ee34d925ff
The LUKS encryptor feature expects devices to have a symbolic link that it can overwrite in order to enable transparent encryption/decryption for instances [1]. This is generally the case for RBD volumes, as Ceph uses udev rules [2] to create a '/dev/rbd/{pool}/{device}' -> '/dev/rbdN' symlink. However, in an environment where udev daemon is not present or configured correctly, this symlink will never be configured. This causes things to crash and burn in a rather non-obvious manner when locally attaching an encrypted RBD volume: oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command. Command: cryptsetup luksOpen --key-file=- /dev/rbd/volumes/volume-foo crypt-volume-foo Exit code: 4 Stdout: '' Stderr: "Device /dev/rbd/volumes/foo doesn't exist or access denied.\n" ('foo' being a stand-in for a very long 'device-$UUID' name) The long term fix here is to probably stop relying on the side effects of these udev rules, i.e. the symlinks, but that is a far more involved fix that would not be backportable. Instead, for now we simply leave a breadcrumb for the user, informing them as to what's gone wrong and encouraging them to look at the bug report for more information. [1] https://github.com/openstack/os-brick/blob/3.1.0/os_brick/encryptors/luks.py#L191-L195 [2] https://github.com/ceph/ceph/blob/v14.0.0/udev/50-rbd.rules Change-Id: I2775f55039695c7ec029106c0dafe4d46255b336 Signed-off-by: Stephen Finucane <sfinucan@redhat.com> Related-Bug: #1884114 |
||
---|---|---|
doc | ||
etc/os-brick/rootwrap.d | ||
os_brick | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.stestr.conf | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
lower-constraints.txt | ||
pylintrc | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
brick
OpenStack Cinder brick library for managing local volume attaches
Features
- Discovery of volumes being attached to a host for many transport protocols.
- Removal of volumes from a host.
Hacking
Hacking on brick requires python-gdbm (for Debian derived distributions), Python 2.7 and Python 3.4. A recent tox is required, as is a recent virtualenv (13.1.0 or newer).
If "tox -e py34" fails with the error "db type could not be determined", remove the .testrepository/ directory and then run "tox -e py34".
- For any other information, refer to the developer documents:
- OR refer to the parent project, Cinder:
- Release notes for the project can be found at:
- License: Apache License, Version 2.0
- Source: https://opendev.org/openstack/os-brick
- Bugs: https://bugs.launchpad.net/os-brick