Description of problem: The following failure is seen when attempting to attach multipath backed encrypted volumes to an instance : 2016-08-01 18:27:32.081 13629 DEBUG nova.openstack.common.processutils [req-945b0e6f-b1ed-47b1-9fec-86058d8a2225 ] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-8 3600a098038303365763f476c63634758 execute /usr/lib/python2.7/site-packages/nova/openstack/common/processutils.py:171 This is due to a 3600a098038303365763f476c63634758 device already present and in-use on the host. The following change recently corrected this against master : Fix multipath iSCSI encrypted volume attach failure https://review.openstack.org/#/c/196482/ This is only present in OSP 6 and 7 with the following Cinder bugfix : Cinder volume encryption with iSCSI backend doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1359197 Version-Release number of selected component (if applicable): OSP 6,7,8,9 How reproducible: Always Steps to Reproduce: 1. Attempt to attach a multipath backed encrypted volume to an instance. Actual results: `cryptsetup luksOpen` fails. Expected results: `cryptsetup luksOpen` succeeds and the volume is correctly attached. Additional info:
Verified as follow - attached 5 encrypted volumes w/ multipath to an instance. *********** VERSION *********** [root@serverA]# yum list installed | grep openstack-nova openstack-nova-api.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-cert.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-common.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-compute.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-conductor.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-console.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-novncproxy.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle openstack-nova-scheduler.noarch 1:13.1.1-1.el7ost @rhelosp-9.0-puddle ******* LOGS ******* [root@serverA]# cinder encryption-type-list +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | Volume Type ID | Provider | Cipher | Key Size | Control Location | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ | a3c10847-cd23-4587-96ab-e8246dc3d2f0 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end | +--------------------------------------+-------------------------------------------+-----------------+----------+------------------+ [root@serverA]# cinder show vol1 | grep encrypted | encrypted | True | [root@serverA]# cinder show vol2 | grep encrypted | encrypted | True | [root@serverA]# cinder show vol3 | grep encrypted | encrypted | True | [root@serverA]# cinder show vol4 | grep encrypted | encrypted | True | [root@serverA]# cinder show vol5 | grep encrypted | encrypted | True | [root@serverA]# nova list +--------------------------------------+------+--------+------------+-------------+---------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+---------------------+ | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | vm1 | ACTIVE | - | Running | public=172.24.4.238 | +--------------------------------------+------+--------+------------+-------------+---------------------+ [root@serverA]# [root@serverA]# cinder list +--------------------------------------+--------+------+------+-------------+----------+--------------------------------------+ | ID | Status | Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+--------+------+------+-------------+----------+--------------------------------------+ | 3861519a-d05e-4e91-ae10-e1e5cfca2e51 | in-use | vol1 | 1 | iscsi | false | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | | 3fca2f93-5725-49bb-a137-ece57c8970d3 | in-use | vol4 | 1 | iscsi | false | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | | 50ce84bd-9883-46b5-bf65-529dffd44dda | in-use | vol3 | 1 | iscsi | false | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | | 8b1ac8db-19b5-4ddf-838e-2145ad1a5e92 | in-use | vol2 | 1 | iscsi | false | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | | d459d166-b85d-4b27-8263-146fe94c0d77 | in-use | vol5 | 1 | iscsi | false | 8d044b32-5dd2-4057-a6a2-8c48037c7566 | +--------------------------------------+--------+------+------+-------------+----------+--------------------------------------+ [root@serverA]# multipath -ll 36001405648c3d7f5c60469f8d459dca4 dm-5 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 26:0:0:0 sdb 8:16 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 27:0:0:0 sdc 8:32 active ready running 360014052c49f4e3d72c4190be6fe54c6 dm-7 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 28:0:0:0 sdd 8:48 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 29:0:0:0 sde 8:64 active ready running 3600140559f26a031a304eaca65dc3992 dm-13 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 34:0:0:0 sdj 8:144 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 35:0:0:0 sdk 8:160 active ready running 3600140542339871e7a543148f79a3285 dm-9 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 30:0:0:0 sdf 8:80 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 31:0:0:0 sdg 8:96 active ready running 360014059ab72759d9d042d7849d6098f dm-11 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 32:0:0:0 sdh 8:112 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 33:0:0:0 sdi 8:128 active ready running [root@seal56 ~(keystone_admin)]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-1758.html