Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix attaching encrypted volume on controller nodes #407

Merged
merged 1 commit into from
Jun 28, 2024
Merged

Fix attaching encrypted volume on controller nodes #407

merged 1 commit into from
Jun 28, 2024

Conversation

Akrog
Copy link
Contributor

@Akrog Akrog commented Jun 28, 2024

Just like with iscsiadm and other command tools there is a need to run the command on the host's namespace.

If we don't run it like that the command will get stuck in:

  cryptsetup luksOpen --key-file=- /dev/dm-8 crypt-os-brick+dev+dm-8

And if we manually run the command with debug option (--debug --verbose) we'll see that it gets stuck in:

  # Udev cookie 0xd4d73ad (semid 3) waiting for zero

And is unable to continue with the rest:

  # Udev cookie 0xd4d3938 (semid 3) destroyed
  # Releasing crypt device /dev/mapper/3600140584b9fc02da024f9c8130ce253 context.
  # Releasing device-mapper backend.
  # Closing read only fd for /dev/mapper/3600140584b9fc02da024f9c8130ce253.
  Command successful.

This patch ensure we use nsenter to run cryptsetup.

@Akrog
Fix attaching encrypted volume on controller nodes
99be1db 
Just like with iscsiadm and other command tools there is a need to run
the command on the host's namespace.

If we don't run it like that the command will get stuck in:

  cryptsetup luksOpen --key-file=- /dev/dm-8 crypt-os-brick+dev+dm-8

And if we manually run the command with debug option (`--debug
--verbose`) we'll see that it gets stuck in:

  # Udev cookie 0xd4d73ad (semid 3) waiting for zero

And is unable to continue with the rest:

  # Udev cookie 0xd4d3938 (semid 3) destroyed
  # Releasing crypt device /dev/mapper/3600140584b9fc02da024f9c8130ce253 context.
  # Releasing device-mapper backend.
  # Closing read only fd for /dev/mapper/3600140584b9fc02da024f9c8130ce253.
  Command successful.

This patch ensure we use `nsenter` to run `cryptsetup`.
@openshift-ci openshift-ci bot requested review from abays and stuggi June 28, 2024 12:47
ASBishop
ASBishop approved these changes Jun 28, 2024
View reviewed changes
Copy link
Contributor

@ASBishop ASBishop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jun 28, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jun 28, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Akrog, ASBishop

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit a84af4c into openstack-k8s-operators:main Jun 28, 2024
7 checks passed
@Akrog Akrog deleted the crypsetup-nsenter branch June 28, 2024 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ASBishop ASBishop ASBishop approved these changes

@abays abays Awaiting requested review from abays

@stuggi stuggi Awaiting requested review from stuggi

Assignees

@ASBishop ASBishop

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Akrog @ASBishop