Bug 1305024

Summary: RFE: Support native QEMU volume encryption
Product: Red Hat OpenStack Reporter: Pablo Iranzo Gómez <pablo.iranzo>
Component: openstack-novaAssignee: Lee Yarwood <lyarwood>
Status: CLOSED ERRATA QA Contact: Archit Modi <amodi>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: amedeo.salvati, amodi, atelang, berrange, brault, dasmith, dcain, eglynn, eharney, gcharot, jhakimra, jschluet, kchamart, lyarwood, mschuppe, nlevinki, panbalag, pgrist, sbauza, sclewis, scohen, sferdjao, sgordon, sputhenp, srevivo, tbarron, vromanso
Target Milestone: Upstream M3Keywords: FutureFeature, Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-nova-17.0.0-0.20180223162252.a4a53bf.el7ost Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1305022
: 1305044 (view as bug list) Environment:
Last Closed: 2018-06-27 13:26:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1305022, 1333141, 1406796, 1406803, 1518998, 1631239    
Bug Blocks: 1821539, 1230405, 1273812, 1301026, 1305044, 1442136    

Comment 2 Daniel Berrangé 2016-02-05 11:49:28 UTC 
The volume encryption in Nova was only ever designed to work with block device based volumes. Support for network attached volumes (RBD) or file based volumes (NFS) is a future RFE upstream, pending on QEMU support for LUKS. So the report is testing a feature which is known to not exist at this time. As such I'm marking this an RFE, since its not a bug.
Comment 6 Stephen Gordon 2016-09-29 15:44:46 UTC 
Dan what's the state of the QEMU dependenc
Comment 7 Daniel Berrangé 2016-09-29 15:50:58 UTC 
QEMU has general support for LUKS encryption of raw files and block devices in QEMU 2.6.0 onwards, but to make effective use of it in OpenStack, particularly for NFS, we need qcow2 integration. That work is still pending.
Comment 8 Sean Cohen 2016-12-21 15:29:42 UTC 
(In reply to Daniel Berrange from comment #7)
> QEMU has general support for LUKS encryption of raw files and block devices
> in QEMU 2.6.0 onwards, but to make effective use of it in OpenStack,
> particularly for NFS, we need qcow2 integration. That work is still pending.


Native integration of LUKS and qcow2 is targeted at 7.4, adding bug 1406803 dependancy. 
Seam
Comment 20 errata-xmlrpc 2018-06-27 13:26:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086