Bug 1302261

Summary: [RFE][cinder] Encrypted volume improvement
Product: Red Hat OpenStack Reporter: Pablo Iranzo Gómez <pablo.iranzo>
Component: openstack-cinderAssignee: Eric Harney <eharney>
Status: CLOSED CURRENTRELEASE QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: high    
Version: 6.0 (Juno)CC: ealcaniz, egafford, eharney, flucifre, jdonohue, jschluet, kbasil, lhinds, nlevine, pgrist, scohen, srevivo
Target Milestone: Upstream M1Keywords: FutureFeature
Target Release: 11.0 (Ocata)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume
Whiteboard: upstream_milestone_none upstream_definition_approved upstream_status_needs-code-review
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-03 16:37:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1285089, 1336839, 1361252    

Description Pablo Iranzo Gómez 2016-01-27 10:33:31 UTC
Description of problem:

Hi,
Cinder and Nova support encryption of volumes as we're documenting it, but when an image or volume unencrypted is copied to an encrypted one to use boot encryption, the resulting instance is started, but remains at boot screen as it complains about non bootable disk.

Apparently this happens because the copy is made without doing any conversion.

Upstream this is being explained at https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume

Thanks,
Pablo

Comment 3 Sergey Gotliv 2016-01-29 14:53:37 UTC
Note: the Launchpad in the $subject is currently in "Not Started" status, 
which means we can't backport it by definition.

Comment 7 Neil Levine 2016-03-22 16:21:33 UTC
*** Bug 1262122 has been marked as a duplicate of this bug. ***

Comment 9 Paul Grist 2016-08-26 20:31:45 UTC
Moving this to OSP-11.

There is basic LUKS Nova based encryption still in place.  This is one of several bugs to sort out in the Cinder-Encryption Epic which will get a better tracker bug. After reviewing open issues around this topic, we have a list of items that needed to be sorted.

The specific blueprint for this RFE was to fix several issues with existing support and that blueprint has been a collector for issues. At least 2 of those patch sets are still in review upstream (retyping encrypted volume fix and nfs fixes).  

The 2 open RH cases are requesting backports of that fix for OSP6 and OSP7. We will need to follow up on these the full collection of fixes is in place. At this point we need to confirm those requests are still valid.

Right now I would call this Cinder LUKS encryption bug fixes and not an RFE, more follow up needed. I think once the patches in the given blueprint land we should use those to bring this bug to closure. We need to re-check the customer cases and ensure anything else is captured in the OSP-11 Epic.

Comment 11 Edu Alcaniz 2016-09-16 06:47:53 UTC
Hi, could you update the status of the BZ please

Comment 17 Paul Grist 2017-01-03 16:37:38 UTC
Please follow RBD volume encryption on bug 1230405.

I'm going to close this one out based on the original upstream issue being tracked landed in newton.