[openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

Carlton, Paul (Cloud Services) paul.carlton2 at hpe.com
Wed Nov 2 08:55:08 UTC 2016


Lee


I see this in a multiple node devstack without shared storage, although that shouldn't be relevant

I do a live migration of an instance

I then hard reboot it


I you are not seeing the same outcome I'll look at this again


Paul Carlton
Software Engineer
Cloud Services
Hewlett Packard Enterprise
BUK03:T242
Longdown Avenue
Stoke Gifford
Bristol BS34 8QZ

Office:     +44 (0) 1173 162189
Mobile:    +44 (0)7768 994283
Email:    paul.carlton at hpe.com
Hewlett-Packard Enterprise Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England.
The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as "HP CONFIDENTIAL".

________________________________
From: Lee Yarwood <lyarwood at redhat.com>
Sent: 02 November 2016 08:17:35
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes

On 01-11-16 15:22:57, Carlton, Paul (Cloud Services) wrote:
> Lee
>
> That change is in my test version or was till I reverted it with https://review.openstack.org/#/c/391418,
>
> If you live migrate with the change you mentioned the instance goes to error when you try to hard reboot

Hey Paul,

I can't see a bug referenced by the revert above, have you looked into
why this is happening and if a full revert is really required? It might
be easier to fix this corner case, leaving the new method of fetching
the domain XML in post_live_migration_at_destination and thus working
around your issue.

Lee

> From: Lee Yarwood <lyarwood at redhat.com>
> Sent: 01 November 2016 14:58:58
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes
>
> On 01-11-16 12:02:55, Carlton, Paul (Cloud Services) wrote:
> > Daniel
> >
> > Yes, thanks, but the thing is this does not occur with regular volumes!
> > The process seems to be you need to connect the volume then the encryptor.
> > In pre migration at the destination I connect the volume and then setup the encryptor and that works fine, but in post migration
> > at destination it rebuilds the instance xml and defines the vm which calls _get_guest_storage_config which does another call to
> > connect_volume.  This seems redundant to me, because it is already connected,
> > but it works for normal volumes and if I bypass it for encrypted volumes
> > it just fails with the same error when the same function is
> > called as part of a subsequent hard reboot.
>
> Try rebasing on the following change that reworked
> post_live_migration_at_destination to fetch the domain XML from libvirt
> instead of asking Nova to rebuild it :
>
> libvirt: fix serial console not correctly defined after live-migration
> https://review.openstack.org/#/c/356335/
>
> I think you've highlighted that this caused issues with hard rebooting
> elsewhere right?
>
> Lee
>
> > From: Daniel P. Berrange <berrange at redhat.com>
> > Sent: 01 November 2016 11:29:51
> > To: OpenStack Development Mailing List (not for usage questions)
> > Subject: Re: [openstack-dev] [nova] [cinder] Issue with live migration of instances with encrypted volumes
> >
> > On Tue, Nov 01, 2016 at 11:22:25AM +0000, Carlton, Paul (Cloud Services) wrote:
> > > I'm working on a bug https://bugs.launchpad.net/nova/+bug/1633033 with the live migration of
> > >
> > > instances with encrypted volumes. I've submitted a work in progress version of a patch
> > >
> > > https://review.openstack.org/#/c/389608 but I can't overcome an issue with an iscsi command
> > >
> > > failure that only occurs for encrypted volumes during the post migration processing, see
> > >
> > > http://paste.openstack.org/show/587535/
> > >
> > >
> > > Does anyone have any thoughts on how to proceed with this issue?
> >
> > No particular ideas, but I wanted to point out that the scsi_id command
> > shown in that stack trace has a device path that points to the raw
> > iSCSI LUN, not to the dm-crypt overlay. So it looks like you're hitting
> > a failure before you get the encryption part, so encryption might be
> > unrelated.

--
Lee Yarwood
Senior Software Engineer
Red Hat

PGP : A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161102/65867fd2/attachment.html>


More information about the OpenStack-dev mailing list