Bug 1305022

Summary: [RFE][cinder] Support volume encryption on NFS backends
Product: Red Hat OpenStack Reporter: Pablo Iranzo Gómez <pablo.iranzo>
Component: openstack-cinderAssignee: Sofia Enriquez <senrique>
Status: ON_DEV --- QA Contact: Avi Avraham <aavraham>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.0 (Wallaby)CC: acanan, eharney, fduthill, gcharot, mbooth, pgrist, scohen, senrique, sgordon, srevivo, tbarron, tshefi
Target Milestone: Upstream M1Keywords: FutureFeature
Target Release: ---Flags: scohen: needinfo+
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/cinder/+spec/nfs-volume-encryption
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1305024 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1406796, 1518998, 1631239    
Bug Blocks: 1273812, 1305024, 1305044, 1433715    

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC
Description of problem:

We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted

Expected results:
The data should be encrypted whatever the backend is

Additional info:

Comment 3 Eric Harney 2016-02-05 14:47:30 UTC
This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.

Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).