Hi Sean, Everything works without any error as soon as I configured openstack with NGX storage which is running NFS v4.1 https://www.ngxstorage.com/ Damn, looks like 4.1 is the key here. On Wed, Mar 6, 2024 at 10:36 AM <smooney@redhat.com> wrote:
Hi Sean,
I have stupid question, How does vm running on compute nodes talk to NFS block volume? Do I need to mount NFS on compute nodes and if yes then at what location? yes we mount the nfs share on the compute node and then the voluem is just a qcow or raw file on that share
On Tue, 2024-03-05 at 16:48 -0500, Satish Patel wrote: the location of the mount point is specifed by
https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.nfs... it defaults too $state_path/mnt
which is by default /var/lib/nova/mnt so the volume will be something like /var/lib/nova/mnt/<cinder volume uuid>/<volume uuid>.qcow
the exact location is specifived by cinder in the connection info as part of the volume attachment.
because of how snapshots are implented in this case the <volume uuid>.qcow file may have multiple addtional backing files for the various volume snapshots so there may be multiple files within that host volume mount.
if you want to play with this in a test env you can use the nfs devstack plugin https://github.com/openstack/devstack-plugin-nfs to spine this up in vm and then compare to your actul env. or you can look at the logs form the devstack-plugin-nfs-tempest-full
https://zuul.openstack.org/builds?job_name=devstack-plugin-nfs-tempest-full
if we look at the nova logs form that job
https://78efdeb5d53dd83161de-d5860347ad41e6939aca030b514b1ef7.ssl.cf5.rackcd...
we see the nfs mount ends up looking like this
Mar 06 13:44:04.314787 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.volume.mount [None req-06796a19-47f0- 482d-9af7-4f2758161bde tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member] [instance: bbc16e80-ebf2-40f2-afa5-f947e0af096b] _HostMountState.mount(fstype=nfs, export=localhost:/srv/nfs1, vol_name=volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1, /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57, options=[]) generation 0 {{(pid=85429) mount /opt/stack/nova/nova/virt/libvirt/volume/mount.py:288}}
so /srv/nfs1 on the nfs server is mounted at /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57
the libvirt xml for this volume is generated as so
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.guest [None req-ba5c8b84-0e2c-4b45- 8235-60954aed3426 tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member] detach device xml: <disk type="file" device="disk"> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <driver name="qemu" type="raw" cache="none" io="native"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <alias name="ua-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <source
file="/opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57/volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <target dev="vdb" bus="virtio"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <serial>5e87db18-0cfe-46ff-b34d-85f4606c1fa1</serial> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: </disk>
so within the /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57 mount there is a raw file called volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1
this was form tempest-TaggedAttachmentsTest-673386850-project-member
so that is why if you look in the logs you see the vm does not have this volume innnitall and then we attach it in the job.
from qemu's perspective this volume is just a local file, that local file just happens to be on an nfs filesystem rahter then a local disk.
On Tue, Mar 5, 2024 at 3:49 PM Satish Patel <satish.txt@gmail.com>
wrote:
Hello Sean,
I've configured NFS v4 but still I am seeing cinder-volume@nfs
down and nothing interesting in logs (I have turned on DEBUG also). What could be the problem? I have just found out that this is not the 2023.1 release but the Zed release of openstack.
