Bug 1499360 - VM booting from encrypted volume unable to start after compute host reboot
Summary: VM booting from encrypted volume unable to start after compute host reboot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 10.0 (Newton)
Hardware: x86_64
OS: Linux
high
high
Target Milestone: Upstream M2
: 13.0 (Queens)
Assignee: Lee Yarwood
QA Contact: Archit Modi
URL:
Whiteboard:
Depends On:
Blocks: 1543019 1543052 1543054 1545600
TreeView+ depends on / blocked
 
Reported: 2017-10-06 20:13 UTC by Pierre-Andre MOREY
Modified: 2020-09-20 12:51 UTC (History)
19 users (show)

Fixed In Version: openstack-nova-17.0.1-0.20180302144923.9ace6ed.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1543014 (view as bug list)
Environment:
Last Closed: 2018-06-27 13:37:30 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenStack gerrit 400384 None master: MERGED nova: libvirt: Re-initialise volumes, encryptors, and vifs on hard reboot (Id188d48609f3d22d14e16c7f6114291d547a8986) 2018-02-28 13:37:24 UTC
OpenStack gerrit 521809 None master: MERGED os-brick: Make close on luks volumes idempotent (I31d72357c89db53a147c2d986a28c9c6870efad0) 2018-02-28 13:37:17 UTC
OpenStack gerrit 540168 None master: MERGED nova: Don't wait for vif plug events during _hard_reboot (Ib0cf5d55750f13d0499a570f14024dca551ed4d4) 2018-02-28 13:37:10 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:38:54 UTC

Description Pierre-Andre MOREY 2017-10-06 20:13:32 UTC
Description of problem:

First time we instanciate a VM with encrypted cinder iscsi volume, the instance start correctly. On the log file we can see the luksOpen instructions

2017-10-04 12:40:23.313 5363 DEBUG oslo_concurrency.processutils [req-2ff6b400-1e8f-4e4d-bdf0-7b1cf5f0079a 96e9d2b749ea48fcb5a911e6f0e144f2 5a50e9d0d19746158958be0c759793fb - - -] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-6 crypt-dm-uuid-mpath-3600a09803830316d512b4a6b3837412d execute /usr/lib/python2.7/site-packages/oslo_concurrency/processutils.py:344
2017-10-04 12:40:25.924 5363 DEBUG oslo_concurrency.processutils [req-2ff6b400-1e8f-4e4d-bdf0-7b1cf5f0079a 96e9d2b749ea48fcb5a911e6f0e144f2 5a50e9d0d19746158958be0c759793fb - - -] CMD "sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-6 crypt-dm-uuid-mpath-3600a09803830316d512b4a6b3837412d" returned: 0 in 2.611s execute /usr/lib/python2.7/site-packages/oslo_concurrency/processutils.py:374

But after that, if we reboot the compute which host the VM and restart the VM, the VM is not able to start properly.



Version-Release number of selected component (if applicable):
RHOSP10
openstack-nova-compute-14.0.3-8.el7ost.noarch

How reproducible:
At each reboot of the compute host

Steps to Reproduce:
1.Create a vm that boots on an encrypted cinder volume
2.reboot compute host
3.start vm

Actual results:
vm doesn't start

Expected results:
vm starts

Comment 26 errata-xmlrpc 2018-06-27 13:37:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086


Note You need to log in before you can comment on or make changes to this bug.