Bug 1926761 - Live migration (retype) of an attached encrypted volume(netapp/iscsi) to an encrypted(ceph) fails
Summary: Live migration (retype) of an attached encrypted volume(netapp/iscsi) to an e...
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 16.1 (Train)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Cinder Bugs List
QA Contact: Evelina Shames
Andy Stillman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-09 12:20 UTC by Tzach Shefi
Modified: 2023-07-29 08:27 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
c-vol log (65.62 KB, application/gzip)
2021-02-09 12:23 UTC, Tzach Shefi 		no flags Details
c-vol log (65.62 KB, text/plain)
2021-02-09 12:23 UTC, Tzach Shefi 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-2220 0 None None None 2022-11-24 08:44:21 UTC

Description Tzach Shefi 2021-02-09 12:20:41 UTC 
Description of problem: When I try to live migrate (retype) an attached encrypted volume from a netapp(iscsi) backend to Ceph backend, migration doesn't do anything volume remains on netapp backend, no notification\warning on cli. 


Version-Release number of selected component (if applicable):
puppet-cinder-15.4.1-1.20200831153423.el8ost.noarch
openstack-cinder-15.3.1-5.el8ost.noarch
python3-cinder-15.3.1-5.el8ost.noarch
python3-cinderclient-5.0.1-1.20200326150227.8fa0882.el8ost.noarch


How reproducible:
I suspect every time


Steps to Reproduce:
1. Create both types/backend:

(overcloud) [stack@undercloud-0 ~]$ cinder type-create encnetapp
+--------------------------------------+-----------+-------------+-----------+
| ID                                   | Name      | Description | Is_Public |
+--------------------------------------+-----------+-------------+-----------+
| 65baeac5-69fa-4780-be9a-c9265da58e25 | encnetapp | -           | True      |
+--------------------------------------+-----------+-------------+-----------+
(overcloud) [stack@undercloud-0 ~]$ cinder type-create encceph
+--------------------------------------+---------+-------------+-----------+
| ID                                   | Name    | Description | Is_Public |
+--------------------------------------+---------+-------------+-----------+
| bcf9e784-b5c1-406d-a232-0b14c092ea73 | encceph | -           | True      |
+--------------------------------------+---------+-------------+-----------+
(overcloud) [stack@undercloud-0 ~]$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256   --control_location front-end encnetapp nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID                       | Provider                                  | Cipher          | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| 65baeac5-69fa-4780-be9a-c9265da58e25 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256      | front-end        |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
(overcloud) [stack@undercloud-0 ~]$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256   --control_location front-end encceph nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID                       | Provider                                  | Cipher          | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| bcf9e784-b5c1-406d-a232-0b14c092ea73 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256      | front-end        |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
(overcloud) [stack@undercloud-0 ~]$ cinder service-list
+------------------+---------------------------+------+---------+-------+----------------------------+-----------------+
| Binary           | Host                      | Zone | Status  | State | Updated_at                 | Disabled Reason |
+------------------+---------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-backup    | controller-1              | nova | enabled | up    | 2021-02-09T10:29:58.000000 | -               |
| cinder-scheduler | controller-0              | nova | enabled | up    | 2021-02-09T10:29:54.000000 | -               |
| cinder-scheduler | controller-1              | nova | enabled | up    | 2021-02-09T10:30:02.000000 | -               |
| cinder-scheduler | controller-2              | nova | enabled | up    | 2021-02-09T10:29:56.000000 | -               |
| cinder-volume    | hostgroup@tripleo_ceph    | nova | enabled | up    | 2021-02-09T10:29:56.000000 | -               |
| cinder-volume    | hostgroup@tripleo_netapp2 | nova | enabled | up    | 2021-02-09T10:29:53.000000 | -               |
+------------------+---------------------------+------+---------+-------+----------------------------+-----------------+

(overcloud) [stack@undercloud-0 ~]$ cinder type-key encceph set volume_backend_name=tripleo_ceph
(overcloud) [stack@undercloud-0 ~]$ cinder type-key encnetapp set volume_backend_name=tripleo_netapp2

