[Yahoo-eng-team] [Bug 1463525] Re: There is no volume encryption support for rbd-backed volumes

Fri, 30 Sep 2016 12:11:55 -0700 

This appears to have been fixed on the Cinder side with Matt's Cinder
patch referenced above. If there is more work to do on the Cinder side
please reopen.

** Changed in: cinder
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1463525

Title:
  There is no volume encryption support for rbd-backed volumes

Status in Cinder:
  Fix Released
Status in OpenStack Compute (nova):
  Confirmed

Bug description:
  This came up as a discussion point in the nova IRC channel today
  because someone was talking about adding encryption support to Ceph in
  Nova and I pointed out that there is already a ceph job that runs the
  tempest luks/cryptsetup encrypted volume tests successfully, so why
  aren't those failing if it's not supported today?

  We got looking at the code and logs and found that when nova tries to
  get volume encryption metadata from cinder for rbd-backed instances,
  nothing comes back so nova isn't doing anything with volume encryption
  using it's providers (luks / cryptsetup).

  Change https://review.openstack.org/#/c/189799/ in nova adds logging
  to see this:

  Confirmed that for LVM backed Cinder we get something back:

  http://logs.openstack.org/99/189799/2/check/check-tempest-dsvm-
  full/c3ee602/logs/screen-n-cpu.txt.gz#_2015-06-09_18_18_18_078

  For Ceph we don't:

  http://logs.openstack.org/99/189799/2/check/check-tempest-dsvm-full-
  ceph/353db23/logs/screen-n-cpu.txt.gz#_2015-06-09_18_21_16_723

  This might be working as designed, I'm not sure, but I'm opening the
  bug to track the effort since if you think you have encrypted volumes
  when using ceph and nova you're probably not, so there is a false
  sense of security here which is a bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1463525/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to