Hi Oliver,

Thank you so much for sharing the configuration. 

I have a quick question related to how computer nodes mount NFS shares? Does cinder instruct compute nodes to mount NFS share or kolla-ansible push NFS share point configuration to all the compute nodes. Just trying to understand the logic behind the logic.

Thanks! 

On Wed, Mar 6, 2024 at 1:00 PM Oliver Weinmann <oliver.weinmann@me.com> wrote:
Hi Satish,

I use NFSv3 and this is my config:

cat > /etc/kolla/config/cinder/nfs_shares << EOF
#HOST:SHARE
192.168.2.2:/odroidxu4/openstack_volumes -o nfsvers=3

#Enable Cinder NFS Backend
sed -i 's/^#enable_cinder_backend_nfs:.*/enable_cinder_backend_nfs: “yes"/g' /etc/kolla/globals.yml

#Enable Cinder Backup NFS Backend
sed -i 's/^#cinder_backup_driver:.*/cinder_backup_driver: "nfs"/g' /etc/kolla/globals.yml
sed -i 's?^#cinder_backup_share:.*?cinder_backup_share: "192.168.2.2:/odroidxu4/openstack_backup"?g' /etc/kolla/globals.yml
sed -i 's/^#cinder_backup_mount_options_nfs:.*/cinder_backup_mount_options_nfs: "vers=3"/g' /etc/kolla/globals.yml

Hope this helps.

Cheers,
Oliver

On 6. Mar 2024, at 16:36, smooney@redhat.com wrote:

On Tue, 2024-03-05 at 16:48 -0500, Satish Patel wrote:
Hi Sean,

I have stupid question, How does vm running on compute nodes talk to NFS
block volume? Do I need to mount NFS on compute nodes and if yes then at
what location?
yes we mount the nfs share on the compute node and then the voluem is just a qcow or raw file on that share
the location of the mount point is specifed by
https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.nfs_mount_point_base
it defaults too $state_path/mnt

which is by default /var/lib/nova/mnt
so the volume will be something like /var/lib/nova/mnt/<cinder volume uuid>/<volume uuid>.qcow

the exact location is specifived by cinder in the connection info as part of the volume attachment.

because of how snapshots are implented in this case the <volume uuid>.qcow file may have multiple addtional
backing files for the various volume snapshots so there may be multiple files within that host volume mount.

if you want to play with this in a test env you can use the nfs devstack plugin
https://github.com/openstack/devstack-plugin-nfs to spine this up in vm and then compare to your
actul env. or you can look at the logs form the devstack-plugin-nfs-tempest-full

https://zuul.openstack.org/builds?job_name=devstack-plugin-nfs-tempest-full

if we look at the nova logs form that job
https://78efdeb5d53dd83161de-d5860347ad41e6939aca030b514b1ef7.ssl.cf5.rackcdn.com/910700/3/check/devstack-plugin-nfs-tempest-full/7898a31/controller/logs/screen-n-cpu.txt

we see the nfs mount ends up looking like this

Mar 06 13:44:04.314787 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.volume.mount [None req-06796a19-47f0-
482d-9af7-4f2758161bde tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member]
[instance: bbc16e80-ebf2-40f2-afa5-f947e0af096b] _HostMountState.mount(fstype=nfs, export=localhost:/srv/nfs1,
vol_name=volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1, /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57,
options=[]) generation 0 {{(pid=85429) mount /opt/stack/nova/nova/virt/libvirt/volume/mount.py:288}}

so /srv/nfs1 on the nfs server is mounted at /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57

the libvirt xml for this volume is generated as so

Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.guest [None req-ba5c8b84-0e2c-4b45-
8235-60954aed3426 tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member] detach
device xml: <disk type="file" device="disk">
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <driver name="qemu" type="raw" cache="none" io="native"/>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <alias name="ua-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <source
file="/opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57/volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <target dev="vdb" bus="virtio"/>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <serial>5e87db18-0cfe-46ff-b34d-85f4606c1fa1</serial>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]:   <address type="pci" domain="0x0000" bus="0x00" slot="0x08"
function="0x0"/>
Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: </disk>

so within the /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57 mount there is a raw file called
volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1

this was form tempest-TaggedAttachmentsTest-673386850-project-member

so that is why if you look in the logs you see the vm does not have this volume innnitall and then we attach it in the
job.

from qemu's perspective this volume is just a local file, that local file just happens to be on an nfs filesystem rahter
then a local disk.


On Tue, Mar 5, 2024 at 3:49 PM Satish Patel <satish.txt@gmail.com> wrote:

Hello Sean,

I've configured NFS v4 but still I am seeing cinder-volume@nfs service is
down and nothing interesting in logs (I have turned on DEBUG also). What
could be the problem? I have just found out that this is not the 2023.1
release but the Zed release of openstack.

