[openstack-dev] minimum libvirt version for nova-compute

Lee Yarwood lyarwood at redhat.com
Wed Jun 20 11:54:26 UTC 2018


On 20-06-18 11:23:24, Thomas Goirand wrote:
> Hi,
> 
> Trying to get puppet-openstack to validate with Debian, I got surprised
> that mounting encrypted volume didn't work for me, here's the stack dump
> with libvirt 3.0.0 from Debian Stretch:
> 
>    File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py",
> line 1463, in attach_volume
>      guest.attach_device(conf, persistent=True, live=live)
>    File "/usr/lib/python3/dist-packages/nova/virt/libvirt/guest.py",
> line 303, in attach_device
>      self._domain.attachDeviceFlags(device_xml, flags=flags)
>    File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 186, in
> doit
>      result = proxy_call(self._autowrap, f, *args, **kwargs)
>    File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 144, in
> proxy_call
>      rv = execute(f, *args, **kwargs)
>    File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 125, in
> execute
>      six.reraise(c, e, tb)
>    File "/usr/lib/python3/dist-packages/eventlet/support/six.py", line
> 625, in reraise
>      raise value
>    File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 83, in
> tworker
>      rv = meth(*args, **kwargs)
>    File "/usr/lib/python3/dist-packages/libvirt.py", line 585, in
> attachDeviceFlags
>      if ret == -1: raise libvirtError ('virDomainAttachDeviceFlags()
> failed', dom=self)
>  libvirt.libvirtError: internal error: unable to execute QEMU command
> 'object-add': Incorrect number of padding bytes (57) found on decrypted data

That's actually a bug and not a lack of support in the version of
libvirt you're using:

Unable to use LUKS passphrase that is exactly 16 bytes long 
https://bugzilla.redhat.com/show_bug.cgi?id=1447297

[libvirt] [PATCH] Fix padding of encrypted data
https://www.redhat.com/archives/libvir-list/2017-May/msg00030.html

> After switching to libvirt 4.3.0 (my own backport from Debian Testing),
> it does work. So, while the minimum version of libvirt seems to be
> enough for normal operation, it isn't for encrypted volumes.
> 
> Therefore, I wonder if Nova shouldn't declare a minimum version of
> libvirt higher than it claims at the moment. I'm stating that,
> especially because we had this topic a few weeks ago.

We can bump the minimum here but then we have to play a game of working
out the oldest version the above fix was backported to across the
various distros. I'd rather see this address by the Libvirt maintainers
in Debian if I'm honest. 

Cheers,

-- 
Lee Yarwood                 A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180620/03618b90/attachment.sig>


More information about the OpenStack-dev mailing list