When connecting encrypted volumes we need to return a symbolink link or
we will break all future attachments after detaching the volume.
OS-Brick on 1.14 and 1.15 returns real paths instead of returning symbolic
links, which results in the encryption attach_volume call replacing the
real device with a link to the crypt dm.
The issue comes from the Nova flow when attaching an encrypted volume:
1- Attach volume
2- Generate libvirt configuration with path from step 1
3- Encrypt attach volume
Since step 2 has already generated the config with the path from step 1 then
step 3 must preserve this path.
When step 1 returns a symbolic link we just forcefully replace it with a link
to the crypt dm and everything is OK, but when we return a real path it
does the same thing, which means we'll be replacing for example /dev/sda
with a symlink, which will then break the detach process, and all future
attachments.
Until Nova, Cinder, and OS-Brick are changed to have a different flow
(1, 3, 2) we need a workaround to make it work.
The workaround this patch introduces is to return a symbolic link when
the volume is encrypted.
It will try to return the symlink that always exists, but if it's not
there it will just look for ANY link to the device in '/dev/disk/by-id'.
Reviewed: https:/ /review. openstack. org/483069 /git.openstack. org/cgit/ openstack/ os-brick/ commit/ ?id=f341e9c3ed8 6d15b599c4547e7 83d1f9da011cdb
Committed: https:/
Submitter: Jenkins
Branch: master
commit f341e9c3ed86d15 b599c4547e783d1 f9da011cdb
Author: Gorka Eguileor <email address hidden>
Date: Wed Jul 12 19:55:20 2017 +0200
Return symlinks for encrypted volumes
When connecting encrypted volumes we need to return a symbolink link or
we will break all future attachments after detaching the volume.
OS-Brick on 1.14 and 1.15 returns real paths instead of returning symbolic
links, which results in the encryption attach_volume call replacing the
real device with a link to the crypt dm.
The issue comes from the Nova flow when attaching an encrypted volume:
1- Attach volume
2- Generate libvirt configuration with path from step 1
3- Encrypt attach volume
Since step 2 has already generated the config with the path from step 1 then
step 3 must preserve this path.
When step 1 returns a symbolic link we just forcefully replace it with a link
to the crypt dm and everything is OK, but when we return a real path it
does the same thing, which means we'll be replacing for example /dev/sda
with a symlink, which will then break the detach process, and all future
attachments.
Until Nova, Cinder, and OS-Brick are changed to have a different flow
(1, 3, 2) we need a workaround to make it work.
The workaround this patch introduces is to return a symbolic link when
the volume is encrypted.
It will try to return the symlink that always exists, but if it's not
there it will just look for ANY link to the device in '/dev/disk/by-id'.
Related-Bug: #1703954 d948be9d9a3643c 1eb81aaace9
Change-Id: If4461c3dcd67e5