[nova] local LVM volume on compute hosts
smooney at redhat.com
Wed Jun 8 09:35:01 UTC 2022
On Wed, 2022-06-08 at 07:26 +0000, Paul Harrison wrote:
> > On 2022-06 -07, at 13:25, Sean Mooney <smooney at redhat.com> wrote:
> > no there is noting else you need to configure but this option is not what you think it is.
> > the images_type option contols what storage will be used for all non cinder storage.
> > i.e. vms that are booted with out usign a boot volume.
> > by default i belive we woudl use qcow or raw files on disk
> > with images_type=lvm we will instead create a lvm volume for the root disk but only if you do not use the boot form volume workflow.
> > there is no way curretnly to prevent usign boot form volume on a specific host and force only local storage directly via config.
> > you can do this indirectly but with sideffect.
> > effectivly if you have a set of hosts that cant or should not have acess to cinder you can create a spereate avaiablity zone.
> > you would then set [cinder]/cross_az_attch=false. e.g. create local-only az and if the cinder backend is configured to be in a differnt az then
> > the cross_az_attach config will prevent the vm form booting in the local-only az.
> > https://docs.openstack.org/nova/latest/configuration/config.html#cinder.cross_az_attach <https://docs.openstack.org/nova/latest/configuration/config.html#cinder.cross_az_attach>
> > so your current config will make any non boot from volume nova instance use lvm storage to provision the vm root/swap/epmeral disks
> > but will not prevent end users requesting cinder data voluems or boot volumes via the cli/api. if the opt in to cinder stoage that
> > is what they will recive but if they use teh default storage provided by the flaovr then it will be local.
> thanks for the explanation - it is a shame that there is not a more direct way in config to force local storage - looks like https://blueprints.launchpad.net/nova/+spec/use-libvirt-storage-pools <https://blueprints.launchpad.net/nova/+spec/use-libvirt-storage-pools> has never got enough votes for implementation.
thats not what your looking for really, libvirt has a way to create pools of storage locally but nova has its own way to do it itslef.
so we never used libvirts way of managing storage pools becasuse in the end it did not really provide any advantage over what we alreay had.
the libvirt driver can use local lvm storage or qcow/raw files but you cannot force people to use local storage without breaking interoperablity.
if they request to use cinder storage that request will be fulfilled if posible or the vm will fail to boot.
by default nova always uses local stroage unless you config the image backedn to rbd/ceph or the end user request boot form volume
its extra work for user to boot form volume so normally they do not do this.
if your users are explcitly going out of there way to not use local storage and instead are using the boot form volume flow there
might be a reason for that worflow wise. nova will never use or create a cinder volume if the user does not ask for one.
if you really want to prevent them more directly and interoperablity is not a concern you can alter novas rbac policy.
name=SERVERS % 'create:attach_volume',
description="Create a server with the requested volume attached to it",
unfortunetly i belive that policy applies to both boot form cinder root volume and boot form local storage with a secondary data volume.
your other option to acive your goal is to write custom midelware
like this https://github.com/openstack/nova/blob/b5029890c1c5b1b5153c9ca2fc9a8ea2437f635d/nova/api/openstack/requestlog.py
and then enable it via api-paste.ini
so you declare the middelware with the fully qualifed python calsse name
then you add it to the pipeline
so if you want to block boot form volume but not block boot form local disk with an attached data volume you can do that with middelware.
but in general i think it would be good to talk to your uses and understand why they are going through the extra effort to create boot form volume
guests instead of just use the local storage which as i said above is the default for server create.
More information about the openstack-discuss