Hi Sean,
I have stupid question, How does vm running on compute nodes talk to NFS block volume? Do I need to mount NFS on compute nodes and if yes then at what location? yes we mount the nfs share on the compute node and then the voluem is just a qcow or raw file on that share
On Tue, 2024-03-05 at 16:48 -0500, Satish Patel wrote: the location of the mount point is specifed by https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.nfs... it defaults too $state_path/mnt which is by default /var/lib/nova/mnt so the volume will be something like /var/lib/nova/mnt/<cinder volume uuid>/<volume uuid>.qcow the exact location is specifived by cinder in the connection info as part of the volume attachment. because of how snapshots are implented in this case the <volume uuid>.qcow file may have multiple addtional backing files for the various volume snapshots so there may be multiple files within that host volume mount. if you want to play with this in a test env you can use the nfs devstack plugin https://github.com/openstack/devstack-plugin-nfs to spine this up in vm and then compare to your actul env. or you can look at the logs form the devstack-plugin-nfs-tempest-full https://zuul.openstack.org/builds?job_name=devstack-plugin-nfs-tempest-full if we look at the nova logs form that job https://78efdeb5d53dd83161de-d5860347ad41e6939aca030b514b1ef7.ssl.cf5.rackcd... we see the nfs mount ends up looking like this Mar 06 13:44:04.314787 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.volume.mount [None req-06796a19-47f0- 482d-9af7-4f2758161bde tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member] [instance: bbc16e80-ebf2-40f2-afa5-f947e0af096b] _HostMountState.mount(fstype=nfs, export=localhost:/srv/nfs1, vol_name=volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1, /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57, options=[]) generation 0 {{(pid=85429) mount /opt/stack/nova/nova/virt/libvirt/volume/mount.py:288}} so /srv/nfs1 on the nfs server is mounted at /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57 the libvirt xml for this volume is generated as so Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: DEBUG nova.virt.libvirt.guest [None req-ba5c8b84-0e2c-4b45- 8235-60954aed3426 tempest-TaggedAttachmentsTest-673386850 tempest-TaggedAttachmentsTest-673386850-project-member] detach device xml: <disk type="file" device="disk"> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <driver name="qemu" type="raw" cache="none" io="native"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <alias name="ua-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <source file="/opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57/volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <target dev="vdb" bus="virtio"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <serial>5e87db18-0cfe-46ff-b34d-85f4606c1fa1</serial> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: <address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/> Mar 06 13:44:10.638487 np0036975774 nova-compute[85429]: </disk> so within the /opt/stack/data/nova/mnt/896fb15da6036b68a917322e72ebfe57 mount there is a raw file called volume-5e87db18-0cfe-46ff-b34d-85f4606c1fa1 this was form tempest-TaggedAttachmentsTest-673386850-project-member so that is why if you look in the logs you see the vm does not have this volume innnitall and then we attach it in the job. from qemu's perspective this volume is just a local file, that local file just happens to be on an nfs filesystem rahter then a local disk.
On Tue, Mar 5, 2024 at 3:49 PM Satish Patel <satish.txt@gmail.com> wrote:
Hello Sean,
I've configured NFS v4 but still I am seeing cinder-volume@nfs service is down and nothing interesting in logs (I have turned on DEBUG also). What could be the problem? I have just found out that this is not the 2023.1 release but the Zed release of openstack.
2024-03-05 20:39:35.855 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs -o vers=4,minorversion=1 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 32 in 0.697s execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422 2024-03-05 20:39:35.857 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] 'sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs -o vers=4,minorversion=1 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332' failed. Not Retrying. execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:473 2024-03-05 20:39:35.858 150 ERROR os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to mount 192.168.18.245:/volume1/ISO, reason: mount.nfs: Protocol not supported : oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command. 2024-03-05 20:39:35.859 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Failed to do pnfs mount. _mount_nfs /var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:157 2024-03-05 20:39:35.860 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384 2024-03-05 20:39:36.753 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf mount -t nfs 192.168.18.245:/volume1/ISO /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.892s execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422 2024-03-05 20:39:36.754 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Mounted 192.168.18.245:/volume1/ISO using nfs. _mount_nfs /var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:152 2024-03-05 20:39:36.755 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares ['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358 2024-03-05 20:39:36.756 150 DEBUG cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS variable secure_file_permissions setting is: false set_nas_security_options /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:432 2024-03-05 20:39:36.757 150 WARNING cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file permissions mode will be 666 (allowing other/world read & write access). This is considered an insecure NAS environment. Please see https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html for information on a secure NFS configuration. 