Encrypted volume attachment fails when nova-compute is containerized
Bug #1729419 reported by
Eric Harney
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Emilien Macchi |
Bug Description
Encrypted volume attachment fails when nova-compute is running in a container (Pike). The compute service runs "cryptsetup luksOpen" which hangs waiting for some udev device creation to complete. This never finishes and the command hangs.
Changing the nova compute service to run with "--ipc=host" allows devicemapper in the container to see the udev device process finish, and resolves this issue.
This will be needed for any services attaching encrypted Cinder volumes: nova compute and cinder volume at a minimum.
Changed in tripleo: | |
milestone: | none → queens-2 |
importance: | Undecided → Critical |
Changed in tripleo: | |
assignee: | Eric Harney (eharney) → Emilien Macchi (emilienm) |
tags: | added: pike-backport-potential |
To post a comment you must log in.
Some info from Kolla here: https:/ /www.redhat. com/archives/ linux-lvm/ 2016-March/ msg00019. html