Bug 1305022

Summary:	[RFE][cinder] Support volume encryption on NFS backends
Product:	Red Hat OpenStack	Reporter:	Pablo Iranzo Gómez <pablo.iranzo>
Component:	openstack-cinder	Assignee:	Cinder Bugs List <cinder-bugs>
Status:	ON_DEV ---	QA Contact:	Yosi Ben Shimon <ybenshim>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	17.0 (Wallaby)	CC:	eharney, fduthill, fgarciad, gcharot, gfidente, pgrist, pweeks, scohen, sgordon, spower, srevivo, yrabl
Target Milestone:	Alpha	Keywords:	FutureFeature, Triaged
Target Release:	---	Flags:	scohen: needinfo+
Hardware:	Unspecified
OS:	Unspecified
URL:	https://blueprints.launchpad.net/cinder/+spec/nfs-volume-encryption
Whiteboard:
Fixed In Version:		Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:
Clones:	1305024 (view as bug list)		Environment:
Last Closed:		Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1406796, 1518998, 1631239
Bug Blocks:	1273812, 1305024, 1305044, 1433715

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC

Description of problem:

Hi
We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted


Expected results:
The data should be encrypted whatever the backend is

Additional info:

Comment 3 Eric Harney 2016-02-05 14:47:30 UTC

This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.

Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC

Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).

Comment 16 Gregory Charot 2022-04-21 16:40:28 UTC

Removing 18 flag - We're still facing some technical issue with NFS encryption, we need to scope the effort to fix them and plan. Considering it as a 18.1 feature.