Description of problem: Need to hide the logical volumes (LVs) created by the openstack guests to the operators working on the baremetal node where the guests are hosted.


Version-Release number of selected component (if applicable): 16.1.4 (Train)


How reproducible: 
Every time

1. Create a new cinder volume and present it to an instance
2. Use LVM against the raw device (pvcreate/vgcreate/lvcreate)
3. Run 'lvs -o +devices' on the compute

Actual results:
LVM from the guest is seen on the host

Expected results:
host should not be able to see LVM from the guest

Additional info:
This can cause problems such as conflicting VG names on the compute. It can also cause the LVM on the compute to adjust metadata that the instance is not aware of, leading to things like missing volumes.

Current workaround is to set a filter on the compute node.