)]}'
{"releasenotes/notes/rbd-encryption-known-issues-4078b6b066e51553.yaml":[{"author":{"_account_id":4523,"name":"Eric Harney","email":"eharney@redhat.com","username":"eharney"},"change_message_id":"853602b493674163f332266e41f8196089861f12","unresolved":true,"context_lines":[{"line_number":6,"context_line":"    backend:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    * When creating an encrypted volume from an image in Glance that was"},{"line_number":9,"context_line":"      created from a non-encrypted volume uploaded as an image, the resulting"},{"line_number":10,"context_line":"      volume may not be bootable when the space consumed by the encryption"},{"line_number":11,"context_line":"      header does not leave sufficient space for the data contained in the"},{"line_number":12,"context_line":"      image.  In this case, the data is silently truncated to fit within"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"0c022cbc_242ed5b6","line":9,"updated":"2021-04-07 21:05:33.000000000","message":"I wonder if this should say \"created from a non-encrypted volume uploaded as an image, or an image that has a size exactly on a gigabyte boundary\" or so.\n\n(Which is the reason for the first scenario, cinder volumes being multiples of GBs.)","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6878a888cc7ea24403dfe0d71287116eaad12671","unresolved":true,"context_lines":[{"line_number":6,"context_line":"    backend:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    * When creating an encrypted volume from an image in Glance that was"},{"line_number":9,"context_line":"      created from a non-encrypted volume uploaded as an image, the resulting"},{"line_number":10,"context_line":"      volume may not be bootable when the space consumed by the encryption"},{"line_number":11,"context_line":"      header does not leave sufficient space for the data contained in the"},{"line_number":12,"context_line":"      image.  In this case, the data is silently truncated to fit within"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"45c2e336_cf18155b","line":9,"in_reply_to":"0c022cbc_242ed5b6","updated":"2021-04-08 01:24:40.000000000","message":"Good suggestion, I will rephrase.","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":4523,"name":"Eric Harney","email":"eharney@redhat.com","username":"eharney"},"change_message_id":"853602b493674163f332266e41f8196089861f12","unresolved":true,"context_lines":[{"line_number":11,"context_line":"      header does not leave sufficient space for the data contained in the"},{"line_number":12,"context_line":"      image.  In this case, the data is silently truncated to fit within"},{"line_number":13,"context_line":"      the requested volume size.  This can occur when the image size plus"},{"line_number":14,"context_line":"      approximately 3MB exceeds the requested image size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * When creating an encrypted volume from a snapshot of an encrypted"},{"line_number":17,"context_line":"      volume, the new volume may not be attachable."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"a9cd25cb_85bdcdfc","line":14,"range":{"start_line":14,"start_character":20,"end_line":14,"end_character":23},"updated":"2021-04-07 21:05:33.000000000","message":"I would shy away from specifying a size like this...","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6878a888cc7ea24403dfe0d71287116eaad12671","unresolved":true,"context_lines":[{"line_number":11,"context_line":"      header does not leave sufficient space for the data contained in the"},{"line_number":12,"context_line":"      image.  In this case, the data is silently truncated to fit within"},{"line_number":13,"context_line":"      the requested volume size.  This can occur when the image size plus"},{"line_number":14,"context_line":"      approximately 3MB exceeds the requested image size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * When creating an encrypted volume from a snapshot of an encrypted"},{"line_number":17,"context_line":"      volume, the new volume may not be attachable."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"827c04e9_1e6c054c","line":14,"range":{"start_line":14,"start_character":20,"end_line":14,"end_character":23},"in_reply_to":"a9cd25cb_85bdcdfc","updated":"2021-04-08 01:24:40.000000000","message":"Good point, I will rewrite.","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":4523,"name":"Eric Harney","email":"eharney@redhat.com","username":"eharney"},"change_message_id":"853602b493674163f332266e41f8196089861f12","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      approximately 3MB exceeds the requested image size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * When creating an encrypted volume from a snapshot of an encrypted"},{"line_number":17,"context_line":"      volume, the new volume may not be attachable."},{"line_number":18,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"f36e6e27_c2604c12","line":17,"updated":"2021-04-07 21:05:33.000000000","message":"I think the problem is that it\u0027s attachable but is missing the end of the data, because the volume was truncated?","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6878a888cc7ea24403dfe0d71287116eaad12671","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      approximately 3MB exceeds the requested image size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * When creating an encrypted volume from a snapshot of an encrypted"},{"line_number":17,"context_line":"      volume, the new volume may not be attachable."