2024-03-05 20:39:35.855 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs -o vers=4,minorversion=1 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 32 in 0.697s execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:35.857 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] 'sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs -o vers=4,minorversion=1 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332' failed. Not Retrying. execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:473
2024-03-05 20:39:35.858 150 ERROR os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to mount 192.168.18.245:/volume1/ISO, reason: mount.nfs: Protocol not supported : oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command. 2024-03-05 20:39:35.859 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to do pnfs mount. _mount_nfs
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:157
2024-03-05 20:39:35.860 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
2024-03-05 20:39:36.753 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs 192.168.18.245: /volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.892s execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:36.754 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Mounted 192.168.18.245:/volume1/ISO using nfs. _mount_nfs
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:152
2024-03-05 20:39:36.755 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares ['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358
2024-03-05 20:39:36.756 150 DEBUG cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS variable secure_file_permissions setting is: false set_nas_security_options
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:432
2024-03-05 20:39:36.757 150 WARNING cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file permissions mode will be 666 (allowing other/world read & write access). This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NFS configuration. 2024-03-05 20:39:36.757 150 DEBUG cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS secure file operations setting is: false set_nas_security_options
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:458
2024-03-05 20:39:36.758 150 WARNING cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file operations will be run as root: allowing root level access at the storage backend. This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NAS configuration. 2024-03-05 20:39:36.759 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Loading shares from /etc/cinder/nfs_shares. _load_shares_config
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:597
2024-03-05 20:39:36.760 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] shares loaded: {'192.168.18.245:/volume1/ISO': None} _load_shares_config
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:629
2024-03-05 20:39:36.761 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Already mounted: /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 mount
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:105
2024-03-05 20:39:36.761 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares ['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358
2024-03-05 20:39:36.762 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S %b %a /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
2024-03-05 20:39:37.458 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S %b %a /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.696s execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:37.460 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf du -sb --apparent-size --exclude *snapshot* /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
On Tue, Mar 5, 2024 at 12:55 PM Satish Patel <satish.txt@gmail.com>
wrote:
Thank you for detailed information, I would like to use NFS and see how it works. My end goal is to use iSCSI for cinder volume service.
Do you think switching to NFS v4 will fix the problem in my case. My setup is super simple but somehow it just doesn't like NFS and cinder-volume service is showing down even all the permission and
configs
are correct.
On Fri, Mar 1, 2024 at 9:19 AM <smooney@redhat.com> wrote:
On Fri, 2024-03-01 at 09:10 -0500, Satish Patel wrote:
It Looks like everyone hates NFS and nobody uses it :) for cidner unless its with a hardware san there are may better
for better or worse a non 0 numbner of peole decide to put nova's /var/lib/nova/instances directory on NFS shares instead of using somehting like ceph
On Tue, Feb 27, 2024 at 11:31 PM Satish Patel <
satish.txt@gmail.com>
wrote:
> Folks, > > I am configuring NFS for the cinder backend but somehow it
doesn't go
> well. I am running kolla-ansible with the 2023.1 release. > > cinder.conf > > [DEFAULT] > enabled_backends = volumes-ssd,volumes-nfs > > [volumes-nfs] > volume_driver = cinder.volume.drivers.nfs.NfsDriver > volume_backend_name = volumes-nfs > nfs_shares_config = /etc/cinder/nfs_shares > nfs_snapshot_support = True > nas_secure_file_permissions = False > nas_secure_file_operations = False > > Inside the cinder_volume docker container I can see it mounts NFS > automatically and directory permissions is also cinder:cinder also I am > able to write on NFS share also so it's not a permission issue also. > > $ docker exec -it cinder_volume mount | grep nfs > 192.168.18.245:/volume1/NFS on > /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 type nfs >
(rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=19
2.16
>
8.18.245,mountvers=3,mountport=892,mountproto=udp,local_lock=none,addr=192.168.18.245)
nfs v3 should not be used with nova instances and when used for cinder voume there are some know bugs or feature partiy gaps like live extend. qemu recommends 4.2 as a minium version to mitigate the massive locking issues with v3 and for some other feature such as spares file support. nfs is not a bad idea in general, its fine to use with manial but putting block storage on an NFS share is generally a bad idea so its not a great fit for cinder/novas usage. for services like glance or manila its fine.
> > But service is still showing down. > > > cinder-volume | os-ctrl2@volumes-nfs | nova | enabled | down
> 2024-02-28T04:13:11.000000 | > > In logs I am seeing these 3 lines but then no activity in logs even after > restarting the container so that is very strange. > > 2024-02-28 04:13:12.995 153 ERROR os_brick.remotefs.remotefs [None > req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] Failed to mount > 192.168.18.245:/volume1/NFS, reason: mount.nfs: Protocol not supported > : oslo_concurrency.processutils.ProcessExecutionError: Unexpected error > while running command. > 2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None > req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file > permissions mode will be 666 (allowing other/world read & write access). > This is considered an insecure NAS environment. Please see >
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
> for information on a secure NFS configuration. > 2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None > req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file > operations will be run as root: allowing root level access at
service is options the
storage
> backend. This is considered an insecure NAS environment. Please see >
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
> for information on a secure NAS configuration. > > Has anyone configured NFS and noticed any behavior? > > > >