(1) is what we were working towards. To my mind, it is the right option. (2) Means that you have an encryption key shared between volumes, same as backups currently. It also means you can't share images, which is very limiting.
(3) Makes BFV basically useless with encrypted volumes. Given there are plenty of people who'd like to use BFV and need encrypted volumes, we'd basically be pushing those people off to a backend that manages encryption itself, which none of the free/libre backends do currently AFAIK. On 23 November 2015 at 05:45, Li, Xiaoyan <xiaoyan...@intel.com> wrote: > Hi all, > More help about volume encryption is needed. > > About uploading encrypted volumes to image, there are three options: > 1. Glance only keeps non-encrypted images. So when uploading encrypted > volumes to image, cinder de-crypts the data and upload. > 2. Glance maintain encrypted images. Cinder just upload the encrypted data > to image. > 3. Just prevent the function to upload encrypted volumes to images. > > Option 1 No changes needed in Glance. But it may be not safe. As we > decrypt the data, and upload it to images. > Option 2 This imports encryption to Glance which needs to manage the > encryption metadata. > > Please add more if you have other suggestions. How do you think which one > is preferred. > Appreciate for your help. > > Best wishes > Lisa > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- -- Duncan Thomas
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
