+++ This bug was initially created as a clone of Bug #1362515 +++ +++ This bug was initially created as a clone of Bug #1362514 +++ +++ This bug was initially created as a clone of Bug #1362512 +++ Description of problem: The following failure is seen when attempting to attach multipath backed encrypted volumes to an instance : 2016-08-01 18:27:32.081 13629 DEBUG nova.openstack.common.processutils [req-945b0e6f-b1ed-47b1-9fec-86058d8a2225 ] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-8 3600a098038303365763f476c63634758 execute /usr/lib/python2.7/site-packages/nova/openstack/common/processutils.py:171 This is due to a 3600a098038303365763f476c63634758 device already present and in-use on the host. The following change recently corrected this against master : Fix multipath iSCSI encrypted volume attach failure https://review.openstack.org/#/c/196482/ This is only present in OSP 6 and 7 with the following Cinder bugfix : Cinder volume encryption with iSCSI backend doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1359197 Version-Release number of selected component (if applicable): OSP 6,7,8,9 How reproducible: Always Steps to Reproduce: 1. Attempt to attach a multipath backed encrypted volume to an instance. Actual results: `cryptsetup luksOpen` fails. Expected results: `cryptsetup luksOpen` succeeds and the volume is correctly attached. Additional info:
[root@serverB]# yum list installed | grep openstack-nova openstack-nova-api.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-cert.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-common.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-compute.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-conductor.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-console.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-novncproxy.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 openstack-nova-scheduler.noarch 2014.2.3-75.el7ost @RH7-RHOS-6.0 [root@serverB]# [root@serverB]# nova list +--------------------------------------+------+--------+------------+-------------+---------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+---------------------+ | f9b73562-242c-432e-abb7-546216180a43 | vm1 | ACTIVE | - | Running | public=172.24.4.228 | +--------------------------------------+------+--------+------------+-------------+---------------------+ [root@serverB]# [root@serverB]# cinder show vol1 +---------------------------------------+--------------------------------------+ | Property | Value | +---------------------------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2016-08-15T20:37:05.000000 | | display_description | None | | display_name | vol1 | | encrypted | True | | id | 2108f626-59f2-4bea-aed3-a9c9d1e54576 | | metadata | {} | | os-vol-host-attr:host | seal56.qa.lab.tlv.redhat.com@lvm#lvm | | os-vol-mig-status-attr:migstat | None | | os-vol-mig-status-attr:name_id | None | | os-vol-tenant-attr:tenant_id | dcc43bb439da4473a622883547770450 | | os-volume-replication:driver_data | None | | os-volume-replication:extended_status | None | | size | 1 | | snapshot_id | None | | source_volid | None | | status | available | | volume_type | iscsi | +---------------------------------------+--------------------------------------+ [root@serverB]# cinder show vol2 +---------------------------------------+--------------------------------------+ | Property | Value | +---------------------------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2016-08-15T20:37:10.000000 | | display_description | None | | display_name | vol2 | | encrypted | True | | id | fc695d0e-a64e-4550-837c-4d883dc6ce90 | | metadata | {} | | os-vol-host-attr:host | seal56.qa.lab.tlv.redhat.com@lvm#lvm | | os-vol-mig-status-attr:migstat | None | | os-vol-mig-status-attr:name_id | None | | os-vol-tenant-attr:tenant_id | dcc43bb439da4473a622883547770450 | | os-volume-replication:driver_data | None | | os-volume-replication:extended_status | None | | size | 1 | | snapshot_id | None | | source_volid | None | | status | available | | volume_type | iscsi | +---------------------------------------+--------------------------------------+ [root@serverB]# nova volume-attach vm1 2108f626-59f2-4bea-aed3-a9c9d1e54576 +----------+--------------------------------------+ | Property | Value | +----------+--------------------------------------+ | device | /dev/vdb | | id | 2108f626-59f2-4bea-aed3-a9c9d1e54576 | | serverId | f9b73562-242c-432e-abb7-546216180a43 | | volumeId | 2108f626-59f2-4bea-aed3-a9c9d1e54576 | +----------+--------------------------------------+ You have new mail in /var/spool/mail/root [root@serverB]# nova volume-attach vm1 fc695d0e-a64e-4550-837c-4d883dc6ce90 +----------+--------------------------------------+ | Property | Value | +----------+--------------------------------------+ | device | /dev/vdc | | id | fc695d0e-a64e-4550-837c-4d883dc6ce90 | | serverId | f9b73562-242c-432e-abb7-546216180a43 | | volumeId | fc695d0e-a64e-4550-837c-4d883dc6ce90 | +----------+--------------------------------------+ [root@serverB]# [root@serverB]# cinder list +--------------------------------------+--------+--------------+------+-------------+----------+--------------------------------------+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+--------+--------------+------+-------------+----------+--------------------------------------+ | 2108f626-59f2-4bea-aed3-a9c9d1e54576 | in-use | vol1 | 1 | iscsi | false | f9b73562-242c-432e-abb7-546216180a43 | | fc695d0e-a64e-4550-837c-4d883dc6ce90 | in-use | vol2 | 1 | iscsi | false | f9b73562-242c-432e-abb7-546216180a43 | +--------------------------------------+--------+--------------+------+-------------+----------+--------------------------------------+ [root@serverB]# [root@serverB]# multipath -ll 360014052dbaa575e06e45f795613d2c3 dm-2 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 12:0:0:0 sdb 8:16 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 13:0:0:0 sdc 8:32 active ready running 36001405b203bf00067644b1856fa087d dm-4 LIO-ORG ,IBLOCK size=1.0G features='0' hwhandler='0' wp=rw |-+- policy='service-time 0' prio=1 status=active | `- 14:0:0:0 sdd 8:48 active ready running `-+- policy='service-time 0' prio=1 status=enabled `- 15:0:0:0 sde 8:64 active ready running [root@seal56 ~(keystone_admin)]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-1620.html