Comment 3 for bug 1703954

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to os-brick (master)

Reviewed: https://review.openstack.org/483069
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=f341e9c3ed86d15b599c4547e783d1f9da011cdb
Submitter: Jenkins
Branch: master

commit f341e9c3ed86d15b599c4547e783d1f9da011cdb
Author: Gorka Eguileor <email address hidden>
Date: Wed Jul 12 19:55:20 2017 +0200

    Return symlinks for encrypted volumes

    When connecting encrypted volumes we need to return a symbolink link or
    we will break all future attachments after detaching the volume.

    OS-Brick on 1.14 and 1.15 returns real paths instead of returning symbolic
    links, which results in the encryption attach_volume call replacing the
    real device with a link to the crypt dm.

    The issue comes from the Nova flow when attaching an encrypted volume:

    1- Attach volume
    2- Generate libvirt configuration with path from step 1
    3- Encrypt attach volume

    Since step 2 has already generated the config with the path from step 1 then
    step 3 must preserve this path.

    When step 1 returns a symbolic link we just forcefully replace it with a link
    to the crypt dm and everything is OK, but when we return a real path it
    does the same thing, which means we'll be replacing for example /dev/sda
    with a symlink, which will then break the detach process, and all future
    attachments.

    Until Nova, Cinder, and OS-Brick are changed to have a different flow
    (1, 3, 2) we need a workaround to make it work.

    The workaround this patch introduces is to return a symbolic link when
    the volume is encrypted.

    It will try to return the symlink that always exists, but if it's not
    there it will just look for ANY link to the device in '/dev/disk/by-id'.

    Related-Bug: #1703954
    Change-Id: If4461c3dcd67e5d948be9d9a3643c1eb81aaace9