Lab 4.1 Not working. Encrypted Volume is created but I can't attach to instance
Hi I've followed all step for this lab at least 4 times, but when I try to attach the encrypted volume it appears as attaching and then available. No error is shown either in BUI or CLI.
ubuntu@devstack-cc:~/devstack$ openstack volume type list
+--------------------------------------+-------------+-----------+
| ID | Name | Is Public |
+--------------------------------------+-------------+-----------+
| d5f58df2-a559-4cc0-af7b-540f23a77fd8 | LUKS | True |
| 03818bee-9880-44de-892e-92417ffea175 | lvmdriver-1 | True |
+--------------------------------------+-------------+-----------+
ubuntu@devstack-cc:~/devstack$ cinder encryption-type-list
+--------------------------------------+---------------+-----------------+----------+
------------------+
| Volume Type ID | Provider | Cipher | Key Size |
Control Location |
+--------------------------------------+---------------+-----------------+----------+
------------------+
| d5f58df2-a559-4cc0-af7b-540f23a77fd8 | LuksEncryptor | aes-xts-plain64 | 256 |
front-end |
+--------------------------------------+---------------+-----------------+----------+
------------------+
ubuntu@devstack-cc:~/devstack$ cinder show crypt-vol
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attached_servers | [] |
| attachment_ids | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2018-01-05T12:32:23.000000 |
| description | None |
| encrypted | True |
| id | d3d53c76-5c90-43b6-86e8-78bd64cf4931 |
| metadata | |
| migration_status | None |
| multiattach | False |
| name | crypt-vol |
| os-vol-host-attr:host | devstack-cc@lvmdriver-1#lvmdriver-1 |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 8f776fc3b99f40d1b31e03206f5b7d6a |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| updated_at | 2018-01-05T12:36:09.000000 |
| user_id | 4cb3d7e3538f4f8dbff60e3f1d074fbf |
| volume_type | LUKS |
+--------------------------------+--------------------------------------+
ubuntu@devstack-cc:~/devstack$ openstack volume list
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| ID | Name | Status | Size | Attached to
|
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| d3d53c76-5c90-43b6-86e8-78bd64cf4931 | crypt-vol | available | 1 |
|
| ca554042-563d-4949-998f-425a98fd5fa6 | | in-use | 1 | Attached to g
olden on /dev/vda |
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
ubuntu@devstack-cc:~/devstack$ openstack server list
+--------------------------------------+--------+--------+---------------------------
------------------------------+-------+---------+
| f8eba3f9-c95c-45da-bbb3-a37ef3aafc89 | golden | ACTIVE | private=10.0.0.11, fdf9:81
a4:fd37:0:f816:3eff:fef6:a275 | | m1.tiny |
+--------------------------------------+--------+--------+---------------------------
------------------------------+-------+---------+
ubuntu@devstack-cc:~/devstack$ openstack server add volume f8eba3f9-c95c-45da-bbb3-a3
7ef3aafc89 d3d53c76-5c90-43b6-86e8-78bd64cf4931 --device /dev/vdb
ubuntu@devstack-cc:~/devstack$ openstack volume list
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| ID | Name | Status | Size | Attached to
|
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| d3d53c76-5c90-43b6-86e8-78bd64cf4931 | crypt-vol | available | 1 |
|
| ca554042-563d-4949-998f-425a98fd5fa6 | | in-use | 1 | Attached to g
olden on /dev/vda |
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
ubuntu@devstack-cc:~/devstack$ openstack volume list
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| ID | Name | Status | Size | Attached to
|
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
| d3d53c76-5c90-43b6-86e8-78bd64cf4931 | crypt-vol | available | 1 |
|
| ca554042-563d-4949-998f-425a98fd5fa6 | | in-use | 1 | Attached to g
olden on /dev/vda |
+--------------------------------------+-----------+-----------+------+--------------
-------------------+
ubuntu@devstack-cc:~/devstack$
Comments
-
It seems that there were six messages posted then deleted recently. I responded to your first message, but it looks like that is gone. In case you are wondering why I'm posting this response again, that is why.