},{"line_number":18,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e014b161_a6866586","line":17,"in_reply_to":"f36e6e27_c2604c12","updated":"2021-04-08 01:24:40.000000000","message":"I was going by the bug report [0], but I agree with your analysis that the header will be written fine, the resize will truncate data at the other end of the ceph image.\n\n[0] https://bugs.launchpad.net/cinder/+bug/1922408","commit_id":"3dc94f7a0885b20516ba39f41129f3c757a88aeb"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"47c1a85e7befda29e4cb5f4ce532a7ed5e12402a","unresolved":true,"context_lines":[{"line_number":2,"context_line":"issues:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    RBD driver: When creating a volume of an encrypted volume-type, users"},{"line_number":5,"context_line":"    may experience some anomalous results for volumes stored in a Ceph"},{"line_number":6,"context_line":"    backend:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    * When creating an encrypted volume from an image in Glance that was"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1440004f_f41b21c9","line":5,"range":{"start_line":5,"start_character":66,"end_line":5,"end_character":70},"updated":"2021-04-08 09:28:30.000000000","message":"As we discussed this might also be the case with nfs since IIRC both drivers use almost the same code for image encryption. Although I\u0027m not entirely sure it\u0027s the same case with nfs also but if it is then we should also mention nfs here.","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3aec0a51def9971e638287835c05ae394b4c9190","unresolved":true,"context_lines":[{"line_number":2,"context_line":"issues:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    RBD driver: When creating a volume of an encrypted volume-type, users"},{"line_number":5,"context_line":"    may experience some anomalous results for volumes stored in a Ceph"},{"line_number":6,"context_line":"    backend:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    * When creating an encrypted volume from an image in Glance that was"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1eee22fa_e947ff4a","line":5,"range":{"start_line":5,"start_character":66,"end_line":5,"end_character":70},"in_reply_to":"1440004f_f41b21c9","updated":"2021-04-08 11:36:40.000000000","message":"I\u0027ll check with Eric and Sofia about the NFS situation.  Maybe this should be a general encrypted volume issues note, and I can refer to that doc change Sofia made in victoria (change I3fd514126dbd).","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":20813,"name":"Sofia Enriquez","email":"lsofia.enriquez@gmail.com","username":"enriquetaso"},"change_message_id":"4b0ba9066491336534ad269b1bec9c9df523e897","unresolved":true,"context_lines":[{"line_number":2,"context_line":"issues:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    RBD driver: When creating a volume of an encrypted volume-type, users"},{"line_number":5,"context_line":"    may experience some anomalous results for volumes stored in a Ceph"},{"line_number":6,"context_line":"    backend:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    * When creating an encrypted volume from an image in Glance that was"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"8e5b99d1_68582037","line":5,"range":{"start_line":5,"start_character":66,"end_line":5,"end_character":70},"in_reply_to":"1eee22fa_e947ff4a","updated":"2021-04-08 13:44:35.000000000","message":"I wasn\u0027t able to work on the NFS yet and considering that encryption isn\u0027t fully supported yet I think we could keep it Ceph only for now.","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"47c1a85e7befda29e4cb5f4ce532a7ed5e12402a","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      data is silently truncated to fit within the requested volume size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * Similarly, when creating an encrypted volume from a snapshot of an"},{"line_number":17,"context_line":"      encrypted volume, if the amount of data in the original volume at the"},{"line_number":18,"context_line":"      time the snapshot was created is very close to the gigabyte boundary"},{"line_number":19,"context_line":"      given by the volume\u0027s size, it is possible for the data in the new"},{"line_number":20,"context_line":"      volume to be silently truncated."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3c68744c_734add78","line":17,"range":{"start_line":17,"start_character":6,"end_line":17,"end_character":15},"updated":"2021-04-08 09:28:30.000000000","message":"unencrypted?","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"4a04d574adc34fd00c76b200b8f1cdfb9cd95a19","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      data is silently truncated to fit within the requested volume size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * Similarly, when creating an encrypted volume from a snapshot of an"},{"line_number":17,"context_line":"      encrypted volume, if the amount of data in the original volume at the"},{"line_number":18,"context_line":"      time the snapshot was created is very close to the gigabyte boundary"},{"line_number":19,"context_line":"      given by the volume\u0027s size, it is possible for the data in the new"},{"line_number":20,"context_line":"      volume to be silently truncated."