[cinder] Retype encrypted cinder volume to non-encrypted volume
Hi,
I would like to ask about the procedure to retype a Cinder volume that is in-use (bootable volume, connected to a VM) from an encrypted (LUKS) type to a non-encrypted type (1000 IOPS). I tried to do this via the CLI[1], and while it seemed to work (at least according to the CLI output), the process didn’t complete successfully. Cinder logs[2] indicate that everything looks more or less fine: the volume is created, the volume migration is OK, and the retype is marked as completed. However, in the end, it doesn’t work (final output of [1]).
I reviewed the blueprint at https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume, which appears to be implemented. Am I doing something wrong, or does this functionality not work as expected?
Thanks in advance for your help and guidance. /JW
*[1] Retype from CLI: https://paste.openstack.org/show/bVpFT82oURnanXkixreT/ https://paste.openstack.org/show/bVpFT82oURnanXkixreT/[2] cinder-logs: https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/ https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/*
Hi Jan,
On Tue, Sep 10, 2024 at 5:53 PM Jan Wasilewski finarffin@gmail.com wrote:
Hi,
I would like to ask about the procedure to retype a Cinder volume that is in-use (bootable volume, connected to a VM) from an encrypted (LUKS) type to a non-encrypted type (1000 IOPS). I tried to do this via the CLI[1], and while it seemed to work (at least according to the CLI output), the process didn’t complete successfully. Cinder logs[2] indicate that everything looks more or less fine: the volume is created, the volume migration is OK, and the retype is marked as completed.
Retype of attached/in-use volumes happen on the nova side and cinder just sends a request with old and new volume to nova to copy data and swap them. So cinder logs might not be very relevant for this case, better would be to check nova logs with DEBUG enabled.
However, in the end, it doesn’t work (final output of [1]).
I reviewed the blueprint at https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume, which appears to be implemented. Am I doing something wrong, or does this functionality not work as expected?
The blueprint[1] has the following spec[2] which has a link to nova side changes which never merged so I'm suspecting the work never got completed? Or maybe it's addressed in some other patch but I couldn't find details in the LP bug, the review comments on the patch and neither on the BP or spec. It would be good to check the errors on nova-compute logs to see where it is specifically failing.
[1] https://blueprints.launchpad.net/cinder/+spec/retype-encrypted-volume [2] https://review.opendev.org/c/openstack/cinder-specs/+/248593/20/specs/newton... [3] https://review.opendev.org/c/openstack/nova/+/252809
Thanks Rajat Dhasmana
Thanks in advance for your help and guidance.
/JW
*[1] Retype from CLI: https://paste.openstack.org/show/bVpFT82oURnanXkixreT/ https://paste.openstack.org/show/bVpFT82oURnanXkixreT/[2] cinder-logs: https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/ https://paste.openstack.org/show/b5rZpWNMqdi6qdpjaDfg/*
participants (2)
-
Jan Wasilewski
-
Rajat Dhasmana