ee34d925ff
The LUKS encryptor feature expects devices to have a symbolic link that it can overwrite in order to enable transparent encryption/decryption for instances [1]. This is generally the case for RBD volumes, as Ceph uses udev rules [2] to create a '/dev/rbd/{pool}/{device}' -> '/dev/rbdN' symlink. However, in an environment where udev daemon is not present or configured correctly, this symlink will never be configured. This causes things to crash and burn in a rather non-obvious manner when locally attaching an encrypted RBD volume: oslo_concurrency.processutils.ProcessExecutionError: Unexpected error while running command. Command: cryptsetup luksOpen --key-file=- /dev/rbd/volumes/volume-foo crypt-volume-foo Exit code: 4 Stdout: '' Stderr: "Device /dev/rbd/volumes/foo doesn't exist or access denied.\n" ('foo' being a stand-in for a very long 'device-$UUID' name) The long term fix here is to probably stop relying on the side effects of these udev rules, i.e. the symlinks, but that is a far more involved fix that would not be backportable. Instead, for now we simply leave a breadcrumb for the user, informing them as to what's gone wrong and encouraging them to look at the bug report for more information. [1] https://github.com/openstack/os-brick/blob/3.1.0/os_brick/encryptors/luks.py#L191-L195 [2] https://github.com/ceph/ceph/blob/v14.0.0/udev/50-rbd.rules Change-Id: I2775f55039695c7ec029106c0dafe4d46255b336 Signed-off-by: Stephen Finucane <sfinucan@redhat.com> Related-Bug: #1884114 |
||
---|---|---|
.. | ||
connectors | ||
windows | ||
__init__.py | ||
connector.py | ||
host_driver.py | ||
initiator_connector.py | ||
linuxfc.py | ||
linuxrbd.py | ||
linuxscsi.py | ||
utils.py |