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"f8a3ecea_adc82e55","line":17,"range":{"start_line":17,"start_character":6,"end_line":17,"end_character":15},"in_reply_to":"3c68744c_734add78","updated":"2021-04-08 09:32:39.000000000","message":"Ignore my comment, this is correct.","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":20813,"name":"Sofia Enriquez","email":"lsofia.enriquez@gmail.com","username":"enriquetaso"},"change_message_id":"4b0ba9066491336534ad269b1bec9c9df523e897","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      data is silently truncated to fit within the requested volume size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * Similarly, when creating an encrypted volume from a snapshot of an"},{"line_number":17,"context_line":"      encrypted volume, if the amount of data in the original volume at the"},{"line_number":18,"context_line":"      time the snapshot was created is very close to the gigabyte boundary"},{"line_number":19,"context_line":"      given by the volume\u0027s size, it is possible for the data in the new"},{"line_number":20,"context_line":"      volume to be silently truncated."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"a9ce7c37_5920ab1c","line":17,"range":{"start_line":17,"start_character":6,"end_line":17,"end_character":15},"in_reply_to":"d3bab56d_eb52d36b","updated":"2021-04-08 13:44:35.000000000","message":"Yes, as Brian said the size returned after rbd self._clone seems to be correct[1], the problem is that cinder forces to truncate the size of the volume after that. This happens because when using encryption cinder is not considering the size of the encryption header.\n\nCurrently, cinder lets you create a volume from a diff volume type than the source volume - even specifying an snapshot-id-. So I think It doesn\u0027t matter if the source volume is encrypted or not. \n\n[1] https://opendev.org/openstack/cinder/src/branch/master/cinder/volume/drivers/rbd.py#L1050","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3aec0a51def9971e638287835c05ae394b4c9190","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      data is silently truncated to fit within the requested volume size."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"    * Similarly, when creating an encrypted volume from a snapshot of an"},{"line_number":17,"context_line":"      encrypted volume, if the amount of data in the original volume at the"},{"line_number":18,"context_line":"      time the snapshot was created is very close to the gigabyte boundary"},{"line_number":19,"context_line":"      given by the volume\u0027s size, it is possible for the data in the new"},{"line_number":20,"context_line":"      volume to be silently truncated."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"d3bab56d_eb52d36b","line":17,"range":{"start_line":17,"start_character":6,"end_line":17,"end_character":15},"in_reply_to":"f8a3ecea_adc82e55","updated":"2021-04-08 11:36:40.000000000","message":"Thanks for checking, I was confused too.  From the bug report, it sounds like for RBD, we have the behavior we want, i.e., the encrypted volume\u0027s actual size is volume.size + header (hence, volume.size worth of user-usable space), and the problem is that the driver resizes a volume created from that snapshot to volume.size and can possibly truncate some data.  But I have not actually verified this behavior.","commit_id":"9c5bc69e72e9b49ecd9a2b78328aeb22fa247448"}],"releasenotes/notes/wallaby-encryption-known-issues-4078b6b066e51553.yaml":[{"author":{"_account_id":7198,"name":"Jay Bryant","email":"jungleboyj@electronicjungle.net","username":"jsbryant"},"change_message_id":"d4642ee7f19773b95096a31dcf91331bfc82b7a6","unresolved":true,"context_lines":[{"line_number":21,"context_line":"    suppose that a user wants to retype a volume of a non-encrypted type to an"},{"line_number":22,"context_line":"    encrypted type of the same size.  If the non-encrypted volume is \"full\", we"},{"line_number":23,"context_line":"    are in the position of trying to fit 101% of its capacity into the"},{"line_number":24,"context_line":"    encrypted volume, which is not be possible under the current laws of"},{"line_number":25,"context_line":"    physics, and the retype should fail (see `Known Issues"},{"line_number":26,"context_line":"    \u003chttps://docs.openstack.org/cinder/wallaby/configuration/block-storage/volume-encryption.html\u003e`_"},{"line_number":27,"context_line":"    for volume encryption in the cinder documentation)."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"fd57bec0_981d8876","line":24,"range":{"start_line":24,"start_character":35,"end_line":24,"end_character":37},"updated":"2021-04-08 14:38:18.000000000","message":"remove \u0027be\u0027","commit_id":"23e6d68cafee0017329a691663dd0acf53a6b7da"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a8bd01bdbaaa9178233b189b7dfbca4233fa6000","unresolved":false,"context_lines":[{"line_number":21,"context_line":"    suppose that a user wants to retype a volume of a non-encrypted type to an"},{"line_number":22,"context_line":"    encrypted type of the same size.  If the non-encrypted volume is \"full\", we"},{"line_number":23,"context_line":"    are in the position of trying to fit 101% of its capacity into the"},{"line_number":24,"context_line":"    encrypted volume, which is not be possible under the current laws of"},{"line_number":25,"context_line":"    physics, and the retype should fail (see `Known Issues"},{"line_number":26,"context_line":"    \u003chttps://docs.openstack.org/cinder/wallaby/configuration/block-storage/volume-encryption.html\u003e`_"},{"line_number":27,"context_line":"    for volume encryption in the cinder documentation)."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"f1260fdd_95b55e68","line":24,"range":{"start_line":24,"start_character":35,"end_line":24,"end_character":37},"in_reply_to":"fd57bec0_981d8876","updated":"2021-04-08 14:41:51.000000000","message":"Ack","commit_id":"23e6d68cafee0017329a691663dd0acf53a6b7da"}]}