On 20-06-18 11:23:24, Thomas Goirand wrote: > Hi, > > Trying to get puppet-openstack to validate with Debian, I got surprised > that mounting encrypted volume didn't work for me, here's the stack dump > with libvirt 3.0.0 from Debian Stretch: > > File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py", > line 1463, in attach_volume > guest.attach_device(conf, persistent=True, live=live) > File "/usr/lib/python3/dist-packages/nova/virt/libvirt/guest.py", > line 303, in attach_device > self._domain.attachDeviceFlags(device_xml, flags=flags) > File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 186, in > doit > result = proxy_call(self._autowrap, f, *args, **kwargs) > File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 144, in > proxy_call > rv = execute(f, *args, **kwargs) > File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 125, in > execute > six.reraise(c, e, tb) > File "/usr/lib/python3/dist-packages/eventlet/support/six.py", line > 625, in reraise > raise value > File "/usr/lib/python3/dist-packages/eventlet/tpool.py", line 83, in > tworker > rv = meth(*args, **kwargs) > File "/usr/lib/python3/dist-packages/libvirt.py", line 585, in > attachDeviceFlags > if ret == -1: raise libvirtError ('virDomainAttachDeviceFlags() > failed', dom=self) > libvirt.libvirtError: internal error: unable to execute QEMU command > 'object-add': Incorrect number of padding bytes (57) found on decrypted data
That's actually a bug and not a lack of support in the version of libvirt you're using: Unable to use LUKS passphrase that is exactly 16 bytes long https://bugzilla.redhat.com/show_bug.cgi?id=1447297 [libvirt] [PATCH] Fix padding of encrypted data https://www.redhat.com/archives/libvir-list/2017-May/msg00030.html > After switching to libvirt 4.3.0 (my own backport from Debian Testing), > it does work. So, while the minimum version of libvirt seems to be > enough for normal operation, it isn't for encrypted volumes. > > Therefore, I wonder if Nova shouldn't declare a minimum version of > libvirt higher than it claims at the moment. I'm stating that, > especially because we had this topic a few weeks ago. We can bump the minimum here but then we have to play a game of working out the oldest version the above fix was backported to across the various distros. I'd rather see this address by the Libvirt maintainers in Debian if I'm honest. Cheers, -- Lee Yarwood A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev