Using LVM on a cinder volume exposes the data to the compute host

Solution Verified - Updated -

Issue

Using LVM on compute nodes. This can cause problems such as:

  • Conflicting VG names on the compute.
  • The LVM on the compute to adjust metadata that the instance is not aware of, leading to things like missing volumes.
  • Detaching could fail and maps could still be marked as still "in use" due to LVM attaching itself to the multipath device.

For example, one may run into the following issue: Unable to delete a cinder snapshot or detach a cinder volume - LVM snapshot - device in use error with Red Hat OpenStack Platform

Cinder /var/log/cinder/volume.log reports the following:

Nov 22 16:22:52 overcloud-volume01 cinder-volume[28404]: Stdout: u"Unexpected error while running command.\nCommand: sudo cinder-rootwrap /etc/cinder/rootwrap.conf lvremove --config activation { retry_deactivation = 1} devices { ignore_suspended_devices = 1} -f cinder-volumes/_snapshot-<UUID>\nExit code: 5\nStdout: u''\nStderr: u'File descriptor 7 (/dev/urandom) leaked on lvremove invocation. Parent PID 39750: /usr/bin/python2\\n  Logical volume cinder-volumes/_snapshot-<UUID> is used by another device.\\n'"

Environment

Red Hat Openstack Plaform

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.