2024-03-05 20:39:35.855 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo
cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs -o
vers=4,minorversion=1 192.168.18.245:/volume1/ISO
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 32 in
0.697s execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:35.857 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] 'sudo cinder-rootwrap
/etc/cinder/rootwrap.conf mount -t nfs -o vers=4,minorversion=1
192.168.18.245:/volume1/ISO
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332' failed. Not Retrying.
execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:473
2024-03-05 20:39:35.858 150 ERROR os_brick.remotefs.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to mount
192.168.18.245:/volume1/ISO, reason: mount.nfs: Protocol not supported
: oslo_concurrency.processutils.ProcessExecutionError: Unexpected error
while running command.
2024-03-05 20:39:35.859 150 DEBUG os_brick.remotefs.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to do pnfs
mount. _mount_nfs
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:157
2024-03-05 20:39:35.860 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd
(subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs
192.168.18.245:/volume1/ISO
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
2024-03-05 20:39:36.753 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo
cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs 192.168.18.245:/volume1/ISO
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.892s
execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:36.754 150 DEBUG os_brick.remotefs.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Mounted
192.168.18.245:/volume1/ISO using nfs. _mount_nfs
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:152
2024-03-05 20:39:36.755 150 DEBUG cinder.volume.drivers.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares
['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358
2024-03-05 20:39:36.756 150 DEBUG cinder.volume.drivers.nfs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS variable
secure_file_permissions setting is: false set_nas_security_options
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:432
2024-03-05 20:39:36.757 150 WARNING cinder.volume.drivers.nfs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file
permissions mode will be 666 (allowing other/world read & write access).
This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NFS configuration.
2024-03-05 20:39:36.757 150 DEBUG cinder.volume.drivers.nfs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS secure file
operations setting is: false set_nas_security_options
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:458
2024-03-05 20:39:36.758 150 WARNING cinder.volume.drivers.nfs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file
operations will be run as root: allowing root level access at the storage
backend. This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NAS configuration.
2024-03-05 20:39:36.759 150 DEBUG cinder.volume.drivers.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Loading shares from
/etc/cinder/nfs_shares. _load_shares_config
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:597
2024-03-05 20:39:36.760 150 DEBUG cinder.volume.drivers.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] shares loaded:
{'192.168.18.245:/volume1/ISO': None} _load_shares_config
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:629
2024-03-05 20:39:36.761 150 DEBUG os_brick.remotefs.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Already mounted:
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 mount
/var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:105
2024-03-05 20:39:36.761 150 DEBUG cinder.volume.drivers.remotefs [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares
['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted
/var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358
2024-03-05 20:39:36.762 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd
(subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S
%b %a /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
2024-03-05 20:39:37.458 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo
cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S %b %a
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.696s
execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422
2024-03-05 20:39:37.460 150 DEBUG oslo_concurrency.processutils [None
req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd
(subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf du -sb
--apparent-size --exclude *snapshot*
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute
/var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384

On Tue, Mar 5, 2024 at 12:55 PM Satish Patel <satish.txt@gmail.com> wrote:

Thank you for detailed information,  I would like to use NFS and see
how it works. My end goal is to use iSCSI for cinder volume service.

Do you think switching to NFS v4 will fix the problem in my case. My
setup is super simple but somehow it just doesn't like NFS and
cinder-volume service is showing down even all the permission and configs
are correct.

On Fri, Mar 1, 2024 at 9:19 AM <smooney@redhat.com> wrote:

On Fri, 2024-03-01 at 09:10 -0500, Satish Patel wrote:
It Looks like everyone hates NFS and nobody uses it :)
for cidner unless its with a hardware san there are may better options

for better or worse a non 0 numbner of peole decide to put nova's
/var/lib/nova/instances directory on NFS shares
instead of using somehting like ceph

On Tue, Feb 27, 2024 at 11:31 PM Satish Patel <satish.txt@gmail.com>
wrote:

Folks,

I am configuring NFS for the cinder backend but somehow it doesn't go
well. I am running kolla-ansible with the 2023.1 release.

cinder.conf

[DEFAULT]
enabled_backends = volumes-ssd,volumes-nfs

[volumes-nfs]
volume_driver = cinder.volume.drivers.nfs.NfsDriver
volume_backend_name = volumes-nfs
nfs_shares_config = /etc/cinder/nfs_shares
nfs_snapshot_support = True
nas_secure_file_permissions = False
nas_secure_file_operations = False

Inside the cinder_volume docker container I can see it mounts NFS
automatically and directory permissions is also cinder:cinder also I
am
able to write on NFS share also so it's not a permission issue also.

$ docker exec -it cinder_volume mount | grep nfs
192.168.18.245:/volume1/NFS on
/var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 type nfs

(rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=19
2.16

8.18.245,mountvers=3,mountport=892,mountproto=udp,local_lock=none,addr=192.168.18.245)
nfs v3 should not be used with nova instances and when used for cinder
voume there are some know bugs or feature partiy
gaps like live extend.
qemu recommends 4.2 as a minium version to mitigate the massive locking
issues with v3 and for some other feature such
as spares file support.  nfs is not a bad idea in general, its fine to
use with manial but putting block storage on an
NFS share is generally a bad idea so its not a great fit for
cinder/novas usage. for services like glance or manila its
fine.


But service is still showing down.

cinder-volume    | os-ctrl2@volumes-nfs  | nova | enabled | down

2024-02-28T04:13:11.000000 |

In logs I am seeing these 3 lines but then no activity in logs even
after
restarting the container so that is very strange.

2024-02-28 04:13:12.995 153 ERROR os_brick.remotefs.remotefs [None
req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] Failed to mount
192.168.18.245:/volume1/NFS, reason: mount.nfs: Protocol not
supported
: oslo_concurrency.processutils.ProcessExecutionError: Unexpected
error
while running command.
2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None
req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file
permissions mode will be 666 (allowing other/world read & write
access).
This is considered an insecure NAS environment. Please see

https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NFS configuration.
2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None
req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file
operations will be run as root: allowing root level access at the
storage
backend. This is considered an insecure NAS environment. Please see

https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NAS configuration.

Has anyone configured NFS and noticed any behavior?