ee34d925ff
The LUKS encryptor feature expects devices to have a symbolic link that
it can overwrite in order to enable transparent encryption/decryption
for instances [1]. This is generally the case for RBD volumes, as Ceph
uses udev rules [2] to create a '/dev/rbd/{pool}/{device}' ->
'/dev/rbdN' symlink. However, in an environment where udev daemon is not
present or configured correctly, this symlink will never be configured.
This causes things to crash and burn in a rather non-obvious manner when
locally attaching an encrypted RBD volume:
oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command.
Command: cryptsetup luksOpen --key-file=- /dev/rbd/volumes/volume-foo crypt-volume-foo
Exit code: 4
Stdout: ''
Stderr: "Device /dev/rbd/volumes/foo doesn't exist or access denied.\n"
('foo' being a stand-in for a very long 'device-$UUID' name)
The long term fix here is to probably stop relying on the side effects
of these udev rules, i.e. the symlinks, but that is a far more involved
fix that would not be backportable. Instead, for now we simply leave a
breadcrumb for the user, informing them as to what's gone wrong and
encouraging them to look at the bug report for more information.
[1] https://github.com/openstack/os-brick/blob/3.1.0/os_brick/encryptors/luks.py#L191-L195
[2] https://github.com/ceph/ceph/blob/v14.0.0/udev/50-rbd.rules
Change-Id: I2775f55039695c7ec029106c0dafe4d46255b336
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Related-Bug: #1884114
|
||
|---|---|---|
| .. | ||
| connectors | ||
| windows | ||
| __init__.py | ||
| connector.py | ||
| host_driver.py | ||
| initiator_connector.py | ||
| linuxfc.py | ||
| linuxrbd.py | ||
| linuxscsi.py | ||
| utils.py | ||