Hi Rajat,
First of all, thank you for your detailed response. Thanks to that, I was able to identify the source of the issue[1], which appears to be that this functionality is not yet implemented.
I'm wondering what kind of workaround might exist. For volumes like vdb, vdc, etc., we can simply detach the volume from the virtual machine, but it’s not as straightforward for a root volume (vda). Is there a way to allow Cinder to handle such decryption without involving Nova in the process? Is there a simple way to "unplug" the root volume without destroying the VM? I’d like to keep the ports and other settings intact. I can turn off the VM if necessary, but I’d prefer to avoid making more drastic changes.
Thanks again for your help and guidance.
/JW
[1] https://paste.openstack.org/show/b8lDJp2yPSC1nnAk2M0U/
Hi Jan,On Tue, Sep 10, 2024 at 5:53 PM Jan Wasilewski <finarffin@gmail.com> wrote:Hi,
I would like to ask about the procedure to retype a Cinder volume that is in-use (bootable volume, connected to a VM) from an encrypted (LUKS) type to a non-encrypted type (1000 IOPS). I tried to do this via the CLI[1], and while it seemed to work (at least according to the CLI output), the process didn’t complete successfully. Cinder logs[2] indicate that everything looks more or less fine: the volume is created, the volume migration is OK, and the retype is marked as completed.Retype of attached/in-use volumes happen on the nova side and cinder just sends a request with old and new volume to nova to copy data and swap them.So cinder logs might not be very relevant for this case, better would be to check nova logs with DEBUG enabled.However, in the end, it doesn’t work (final output of [1]).
I reviewed the blueprint at https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume, which appears to be implemented. Am I doing something wrong, or does this functionality not work as expected?The blueprint[1] has the following spec[2] which has a link to nova side changes which never merged so I'm suspecting the work never got completed?Or maybe it's addressed in some other patch but I couldn't find details in the LP bug, the review comments on the patch and neither on the BP or spec.It would be good to check the errors on nova-compute logs to see where it is specifically failing.ThanksRajat DhasmanaThanks in advance for your help and guidance.
/JW
[1] Retype from CLI: https://paste.openstack.org/show/bVpFT82oURnanXkixreT/
[2] cinder-logs: https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/