On Fri, 2024-09-20 at 12:47 +0200, Jan Wasilewski wrote:
> Hi Rajat,
>
> First of all, thank you for your detailed response. Thanks to that, I was
> able to identify the source of the issue[1], which appears to be that this
> functionality is not yet implemented.
>
> I'm wondering what kind of workaround might exist. For volumes like vdb,
> vdc, etc., we can simply detach the volume from the virtual machine, but
> it’s not as straightforward for a root volume (vda). Is there a way to
> allow Cinder to handle such decryption without involving Nova in the
> process? Is there a simple way to "unplug" the root volume without
> destroying the VM?
no we do not supprot detaching the root volume

you might and i stress might be able to shleve the instance and try and do
the retrye then

when we shleve the volume shoudl change form inuse to reserved and it will
obviouly not be attached to a nova host once the instnace reaches the shelve_offloaded
state.


in that state i would expect the voluem retype to happen on the cinder
backend side but i dont know if cinder supports that.
>  I’d like to keep the ports and other settings intact. I
> can turn off the VM if necessary, but I’d prefer to avoid making more
> drastic changes.
shelve and unshelve will maintian all ports,volumes ectra so i think that should work for you.,
>
> Thanks again for your help and guidance.
>
> /JW
>
> [1] https://paste.openstack.org/show/b8lDJp2yPSC1nnAk2M0U/
>
>
>
> sob., 14 wrz 2024 o 08:58 Rajat Dhasmana <rdhasman@redhat.com> napisał(a):
>
> > Hi Jan,
> >
> > On Tue, Sep 10, 2024 at 5:53 PM Jan Wasilewski <finarffin@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I would like to ask about the procedure to retype a Cinder volume that is
> > > in-use (bootable volume, connected to a VM) from an encrypted (LUKS) type
> > > to a non-encrypted type (1000 IOPS). I tried to do this via the CLI[1], and
> > > while it seemed to work (at least according to the CLI output), the process
> > > didn’t complete successfully. Cinder logs[2] indicate that everything looks
> > > more or less fine: the volume is created, the volume migration is OK, and
> > > the retype is marked as completed.
> > >
> >
> > Retype of attached/in-use volumes happen on the nova side and cinder just
> > sends a request with old and new volume to nova to copy data and swap them.
> > So cinder logs might not be very relevant for this case, better would be
> > to check nova logs with DEBUG enabled.
> >
> >
> > > However, in the end, it doesn’t work (final output of [1]).
> > >
> > > I reviewed the blueprint at
> > > https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume,
> > > which appears to be implemented. Am I doing something wrong, or does this
> > > functionality not work as expected?
> > >
> > >
> > The blueprint[1] has the following spec[2] which has a link to nova side
> > changes which never merged so I'm suspecting the work never got completed?
> > Or maybe it's addressed in some other patch but I couldn't find details in
> > the LP bug, the review comments on the patch and neither on the BP or spec.
> > It would be good to check the errors on nova-compute logs to see where it
> > is specifically failing.
> >
> > [1] https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume
> > [2]
> > https://review.opendev.org/c/openstack/cinder-specs/+/248593/20/specs/newton/retype-encrypted-volumes.rst#147
> > [3] https://review.opendev.org/c/openstack/nova/+/252809
> >
> > Thanks
> > Rajat Dhasmana
> >
> > Thanks in advance for your help and guidance.
> > > /JW
> > >
> > >
> > > *[1] Retype from CLI:
> > > https://paste.openstack.org/show/bVpFT82oURnanXkixreT/
> > > <https://paste.openstack.org/show/bVpFT82oURnanXkixreT/>[2] cinder-logs:
> > > https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/
> > > <https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/>*
> > >
> >