2. Create an encrypted netapp backed volume:

(overcloud) [stack@undercloud-0 ~]$ cinder create 1 --name encnetappvol1   --volume-type encnetapp 
+--------------------------------+--------------------------------------+
| Property                       | Value                                |
+--------------------------------+--------------------------------------+
| attachments                    | []                                   |
| availability_zone              | nova                                 |
| bootable                       | false                                |
| consistencygroup_id            | None                                 |
| created_at                     | 2021-02-09T10:35:43.000000           |
| description                    | None                                 |
| encrypted                      | True                                 |
| id                             | 9426bce0-889f-4319-a6b6-c5347351d108 |
| metadata                       | {}                                   |
| migration_status               | None                                 |
| multiattach                    | False                                |
| name                           | encnetappvol1                        |
| os-vol-host-attr:host          | None                                 |
| os-vol-mig-status-attr:migstat | None                                 |
| os-vol-mig-status-attr:name_id | None                                 |
| os-vol-tenant-attr:tenant_id   | 85f44a372e6d49b489829bb6389c85fa     |
| replication_status             | None                                 |
| size                           | 1                                    |
| snapshot_id                    | None                                 |
| source_volid                   | None                                 |
| status                         | creating                             |
| updated_at                     | None                                 |
| user_id                        | 45c2199f364d485f986b6d341c512819     |
| volume_type                    | encnetapp                            |
+--------------------------------+--------------------------------------+
(overcloud) [stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+
| ID                                   | Status    | Name          | Size | Volume Type | Bootable | Attached to                          |
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+
| 9426bce0-889f-4319-a6b6-c5347351d108 | available | encnetappvol1 | 1    | encnetapp   | false    |                                      |

3. Attach volume to instance:

(overcloud) [stack@undercloud-0 ~]$ nova volume-attach 7137e3a2-9745-4457-bbf4-60cc3c07fb92 9426bce0-889f-4319-a6b6-c5347351d108
+-----------------------+--------------------------------------+
| Property              | Value                                |
+-----------------------+--------------------------------------+
| delete_on_termination | False                                |
| device                | /dev/vde                             |
| id                    | 9426bce0-889f-4319-a6b6-c5347351d108 |
| serverId              | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 |
| tag                   | -                                    |
| volumeId              | 9426bce0-889f-4319-a6b6-c5347351d108 |
+-----------------------+--------------------------------------+

(overcloud) [stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+                                                                                                  
| ID                                   | Status    | Name          | Size | Volume Type | Bootable | Attached to                          |                                                                                                  
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------
| 9426bce0-889f-4319-a6b6-c5347351d108 | in-use    | encnetappvol1 | 1    | encnetapp   | false    | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 


4. Issue the retype command:

(overcloud) [stack@undercloud-0 ~]$ cinder retype  9426bce0-889f-4319-a6b6-c5347351d108 ceph --migration-policy on-demand

Notice no error or warning. 

5. Volume remains on source/netapp backend:

(overcloud) [stack@undercloud-0 ~]$ cinder list
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+
| ID                                   | Status    | Name          | Size | Volume Type | Bootable | Attached to                          |
+--------------------------------------+-----------+---------------+------+-------------+----------+--------------------------------------+
| 9426bce0-889f-4319-a6b6-c5347351d108 | in-use    | encnetappvol1 | 1    | encnetapp   | false    | 7137e3a2-9745-4457-bbf4-60cc3c07fb92 |


Actual results:
Volume doesn't migrate.

Expected results:
if supported, volume should migrate,
else we should block/warn user of trying this. 

Additional info:
Comment 1 Tzach Shefi 2021-02-09 12:23:04 UTC 
Created attachment 1755923 [details]
c-vol log
Comment 2 Tzach Shefi 2021-02-09 12:23:43 UTC 
Created attachment 1755924 [details]
c-vol log
Comment 4 Eric Harney 2021-02-11 20:53:56 UTC 
This scenario is not supported.

Related errors from nova-compute:
2021-02-11 15:49:43.897 6 ERROR nova.compute.manager [instance: 08bd33cb-c06d-41ab-8f53-e638f3791731] NotImplementedError: Swap volume is not supported for encrypted volumes when native LUKS decryption is enabled.

Related nova code that restricts this:
https://opendev.org/openstack/nova/commit/f8e24c3
Comment 5 Luigi Toscano 2021-02-16 15:12:08 UTC 
Thanks Eric! 
We are most likely going to need a documentation bug, so keeping this bug open as it may be retargeted for that purpose.
Note You need to log in before you can comment on or make changes to this bug.