2024-03-05 20:39:36.757 150 DEBUG cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] NAS secure file operations setting is: false set_nas_security_options /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/nfs.py:458 2024-03-05 20:39:36.758 150 WARNING cinder.volume.drivers.nfs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] The NAS file operations will be run as root: allowing root level access at the storage backend. This is considered an insecure NAS environment. Please see https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html for information on a secure NAS configuration. 2024-03-05 20:39:36.759 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Loading shares from /etc/cinder/nfs_shares. _load_shares_config /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:597 2024-03-05 20:39:36.760 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] shares loaded: {'192.168.18.245:/volume1/ISO': None} _load_shares_config /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:629 2024-03-05 20:39:36.761 150 DEBUG os_brick.remotefs.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Already mounted: /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 mount /var/lib/kolla/venv/lib/python3.10/site-packages/os_brick/remotefs/remotefs.py:105 2024-03-05 20:39:36.761 150 DEBUG cinder.volume.drivers.remotefs [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Available shares ['192.168.18.245:/volume1/ISO'] _ensure_shares_mounted /var/lib/kolla/venv/lib/python3.10/site-packages/cinder/volume/drivers/remotefs.py:358 2024-03-05 20:39:36.762 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S %b %a /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384 2024-03-05 20:39:37.458 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf stat -f -c %S %b %a /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332" returned: 0 in 0.696s execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422 2024-03-05 20:39:37.460 150 DEBUG oslo_concurrency.processutils [None req-51d22088-acf4-4dc6-a858-828cc3eb9394 - - - - - -] Running cmd (subprocess): sudo cinder-rootwrap /etc/cinder/rootwrap.conf du -sb --apparent-size --exclude *snapshot* /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 execute /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:384
On Tue, Mar 5, 2024 at 12:55 PM Satish Patel <satish.txt@gmail.com> wrote:
Thank you for detailed information, I would like to use NFS and see how it works. My end goal is to use iSCSI for cinder volume service.
Do you think switching to NFS v4 will fix the problem in my case. My setup is super simple but somehow it just doesn't like NFS and cinder-volume service is showing down even all the permission and configs are correct.
On Fri, Mar 1, 2024 at 9:19 AM <smooney@redhat.com> wrote:
On Fri, 2024-03-01 at 09:10 -0500, Satish Patel wrote:
It Looks like everyone hates NFS and nobody uses it :) for cidner unless its with a hardware san there are may better options
for better or worse a non 0 numbner of peole decide to put nova's /var/lib/nova/instances directory on NFS shares instead of using somehting like ceph
On Tue, Feb 27, 2024 at 11:31 PM Satish Patel <satish.txt@gmail.com>
wrote:
Folks,
I am configuring NFS for the cinder backend but somehow it doesn't go well. I am running kolla-ansible with the 2023.1 release.
cinder.conf
[DEFAULT] enabled_backends = volumes-ssd,volumes-nfs
[volumes-nfs] volume_driver = cinder.volume.drivers.nfs.NfsDriver volume_backend_name = volumes-nfs nfs_shares_config = /etc/cinder/nfs_shares nfs_snapshot_support = True nas_secure_file_permissions = False nas_secure_file_operations = False
Inside the cinder_volume docker container I can see it mounts NFS automatically and directory permissions is also cinder:cinder also I
am
able to write on NFS share also so it's not a permission issue also.
$ docker exec -it cinder_volume mount | grep nfs 192.168.18.245:/volume1/NFS on /var/lib/cinder/mnt/1ec32c051aa5520a1ff679ce879da332 type nfs
(rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=19 2.16
8.18.245,mountvers=3,mountport=892,mountproto=udp,local_lock=none,addr=192.168.18.245) nfs v3 should not be used with nova instances and when used for cinder voume there are some know bugs or feature partiy gaps like live extend. qemu recommends 4.2 as a minium version to mitigate the massive locking issues with v3 and for some other feature such as spares file support. nfs is not a bad idea in general, its fine to use with manial but putting block storage on an NFS share is generally a bad idea so its not a great fit for cinder/novas usage. for services like glance or manila its fine.
But service is still showing down.
> cinder-volume | os-ctrl2@volumes-nfs | nova | enabled | down
2024-02-28T04:13:11.000000 |
In logs I am seeing these 3 lines but then no activity in logs even after restarting the container so that is very strange.
2024-02-28 04:13:12.995 153 ERROR os_brick.remotefs.remotefs [None req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] Failed to mount 192.168.18.245:/volume1/NFS, reason: mount.nfs: Protocol not supported : oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command. 2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file permissions mode will be 666 (allowing other/world read & write access). This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NFS configuration. 2024-02-28 04:13:13.501 153 WARNING cinder.volume.drivers.nfs [None req-6bcb8eab-6aa6-4c36-9a7a-ed673c39dcbc - - - - - -] The NAS file operations will be run as root: allowing root level access at the storage backend. This is considered an insecure NAS environment. Please see
https://docs.openstack.org/cinder/latest/admin/blockstorage-nfs-backend.html
for information on a secure NAS configuration.
Has anyone configured NFS and noticed any behavior?