From aff9ca2b37c91f8fe08c21ca49e8fa4e01159e6e Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Thu, 25 Jan 2018 13:11:37 -0500 Subject: [PATCH] api-ref: update migration_policy retype note about encrypted volumes Nova has historically not supported swap volume operations (via cinder volume retype / volume migration) for an in-use encrypted volume. That was recently addressed via nova bug 1739593. However, as of change Ibfa64f18bbd2fb70db7791330ed1a64fe61c1355 in nova, depending on the version of libvirt/qemu on the compute host, a luks-encrypted volume will use native qemu luks decryption. That does not yet support blockRebase operations which are used during swap volume due to https://bugzilla.redhat.com/show_bug.cgi?id=760547. So it's safe to say that for now, a retype which involves a volume migration is not supported for an in-use encrypted volume. Change-Id: I7ce992f51d50d00950d3fc4ebb44b69a31a94787 Related-Bug: #1739593 --- api-ref/source/v2/parameters.yaml | 6 +++++- api-ref/source/v3/parameters.yaml | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/api-ref/source/v2/parameters.yaml b/api-ref/source/v2/parameters.yaml index 99f9c1f7321..52675cfe5a8 100644 --- a/api-ref/source/v2/parameters.yaml +++ b/api-ref/source/v2/parameters.yaml @@ -1008,6 +1008,9 @@ metadata_items: in: body required: true type: integer +# NOTE(mriedem): We can update the migration_policy retype note about encrypted +# in-use volumes not being supported once +# https://bugzilla.redhat.com/show_bug.cgi?id=760547 is fixed. migration_policy: description: | Specify if the volume should be migrated when it is re-typed. @@ -1016,7 +1019,8 @@ migration_policy: .. note:: If the volume is attached to a server instance and will be migrated, then by default policy only users with the administrative role - should attempt the retype operation. + should attempt the retype operation. A retype which involves a migration + to a new host for an *in-use* encrypted volume is not supported. in: body required: false type: string diff --git a/api-ref/source/v3/parameters.yaml b/api-ref/source/v3/parameters.yaml index e143d2b94be..85186f17aaf 100644 --- a/api-ref/source/v3/parameters.yaml +++ b/api-ref/source/v3/parameters.yaml @@ -1704,6 +1704,9 @@ metadata_9: required: false type: object min_version: 3.43 +# NOTE(mriedem): We can update the migration_policy retype note about encrypted +# in-use volumes not being supported once +# https://bugzilla.redhat.com/show_bug.cgi?id=760547 is fixed. migration_policy: description: | Specify if the volume should be migrated when it is re-typed. @@ -1712,7 +1715,8 @@ migration_policy: .. note:: If the volume is attached to a server instance and will be migrated, then by default policy only users with the administrative role - should attempt the retype operation. + should attempt the retype operation. A retype which involves a migration + to a new host for an *in-use* encrypted volume is not supported. in: body required: false type: string