Browse Source

Make close on cryptsetup volumes idempotent

When recovering from the failure of a compute host, Nova can call
close on an encryptor whose state Nova can't be certain of, but which
hasn't been created. This change makes the close operation idempotent,
which allows recovery to be more robust.

Related-bug: #1724573
Change-Id: I9f52f89b8466d03699cfd5c0e32c672c934cd6fb
changes/63/522263/1
Matthew Booth 4 years ago
parent
commit
cedf281c73
  1. 10
      os_brick/encryptors/cryptsetup.py
  2. 4
      os_brick/tests/encryptors/test_cryptsetup.py

10
os_brick/encryptors/cryptsetup.py

@ -169,11 +169,13 @@ class CryptsetupEncryptor(base.VolumeEncryptor):
def _close_volume(self, **kwargs):
"""Closes the device (effectively removes the dm-crypt mapping)."""
LOG.debug("closing encrypted volume %s", self.dev_path)
# cryptsetup returns 4 when attempting to destroy a non-active
# dm-crypt device. We are going to ignore this error code to make
# nova deleting that instance successfully.
# NOTE(mdbooth): remove will return 4 (wrong device specified) if
# the device doesn't exist. We assume here that the caller hasn't
# specified the wrong device, and that it doesn't exist because it
# isn't open. We don't fail in this case in order to make this
# operation idempotent.
self._execute('cryptsetup', 'remove', self.dev_name,
run_as_root=True, check_exit_code=True,
run_as_root=True, check_exit_code=[0, 4],
root_helper=self._root_helper)
def detach_volume(self, **kwargs):

4
os_brick/tests/encryptors/test_cryptsetup.py

@ -88,7 +88,7 @@ class CryptsetupEncryptorTestCase(test_base.VolumeEncryptorTestCase):
mock_execute.assert_has_calls([
mock.call('cryptsetup', 'remove', self.dev_name,
root_helper=self.root_helper,
run_as_root=True, check_exit_code=True),
run_as_root=True, check_exit_code=[0, 4]),
])
@mock.patch('os_brick.executor.Executor._execute')
@ -98,7 +98,7 @@ class CryptsetupEncryptorTestCase(test_base.VolumeEncryptorTestCase):
mock_execute.assert_has_calls([
mock.call('cryptsetup', 'remove', self.dev_name,
root_helper=self.root_helper,
run_as_root=True, check_exit_code=True),
run_as_root=True, check_exit_code=[0, 4]),
])
def test_init_volume_encryption_not_supported(self):

Loading…
Cancel
Save