On Fri, 2024-09-20 at 12:47 +0200, Jan Wasilewski wrote:
Hi Rajat,
First of all, thank you for your detailed response. Thanks to that, I was able to identify the source of the issue[1], which appears to be that this functionality is not yet implemented.
I'm wondering what kind of workaround might exist. For volumes like vdb, vdc, etc., we can simply detach the volume from the virtual machine, but it’s not as straightforward for a root volume (vda). Is there a way to allow Cinder to handle such decryption without involving Nova in the process? Is there a simple way to "unplug" the root volume without destroying the VM? no we do not supprot detaching the root volume
you might and i stress might be able to shleve the instance and try and do the retrye then when we shleve the volume shoudl change form inuse to reserved and it will obviouly not be attached to a nova host once the instnace reaches the shelve_offloaded state. in that state i would expect the voluem retype to happen on the cinder backend side but i dont know if cinder supports that.
I’d like to keep the ports and other settings intact. I can turn off the VM if necessary, but I’d prefer to avoid making more drastic changes. shelve and unshelve will maintian all ports,volumes ectra so i think that should work for you.,
Thanks again for your help and guidance.
/JW
[1] https://paste.openstack.org/show/b8lDJp2yPSC1nnAk2M0U/
sob., 14 wrz 2024 o 08:58 Rajat Dhasmana <rdhasman@redhat.com> napisał(a):
Hi Jan,
On Tue, Sep 10, 2024 at 5:53 PM Jan Wasilewski <finarffin@gmail.com> wrote:
Hi,
I would like to ask about the procedure to retype a Cinder volume that is in-use (bootable volume, connected to a VM) from an encrypted (LUKS) type to a non-encrypted type (1000 IOPS). I tried to do this via the CLI[1], and while it seemed to work (at least according to the CLI output), the process didn’t complete successfully. Cinder logs[2] indicate that everything looks more or less fine: the volume is created, the volume migration is OK, and the retype is marked as completed.
Retype of attached/in-use volumes happen on the nova side and cinder just sends a request with old and new volume to nova to copy data and swap them. So cinder logs might not be very relevant for this case, better would be to check nova logs with DEBUG enabled.
However, in the end, it doesn’t work (final output of [1]).
I reviewed the blueprint at https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume, which appears to be implemented. Am I doing something wrong, or does this functionality not work as expected?
The blueprint[1] has the following spec[2] which has a link to nova side changes which never merged so I'm suspecting the work never got completed? Or maybe it's addressed in some other patch but I couldn't find details in the LP bug, the review comments on the patch and neither on the BP or spec. It would be good to check the errors on nova-compute logs to see where it is specifically failing.
[1] https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume [2] https://review.opendev.org/c/openstack/cinder-specs/+/248593/20/specs/newton... [3] https://review.opendev.org/c/openstack/nova/+/252809
Thanks Rajat Dhasmana
Thanks in advance for your help and guidance.
/JW
*[1] Retype from CLI: https://paste.openstack.org/show/bVpFT82oURnanXkixreT/ <https://paste.openstack.org/show/bVpFT82oURnanXkixreT/>[2] cinder-logs: https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/ <https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/>*