[openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

Carlton, Paul (Cloud Services) paul.carlton2 at hpe.com
Tue Nov 1 12:02:55 UTC 2016


Daniel


Yes, thanks, but the thing is this does not occur with regular volumes!


The process seems to be you need to connect the volume then the encryptor.

In pre migration at the destination I connect the volume and then setup the encryptor and that works fine, but in post migration

at destination it rebuilds the instance xml and defines the vm which calls _get_guest_storage_config which does another call to

connect_volume.  This seems redundant to me, because it is already connected,

but it works for normal volumes and if I bypass it for encrypted volumes

it just fails with the same error when the same function is

called as part of

a subsequent hard

reboot.








Paul Carlton
Software Engineer
Cloud Services
Hewlett Packard Enterprise
BUK03:T242
Longdown Avenue
Stoke Gifford
Bristol BS34 8QZ

Office:     +44 (0) 1173 162189
Mobile:    +44 (0)7768 994283
Email:    paul.carlton at hpe.com
Hewlett-Packard Enterprise Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England.
The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as "HP CONFIDENTIAL".

________________________________
From: Daniel P. Berrange <berrange at redhat.com>
Sent: 01 November 2016 11:29:51
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

On Tue, Nov 01, 2016 at 11:22:25AM +0000, Carlton, Paul (Cloud Services) wrote:
> I'm working on a bug https://bugs.launchpad.net/nova/+bug/1633033 with the live migration of
>
> instances with encrypted volumes. I've submitted a work in progress version of a patch
>
> https://review.openstack.org/#/c/389608 but I can't overcome an issue with an iscsi command
>
> failure that only occurs for encrypted volumes during the post migration processing, see
>
> http://paste.openstack.org/show/587535/
>
>
> Does anyone have any thoughts on how to proceed with this issue?

No particular ideas, but I wanted to point out that the scsi_id command
shown in that stack trace has a device path that points to the raw
iSCSI LUN, not to the dm-crypt overlay. So it looks like you're hitting
a failure before you get the encryption part, so encryption might be
unrelated.


Regards,
Daniel
--
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|

[https://farm9.staticflickr.com/8415/29946935211_5a6ba4ef9b_q.jpg] <https://www.flickr.com/photos/dberrange/29946935211/>
[https://farm9.staticflickr.com/8415/29946935211_5a6ba4ef9b_b.jpg]
[https://farm9.staticflickr.com/8571/29916493322_c0f93f561b_q.jpg] <https://www.flickr.com/photos/dberrange/29916493322/>
[https://farm9.staticflickr.com/8571/29916493322_c0f93f561b_b.jpg]
[https://farm9.staticflickr.com/8529/29606308140_bb9b431935_q.jpg] <https://www.flickr.com/photos/dberrange/29606308140/>
[https://farm9.staticflickr.com/8529/29606308140_bb9b431935_b.jpg]
[https://farm9.staticflickr.com/8037/29587752710_f796a9cd03_q.jpg] <https://www.flickr.com/photos/dberrange/29587752710/>
[https://farm9.staticflickr.com/8037/29587752710_f796a9cd03_b.jpg]
[https://farm9.staticflickr.com/8258/28856954053_52370f685f_q.jpg] <https://www.flickr.com/photos/dberrange/28856954053/>
[https://farm9.staticflickr.com/8258/28856954053_52370f685f_b.jpg]
[https://farm9.staticflickr.com/8125/29479072195_cf5172f125_q.jpg] <https://www.flickr.com/photos/dberrange/29479072195/>
[https://farm9.staticflickr.com/8125/29479072195_cf5172f125_b.jpg]
[https://farm9.staticflickr.com/8294/28791422423_f82b18e31c_q.jpg] <https://www.flickr.com/photos/dberrange/28791422423/>
[https://farm9.staticflickr.com/8294/28791422423_f82b18e31c_b.jpg]
[https://farm9.staticflickr.com/8432/29297131575_f7f39d36d7_q.jpg] <https://www.flickr.com/photos/dberrange/29297131575/>
[https://farm9.staticflickr.com/8432/29297131575_f7f39d36d7_b.jpg]



Dan Berrange<http://berrange.com/>
berrange.com
Until today, libvirt has used a 3 digit version number for monthly releases off the git master branch, and a 4 digit version number for maintenance releases off ...



|: http://libvirt.org              -o-             http://virt-manager.org :|
libvirt: The virtualization API<http://libvirt.org/>
libvirt.org
The virtualization API libvirt is: A toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes), see our project ...



|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161101/047fbdea/attachment.html>


More information about the OpenStack-dev mailing list