 1 | - | false | 6e56ec06-3287-4d02-90db-69905ecda71f | | 2dde0a96-8d53-4a9f-8ffa-8ae04da9b1a0 | error | nfsvol1 | 1 | nfs | false | | | 899809dd-5415-4f17-9fba-d0cc2846d838 | error | nfsvol1 | 1 | nfs | false | | | e4a9778e-ccac-49c1-8bc2-095f4f99af0f | available | nfsvol1 | 1 | - | false | | +--------------------------------------+-----------+------------------+------+-------------+----------+--------------------------------------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2673