yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1869184] [NEW] Poor LUKSv1 performance when using native QEMU decryption and RBD volumes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lee Yarwood <lyarwood@xxxxxxxxxx>
Date: Thu, 26 Mar 2020 11:16:26 -0000
Reply-to: Bug 1869184 <1869184@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Description
===========

This bug specifically covers the RBD use case when dealing with bug
#1869182.

In addition to allowing operators to switch to the os-brick encryptors
when decrypting LUKSv1 volumes RBD users will also need to use the RBD
connector also provided by os-brick.

This will connect the RBD volume to the host and provide it as a host
block device, allowing the os-brick encryptors to be layered on top of
it as with other volume types.

Steps to reproduce
==================

* Attach a LUKSv1 RBD encrypted volume to an instance
* Test I/O performance within the instance to the volume.

Expected result
===============

Performance is close to baremetal performance using dm-crypt.

Actual result
=============

Performance is severely degraded if the libgcrypt issue [1] is not
resolved on the host.

Environment
===========
1. Exact version of OpenStack you are running. See the following
  list for all releases: http://docs.openstack.org/releases/

   Master.

2. Which hypervisor did you use?
   (For example: Libvirt + KVM, Libvirt + XEN, Hyper-V, PowerKVM, ...)
   What's the version of that?

   libvirt + QEMU/KVM

2. Which storage type did you use?
   (For example: Ceph, LVM, GPFS, ...)
   What's the version of that?

   RBD - LUKSv1 encryption used.

3. Which networking type did you use?
   (For example: nova-network, Neutron with OpenVSwitch, ...)

   N/A

Logs & Configs
==============

N/A

** Affects: nova
     Importance: High
         Status: New

** Changed in: nova
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1869184

Title:
  Poor LUKSv1 performance when using native QEMU decryption and RBD
  volumes

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========

  This bug specifically covers the RBD use case when dealing with bug
  #1869182.

  In addition to allowing operators to switch to the os-brick encryptors
  when decrypting LUKSv1 volumes RBD users will also need to use the RBD
  connector also provided by os-brick.

  This will connect the RBD volume to the host and provide it as a host
  block device, allowing the os-brick encryptors to be layered on top of
  it as with other volume types.

  Steps to reproduce
  ==================

  * Attach a LUKSv1 RBD encrypted volume to an instance
  * Test I/O performance within the instance to the volume.

  Expected result
  ===============

  Performance is close to baremetal performance using dm-crypt.

  Actual result
  =============

  Performance is severely degraded if the libgcrypt issue [1] is not
  resolved on the host.

  Environment
  ===========
  1. Exact version of OpenStack you are running. See the following
    list for all releases: http://docs.openstack.org/releases/

     Master.

  2. Which hypervisor did you use?
     (For example: Libvirt + KVM, Libvirt + XEN, Hyper-V, PowerKVM, ...)
     What's the version of that?

     libvirt + QEMU/KVM

  2. Which storage type did you use?
     (For example: Ceph, LVM, GPFS, ...)
     What's the version of that?

     RBD - LUKSv1 encryption used.

  3. Which networking type did you use?
     (For example: nova-network, Neutron with OpenVSwitch, ...)

     N/A

  Logs & Configs
  ==============

  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1869184/+subscriptions

Follow ups

[Bug 1869184] Re: Poor LUKSv1 performance when using native QEMU decryption and RBD volumes
From: OpenStack Infra, 2020-04-14