1499360 – VM booting from encrypted volume unable to start after compute host reboot

Bug 1499360 - VM booting from encrypted volume unable to start after compute host reboot

Summary: VM booting from encrypted volume unable to start after compute host reboot

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	10.0 (Newton)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	Upstream M2
Target Release:	13.0 (Queens)
Assignee:	Lee Yarwood
QA Contact:	Archit Modi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1543019 1543052 1543054 1545600
TreeView+	depends on / blocked

Reported:	2017-10-06 20:13 UTC by Pierre-Andre MOREY
Modified:	2022-08-09 13:49 UTC (History)
CC List:	19 users (show)
Fixed In Version:	openstack-nova-17.0.1-0.20180302144923.9ace6ed.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1543014 (view as bug list)
Environment:
Last Closed:	2018-06-27 13:37:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	400384	None	master: MERGED	nova: libvirt: Re-initialise volumes, encryptors, and vifs on hard reboot (Id188d48609f3d22d14e16c7f6114291d547a8986)	2018-02-28 13:37:24 UTC
OpenStack gerrit	521809	None	master: MERGED	os-brick: Make close on luks volumes idempotent (I31d72357c89db53a147c2d986a28c9c6870efad0)	2018-02-28 13:37:17 UTC
OpenStack gerrit	540168	None	master: MERGED	nova: Don't wait for vif plug events during _hard_reboot (Ib0cf5d55750f13d0499a570f14024dca551ed4d4)	2018-02-28 13:37:10 UTC
Red Hat Issue Tracker	OSP-8642	None	None	None	2022-08-09 13:49:13 UTC
Red Hat Product Errata	RHEA-2018:2086	None	None	None	2018-06-27 13:38:54 UTC

Description Pierre-Andre MOREY 2017-10-06 20:13:32 UTC

Description of problem:

First time we instanciate a VM with encrypted cinder iscsi volume, the instance start correctly. On the log file we can see the luksOpen instructions

2017-10-04 12:40:23.313 5363 DEBUG oslo_concurrency.processutils [req-2ff6b400-1e8f-4e4d-bdf0-7b1cf5f0079a 96e9d2b749ea48fcb5a911e6f0e144f2 5a50e9d0d19746158958be0c759793fb - - -] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-6 crypt-dm-uuid-mpath-3600a09803830316d512b4a6b3837412d execute /usr/lib/python2.7/site-packages/oslo_concurrency/processutils.py:344
2017-10-04 12:40:25.924 5363 DEBUG oslo_concurrency.processutils [req-2ff6b400-1e8f-4e4d-bdf0-7b1cf5f0079a 96e9d2b749ea48fcb5a911e6f0e144f2 5a50e9d0d19746158958be0c759793fb - - -] CMD "sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-file=- /dev/dm-6 crypt-dm-uuid-mpath-3600a09803830316d512b4a6b3837412d" returned: 0 in 2.611s execute /usr/lib/python2.7/site-packages/oslo_concurrency/processutils.py:374

But after that, if we reboot the compute which host the VM and restart the VM, the VM is not able to start properly.



Version-Release number of selected component (if applicable):
RHOSP10
openstack-nova-compute-14.0.3-8.el7ost.noarch

How reproducible:
At each reboot of the compute host

Steps to Reproduce:
1.Create a vm that boots on an encrypted cinder volume
2.reboot compute host
3.start vm

Actual results:
vm doesn't start

Expected results:
vm starts

Comment 26 errata-xmlrpc 2018-06-27 13:37:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086

Note You need to log in before you can comment on or make changes to this bug.