What is the output of the logs, such as what you would see with journalctl -a |grep cinder? Log files are always the first step to troubleshooting, if there is not an obvious error when you run a command. As the process takes a bit to complete the CLI and BUI would not show the output.
As you seem to not be seeing my responses I will try to debug this as well and will try to get an answer to you before the message is deleted again.
Regards,
0 -
I have found the same result, it fails when joining a snapshot instance. If you were to create an instance from an image, a more traditional way, it works. This could be a bug with Cinder or the Nova snapshot process, where it is not providing the necessary drivers and hooks for the volume to be attached.
Try to create a typical instance and add your encrypted volume to that. If you are able to, then it is indeed a bug.
Regards,
0 -
I have found the same result, it fails when joining a snapshot instance. If you were to create an instance from an image, a more traditional way, it works. This could be a bug with Cinder or the Nova snapshot process, where it is not providing the necessary drivers and hooks for the volume to be attached.
Try to create a typical instance and add your encrypted volume to that. If you are able to, then it is indeed a bug.
Regards,
0 -
I have found the same result, it fails when joining a snapshot instance. If you were to create an instance from an image, a more traditional way, it works. This could be a bug with Cinder or the Nova snapshot process, where it is not providing the necessary drivers and hooks for the volume to be attached.
Try to create a typical instance and add your encrypted volume to that. If you are able to, then it is indeed a bug.
Regards,
0 -
Hi serewicz, thanks for the reply.
I've done as you suggested. I've created an instance fro scratch. Then I've created the crypto volume, but I'm still not being able to attach it to instance.
Regards,
0 -
I have run through the process again. If I create an m1.tiny volume all by itself with no snapshot or other outside usage and was able to add a newly created encyrpted volume. Do you see the same errors and issues when you use a seperate instance and a new encrypted volume?
Regards,
0 -
I did the same twice. I've launched a new instance from the command line using the cirros image and then I've created a volume type LUKS with encryption following exactly the same steps on course material. Are you using different steps? Could you please post here everything you've done using 100% the CLI? So I could try and reproduce?
PS.: When I use the command openstack server add volume <server> <volume> --device /dev/vdb it comes back to the command prompt (in theory because it worked), but when I run openstack volume list twice the encrypted volume appears initially as "attaching" and one second later "available".
0 -
Hello,
I used the steps from the book. Create a new m1.tiny instance. Create a new, unused, LUKS encrypted volume. Then attach it. Did you use the encrpted volume that had failed previously? I have found that once a queue forms to an object in OpenStack following uses fail. Manually deleting everything from the queue and restarting the service should allow following API requests to be honored, but I have found its easier to delete the old volume type and create a new one is faster and there is no need to clear and restart.
Regards,
0 -
Hello,
I used the steps from the book too... I've created a new m1.tiny instance and a new, unused, LUKS encrypted volume. Then when I attach it for a while it appears as "attaching" then after a few seconds appears as "avaliable".
Everytime I do this lab I press the "Start Over" button and only do the encrypted volume lab. (ignoring the other labs).
It is very strange that you follow the same steps from the book and it works and I've tried many times and it does not work.... Last time I've used the pdf and did copy and paste for the whole encryption lab.... so either you are using a different book then I am or is accessing a different lab (one with this fixed).
Could you please copy and paste the steps you've used and the output of each command as I did in the begining of this comment? Do you want to do a webex or use any other remote solution and try to do on the labs provisioned to me?
Thanks
0 -
Hello,
I also am having issues with consistent joining of the volume. There seems to be an issue with the use of a virtual host and joining the encyprted volume. I think I was actually breaking an agent for it to show as attached. But when I try to write data it fails. So my work around was not actually working, it was breaking it instead.
