[openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

Carlton, Paul (Cloud Services) paul.carlton2 at hpe.com
Tue Nov 1 15:22:57 UTC 2016


That change is in my test version or was till I reverted it with https://review.openstack.org/#/c/391418,

If you live migrate with the change you mentioned the instance goes to error when you try to hard reboot

Paul Carlton
Software Engineer
Cloud Services
Hewlett Packard Enterprise
Longdown Avenue
Stoke Gifford
Bristol BS34 8QZ

Office:     +44 (0) 1173 162189
Mobile:    +44 (0)7768 994283
Email:    paul.carlton at hpe.com
Hewlett-Packard Enterprise Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England.
The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as "HP CONFIDENTIAL".

From: Lee Yarwood <lyarwood at redhat.com>
Sent: 01 November 2016 14:58:58
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

On 01-11-16 12:02:55, Carlton, Paul (Cloud Services) wrote:
> Daniel
> Yes, thanks, but the thing is this does not occur with regular volumes!
> The process seems to be you need to connect the volume then the encryptor.
> In pre migration at the destination I connect the volume and then setup the encryptor and that works fine, but in post migration
> at destination it rebuilds the instance xml and defines the vm which calls _get_guest_storage_config which does another call to
> connect_volume.  This seems redundant to me, because it is already connected,
> but it works for normal volumes and if I bypass it for encrypted volumes
> it just fails with the same error when the same function is
> called as part of a subsequent hard reboot.

Try rebasing on the following change that reworked
post_live_migration_at_destination to fetch the domain XML from libvirt
instead of asking Nova to rebuild it :

libvirt: fix serial console not correctly defined after live-migration

I think you've highlighted that this caused issues with hard rebooting
elsewhere right?


> From: Daniel P. Berrange <berrange at redhat.com>
> Sent: 01 November 2016 11:29:51
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes
> On Tue, Nov 01, 2016 at 11:22:25AM +0000, Carlton, Paul (Cloud Services) wrote:
> > I'm working on a bug https://bugs.launchpad.net/nova/+bug/1633033 with the live migration of
> >
> > instances with encrypted volumes. I've submitted a work in progress version of a patch
> >
> > https://review.openstack.org/#/c/389608 but I can't overcome an issue with an iscsi command
> >
> > failure that only occurs for encrypted volumes during the post migration processing, see
> >
> > http://paste.openstack.org/show/587535/
> >
> >
> > Does anyone have any thoughts on how to proceed with this issue?
> No particular ideas, but I wanted to point out that the scsi_id command
> shown in that stack trace has a device path that points to the raw
> iSCSI LUN, not to the dm-crypt overlay. So it looks like you're hitting
> a failure before you get the encryption part, so encryption might be
> unrelated.

Lee Yarwood
Senior Software Engineer
Red Hat

PGP : A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76

OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161101/846ef6e6/attachment-0001.html>

More information about the OpenStack-dev mailing list