Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-36263

[TRACKER][2253983] Not possible to configure encrypted RBD volumes overhead

XMLWordPrintable

    • Medium

      Description of problem:

      For encrypted RBD, the effective image size of the encrypted image may be lower than the raw image size since it stores encrypted metadata at the beginning of the raw image data [1]. The CDI doesn't seem to be considering this overhead and there is no option to configure this overhead. The VM will see less size than the disk size on these volumes.

      ~~~

      1. oc get pvc|grep rhel8-noble-alpaca
        rhel8-noble-alpaca Bound pvc-4ff3f2a4-a9e7-4b3d-b572-eef931434dad 30Gi RWX encrypted-rbd 24m
      1. oc exec virt-launcher-rhel8-noble-alpaca-2rp8g – qemu-img info /dev/rootdisk
        image: /dev/rootdisk
        file format: raw
        virtual size: 30 GiB (32195477504 bytes)
        disk size: 0 B
        Child node '/file':
        filename: /dev/rootdisk
        protocol type: host_device
        file length: 30 GiB (32195477504 bytes) <== 29.98 GB
        disk size: 0 B
        ~~~

      Some of the image operations may fail because of this overhead.

      1. Importing a 10 GB image on a 10 GB PV:

      ~~~

      1. qemu-img info rhel-8.9-x86_64-kvm.qcow2
        image: rhel-8.9-x86_64-kvm.qcow2
        file format: qcow2
        virtual size: 10 GiB (10737418240 bytes)
        disk size: 927 MiB
        cluster_size: 65536
        Format specific information:
        compat: 0.10
        compression type: zlib
        refcount bits: 16
      1. oc get pvc |grep prime-09aebf27-1a3e-4744-ae19-2d471a2eae74
        prime-09aebf27-1a3e-4744-ae19-2d471a2eae74 Bound pvc-28177b79-ef94-4bf1-87fc-b39e9d49c349 10Gi RWX encrypted-rbd 22m
        prime-09aebf27-1a3e-4744-ae19-2d471a2eae74-scratch Bound pvc-85200277-0881-4093-b91e-4204f5d90ac0 10Gi RWO encrypted-rbd 21m

      Error during import:

      E1211 10:35:42.766137 1 data-processor.go:251] Virtual image size 10737418240 is larger than the reported available storage 10720641024. A larger PVC is required.
      Unable to convert source data to target format
      ~~~

      2. Warm MTV migration which uses CDI:

      ~~~

      1. oc get pvc|grep mywarmplan
        warmmigplan-fec2e1ae-97a5-4666-bd9c-600d7fcaca76-tklqh Bound pvc-6aaab859-03f6-46b4-9b27-bf35322a109d 100Gi RWX encrypted-rbd 100s

      It fails while allocating the last sectors:

      I1211 11:15:32.319333 1 imageio-datasource.go:303] Initial zero method failed, trying AppendZeroWithWrite instead. Error was: unable to write 95431688192 zeroes at offset 107336630272: write /dev/cdi-block-volume: no space left on device: write /dev/cdi-block-volume: no space left on device
      ~~~

      Version-Release number of selected component (if applicable):

      OpenShift Virtualization 4.14.1

      How reproducible:

      100 %

      Steps to Reproduce:

      1. Configure an encrypted Ceph RBD storage class.
      2. Create a VM from a qcow2 image. Check the disk size of the VM and compare it with PVC size. The VM will see disk size less than that of PVC size.

      Actual results:

      Not possible to configure encrypted RBD volumes overhead

      Expected results:

      Provide an option to configure overhead on block volumes for use cases like encrypted RBD.

      Additional info:

      [1] https://docs.ceph.com/en/quincy/rbd/rbd-encryption/

            alitke@redhat.com Adam Litke
            rhn-support-nashok Nijin Ashok
            Dalia Frank Dalia Frank
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: