Reviewed: https://review.opendev.org/708029 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=7c7a25aa1eda9b1815f12cce25dda0a840d562f1 Submitter: Zuul Branch: master
commit 7c7a25aa1eda9b1815f12cce25dda0a840d562f1 Author: Lee Yarwood <[email protected]> Date: Sat Feb 15 12:24:11 2020 +0000 workarounds: Add option to locally attach RBD volumes on compute hosts Building on the ``[workarounds]/disable_native_luksv1`` configurable introduced in Ia500eb614cf575ab846f64f4b69c9068274c8c1f this change introduces another workaround configurable that when enabled will connect RBD volumes to the compute host as block devices using os-brick. When used togther both options allow operators to workaround recently discovered performance issues in the libgcrypt library used by QEMU when natively decrypting LUKSv1 encrypted disks. For now the extend_volume method raises a NotImplemented error in-line with the underlying method in os-brick. Future work will be required to both support this in os-brick and wire up the required calls in the volume driver. This workaround is temporary and will be removed during the W release once all impacted distributions have been able to update their versions of the libgcrypt library. Finally os-brick 3.0.1 is now required as it provides the Id507109df80391699074773f4787f74507c4b882 fix when attempting to diconnect locally attached RBD volumes. Closes-Bug: #1869184 Change-Id: Ied3732042738a6194b635c55e0304d71a6fb66e3 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1869184 Title: Poor LUKSv1 performance when using native QEMU decryption and RBD volumes Status in OpenStack Compute (nova): Fix Released Bug description: Description =========== This bug specifically covers the RBD use case when dealing with bug #1869182. In addition to allowing operators to switch to the os-brick encryptors when decrypting LUKSv1 volumes RBD users will also need to use the RBD connector also provided by os-brick. This will connect the RBD volume to the host and provide it as a host block device, allowing the os-brick encryptors to be layered on top of it as with other volume types. Steps to reproduce ================== * Attach a LUKSv1 RBD encrypted volume to an instance * Test I/O performance within the instance to the volume. Expected result =============== Performance is close to baremetal performance using dm-crypt. Actual result ============= Performance is severely degraded if the libgcrypt issue [1] is not resolved on the host. Environment =========== 1. Exact version of OpenStack you are running. See the following list for all releases: http://docs.openstack.org/releases/ Master. 2. Which hypervisor did you use? (For example: Libvirt + KVM, Libvirt + XEN, Hyper-V, PowerKVM, ...) What's the version of that? libvirt + QEMU/KVM 2. Which storage type did you use? (For example: Ceph, LVM, GPFS, ...) What's the version of that? RBD - LUKSv1 encryption used. 3. Which networking type did you use? (For example: nova-network, Neutron with OpenVSwitch, ...) N/A Logs & Configs ============== N/A To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1869184/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