I will continue to troubleshoot the issue. It did work, as the output of the book is pasted from the system. As with many things with OpenStack there is constant change. What worked yesterday can be broken today.
Regards,
0 -
Hi, Yeah I agree with your that many things with OpenStack is in a constant change. What worked yesterday can be broken today.
But when a Customer buys either an Enterprise OpenStack Distro or an Official Training of OpenStack what we expect is stability, consistency, we do not expect something that works today and might broke tomorrow. I mean Linux Foundation need to have a stable repository from where the Openstack is installed for the demo environment. It is not justifiable that a lab depends on this inconsistency.
That is why people become RHCE for example, studying and doing the exam using Red Hat Enteprise Linux in a controlled environment. They do not read something in the book that worked in a certain version of Fedora but not work in a lab with a newer version of Fedora....
Thanks
0 -
Yes, I agree totally. There are curretnly plans to move from our current setup to a controlled environment instead. I don't know when it will happen, but I hope soon. I will update here when it happens.
Regards,
0
Categories
- All Categories
- 51 LFX Mentorship
- 104 LFX Mentorship: Linux Kernel
- 576 Linux Foundation IT Professional Programs
- 304 Cloud Engineer IT Professional Program
- 125 Advanced Cloud Engineer IT Professional Program
- 53 DevOps Engineer IT Professional Program
- 61 Cloud Native Developer IT Professional Program
- 5 Express Training Courses
- 5 Express Courses - Discussion Forum
- 2.1K Training Courses
- 19 LFC110 Class Forum
- 7 LFC131 Class Forum
- 27 LFD102 Class Forum
- 158 LFD103 Class Forum
- 20 LFD121 Class Forum
- 1 LFD137 Class Forum
- 61 LFD201 Class Forum
- 1 LFD210 Class Forum
- LFD210-CN Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- LFD237 Class Forum
- 23 LFD254 Class Forum
- 611 LFD259 Class Forum
- 105 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 1 LFD273 Class Forum
- 2 LFS145 Class Forum
- 25 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 11 LFS203 Class Forum
- 75 LFS207 Class Forum
- 300 LFS211 Class Forum
- 54 LFS216 Class Forum
- 47 LFS241 Class Forum
- 41 LFS242 Class Forum
- 37 LFS243 Class Forum
- 11 LFS244 Class Forum
- 37 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 141 LFS253 Class Forum
- LFS254 Class Forum
- 1.1K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 93 LFS260 Class Forum
- 132 LFS261 Class Forum
- 33 LFS262 Class Forum
- 80 LFS263 Class Forum
- 15 LFS264 Class Forum
- 11 LFS266 Class Forum
- 18 LFS267 Class Forum
- 18 LFS268 Class Forum
- 23 LFS269 Class Forum
- 203 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- LFS281 Class Forum
- 236 LFW211 Class Forum
- 172 LFW212 Class Forum
- 7 SKF100 Class Forum
- SKF200 Class Forum
- 903 Hardware
- 219 Drivers
- 74 I/O Devices
- 44 Monitors
- 116 Multimedia
- 209 Networking
- 101 Printers & Scanners
- 85 Storage
- 763 Linux Distributions
- 88 Debian
- 66 Fedora
- 15 Linux Mint
- 13 Mageia
- 24 openSUSE
- 142 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 357 Ubuntu
- 479 Linux System Administration
- 41 Cloud Computing
- 70 Command Line/Scripting
- Github systems admin projects
- 95 Linux Security
- 78 Network Management
- 108 System Management
- 49 Web Management
- 68 Mobile Computing
- 23 Android
- 30 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 538 Off Topic
- 131 Introductions
- 217 Small Talk
- 22 Study Material
- 826 Programming and Development
- 278 Kernel Development
- 514 Software Development
- 928 Software
- 260 Applications
- 184 Command Line
- 3 Compiling/Installing
- 76 Games
- 316 Installation
- 61 All In Program
- 61 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)